Two updates for those following the XKeyScore debate:
Joshua Foust has written an excellent post that clarifies a few things I didn't cover in my earlier post. He notes that XKeyScore allows analysts to recover only material that NSA has collected and stored; that's important because just being able to enter the President's email address is not the same as ordering up a full wiretap. NSA has limitations on what it collects, particularly in the United States, and no one thinks that the front end XKeyScore system overrides those limits. Thus, as Foust suggests, it may well be that XKeyScore can only search metadata, and I think it's highly likely that XKeyScore can only search databases that have already been filtered to exclude the great bulk of US communications. All that makes Snowden's claim about being able to wiretap anyone extremely unlikely -- and certainly not demonstrated by the latest disclosures, despite Glenn Greenwald's claims to the contrary.
Foust also makes a point that always needs to be part of the discussion: NSA is an intelligence agency, and it gathers intelligence by intercepting communications in highly effective and intrusive ways. Throughout the postwar era, NSA has had capabilities that, if turned full-force on the American people, would be dangerous and antidemocratic. But getting rid of those capabilities isn't a real-world option; it would amount to unilateral disarmament in an intelligence arms race and would leave us open to much more sophisticated terror attacks.
The American solution to that problem has not been to limit NSA's capabilities; instead, we've relied on rules-based limits to restrict how NSA uses those capabilities. If law is the principal limit on the agency, Foust points out, then it's misleading for Greenwald to use slides that date to 2007, a lifetime ago where US intercept law is concerned. He reprints an exchange with Greenwald and the Guardian that suggests a remarkable lack of interest on their part in telling this part of the story, in case there are more than two people left in the world who think Greenwald and company are just journalists telling the truth and letting the chips fall where they may.
Coming from an entirely different direction, Marcy Wheeler has a response to my post that offers two thoughts, one willfully obtuse, the other more interesting. She first points out that NSA analysts can overcome the justification requirement by lying. Well, sure, but that just explains why the justifications are audited.
More interestingly, she parses the recently declassified section 215 order to argue persuasively that the justification screen doesn't apply to everyone. She says there must be NSA techies (though not systems administrators like Snowden) who have broader access to the data than the analysts, because someone has to delete useless data that clutters up analysts' searches (much like search engine clutter before Google gave us Page Rank). If for example telemarketer numbers weren't deleted, she points out, we'd all end up two hops from al Qaeda's leadership. (I sort of like the image of al Qaeda's number three shouting "Put me on your do-not-call list!" as he searches the skies for a drone.)
Wheeler thinks this is important because it means that the "justification" menus don't guarantee auditability of every use of intercept data by every employee at NSA. Again, that may be true, but the important point about the "justification" menu isn't that it offers universal protection against abuse; nothing does. The significant point is that NSA built that menu not for public consumption but because the agency's commitment to following the law demanded auditability of searches. This likely isn't the only control in place; employees who have other means of access are undoubtedly subject to other controls.
We can't expect to expose every aspect of NSA's intelligence system in order to verify each and every control mechanism, not if we actually want an intelligence capability. What we do know is that the material Snowden stole shows an agency working hard to enforce privacy rules -- harder than it works to enforce other security rules, unfortunately. And that Snowden's claim that he could wiretap an accountant or the President from his desk looks even more dubious than when it was made.