XKS is used to search the big data collection. The application is distributed to over 150 sites worldwide. Access is provided at high security levels within the countries known as the 5 Eyes (United States, Australia, Great Britain, Canada and New Zealand).
XKS was one of the focuses in whistleblower Edward Snowden’s revelations of NSA activities. The NSA downplays the abilities that systems like XKS have and stresses that justification is required for targeted searches. However, leaked 2008 employee training slides for XKS demonstrate that all that’s required to obtain legal and targeting justification is a couple of broad descriptors, which can be selected from drop-down options. Subsequently, the user can wiretap anyone by searching with their email address, yielding access to live Internet data, such as current browsing and Facebook chat, as well as traffic on many other services -- including encrypted ones -- and a backlog of collected data.
- In 2012, XKS collected, processed and stored 41 billion total records in a single 30-day period.
- XKS can track encrypted communication usage and can decrypt VPNs.
- XKS also catalogues exploitable machines that can be compromised in order to increase focus on a subject of interest.
- XKS captures over 20 terabytes of data a day.
Making a statement to The Guardian website, which broke the Snowden leaks, the NSA said:
"NSA's activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests… XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system.”
XKS represents a large part of Edward Snowden’s leaks. As an NSA employee, Snowden said he could, while “sitting at my desk, wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”