Many of the locations situated on the NSA’s poorly drawn map, of X-Keyscore’s 150 sites and 700 servers, can be classed as legitimate NSA facilities, in the sense they have been given a mandate to carry out cyber spying by those state’s closely aligned to US power. However, quite a few locations most noticeably in Russia and China open a few question over what activities these locations are conducting.
- Are these facilities collecting data? And if so are they operated by the US government, or private companies?
- Do these governments know what activities are being carried out at these facilities?
- Are these facilities used to collect and monitor data of citizens of that country?
Taking into account both Russia and China’s diplomatic relations with Washington, we can assume that Russia and China neither know exactly what is carried out at these facilities, nor is complicit in the data monitoring. On top of this we can also assume, that due to the geographical locations and mass collection of data, each NSA facility monitors the data of its regional location. As far as whether these facilities are being operated by the US government or private companies, it depends on whether these are just facilities with access to the X-Keyscore program, or whether they are servers storing and collecting data. If these are the locations of servers, as the US has no government facilities in China, or Russia we can assume these servers would be operated by US corporations such as Yahoo.
If these facilities are being used for the purposes of collecting, storing and analyzing Chinese and Russian web data, this would technically be carrying out cyber espionage on Russian and Chinese soil. Even though espionage is often seen as expectable state behavior under international law, operating a mass surveillance facility, in the state you are spying on, crosses the boundaries of traditional state on state espionage activities. Previous revelations by Edward Snowden have presented a picture of US global surveillance networks, which go far beyond traditional state security. However, if these facilities are anything more than just a hub where data analysts have access to the X-Keyscore program, then US cyber surveillance has even far more scope than was originally thought.
Even small, closely US aligned Thailand seemed surprised that they had a US surveillance facility operating without their knowledge. Information and Communications Technology Minister Anudith Nakornthap, said on Friday that “relevant agencies need to investigate the report about the existence in Thailand of the X-Keyscore operation.” Thai cyber security experts said it is “possible that this country was one of the locations for the X-Keyscore operation,” and that the program can be “located at any data centre or at the servers of any organisation that lacked security.” Are other countries, just like Thailand, now searching for secret US facilities operating illegally on their soil?