What is the NSA up to?

Triggerfinger has an outstanding (and very detailed) overview of XKeystore, the latest revelation of NSA's snooping activity:

In other words, a competent programmer can reliably parse out email addresses from the structured header fields with effectively no chance of getting user-entered content by mistake, unless the user was hand-crafting the email. All they have to do is stop reading the message at the first blank line (as I have marked in the example with a dividing line).

In order to get occasional cases where the Xkeystore retrieves "metadata" in the form of email addresses that turns out to be user-entered content instead, the NSA must be retrieving and parsing the content of the email. They may have coded their application to only show what they think are email addresses, but they are extracting those email addresses from the content, not from the headers. Which means they must be collecting and analyzing the content, not just the metadata.

It's like a pretty girl who wants to change clothes in your bedroom. Does she trust you not to look or does she find a screen or use a bathroom or closet so that you can't look? Does it matter if you promise not to look?

Clearly, the NSA has the ability to intercept email content, not just metadata; just as clearly, they are actually interceptingthe full email content and collecting it for analysis. They are asking us to trust them not to look at the content, even though they already have it. Maybe they have built their application so that they can't look without getting permission, but according to Snowden, the permission system is a joke and a rubber stamp. We already know that Homeland Security does keyword scanning of content, and I'm betting the NSA is doing the same thing with its application, and if the right keywords are there -- or the right sender or recipient, two or three degrees away from a "suspected" terrorist -- the content is flagged for a closer look. Or the NSA analyst can make up his own justification and get it rubber stamped.

And we can't see how their application works, or have any way of knowing that it does what it says it does. In this analogy, the NSA is the guy wearing a nice Google Glass device, and he tells the pretty girl in his bedroom she can strip down right there in front of him and she will be perfectly safe -- he's written his own privacy app, you see, and when it detects a pretty girl in his field of view it doesn't let him look. He's just watching you to keep you safe, you see. He's not recording the whole thing and uploading it to his friends.

This is an excellent introduction to how the messages are sent, what they look like, and how NSA must be doing things.  Highly recommended.