You open a Web browser, type in a URL, and hit Enter. The URL is, in effect, a request, and this request goes out in search of its destination server. Somewhere in the midst of its travels, however, before your request gets to that server, it will have to pass through TURBULENCE, one of the NSA’s most powerful weapons.
Specifically, your request passes through a few black servers stacked on top of one another, together about the size of a four-shelf bookcase. These are installed in special rooms at major private telecommunications buildings throughout allied countries, as well as in US embassies and on US military bases, and contain two critical tools. The first, TURMOIL, handles “passive collection,” making a copy of the data coming through. The second, TURBINE, is in charge of “active collection” — that is, actively tampering with the users.
You can think of TURMOIL as a guard positioned at an invisible firewall through which Internet traffic must pass. Seeing your request, it checks its metadata for selectors, or criteria, that mark it as deserving of more scrutiny. Those selectors can be whatever the NSA chooses, whatever the NSA finds suspicious: a particular email address, credit card, or phone number; the geographic origin or destination of your Internet activity; or just certain keywords such as “anonymous Internet proxy” or “protest.”
If TURMOIL flags your traffic as suspicious, it tips it over to TURBINE, which diverts your request to the NSA’s servers. There, algorithms decide which of the agency’s exploits — malware programs — to use against you. This choice is based on the type of website you’re trying to visit as much as on your computer’s software and Internet connection. These chosen exploits are sent back to TURBINE (by programs of the QUANTUM suite, if you’re wondering), which injects them into the traffic channel and delivers them to you along with whatever website you requested. The end result: you get all the content you want, along with all the surveillance you don’t, and it all happens in less than 686 milliseconds. Completely unbeknownst to you.
Once the exploits are on your computer, the NSA can access not just your metadata, but your data as well. Your entire digital life now belongs to them. — Edward Snowden, from his book Permanent Record (read for free)