A piece of code used by the NSA to label online “extremists” has been uncovered for the first time. The German public television network ARD reported that the popular encryption service Tor, which is based in Germany, was one of the entities that had become a target for the NSA’s labeling as part of their XKeyscore program. ARD did not report how the code had come into their possession, so it’s possible this information is from a leak that isn’t Edward Snowden. Arstechnica gives some background on the discovery:

XKeyscore is one of the high-level NSA surveillance programs that have been revealed via Snowden over the last year. The interface allows NSA and allied intelligence agencies to search all kinds of short-term data captured directly off of various Internet Exchanges worldwide.

This new code, which was published on Thursday, appears to flag people who are believed to live outside the United States and who request Tor bridge information via e-mail or who search for or download Tor or the security-minded TAILS operating system. Those users’ IP addresses can then be tracked for further monitoring.

Several Tor employees, including the American computer researcher Jacob Appelbaum, were flagged by the program. A post about the Tor program TAILS on a forum devoted to Linux was also tagged.

Tor was originally created at the US Naval Resource Lab. It is still is 60% funded by the government, which makes the flagging of those associated with it as “extremists” even more confusing. A spokesperson from the NSA responded, mentioning Obama’s Directive 28 and stating, “All of NSA’s operations are conducted in strict accordance with the rule of law, including the President’s new directive.”