NSA probes Yahoo, Google
Report: Agency broke into companies’ data centers
A Google data center is seen in Hamina, Finland. The Washington Post is reporting that the National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world. The Post cites documents obtained from former NSA contractor Edward Snowden and interviews with officials. AP photo
WASHINGTON — The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, The Washington Post reported Wednesday, citing documents obtained from former NSA contractor Edward Snowden.
A secret accounting dated Jan. 9 indicates that NSA sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade, Md., headquarters. In the last 30 days, field collectors had processed and sent back more than 180 million new records — ranging from “metadata,” which would indicate who sent or received emails and when, to content such as text, audio and video, the Post reported Wednesday on its website.
“Although there’s a diminished standard of legal protection for interception that occurs overseas, the fact that it was directed apparently to Google’s cloud and Yahoo’s cloud, and that there was no legal order as best we can tell to permit the interception, there is a good argument to make that the NSA has engaged in unlawful surveillance,” said Marc Rotenberg, executive director of Electronic Privacy Information Center. The reference to “clouds” refers to sites where the companies collect data.
The NSA’s principal tool to exploit the Google and Yahoo data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. The Post said NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.
The NSA has a separate data-gathering program, called PRISM, which uses a court order to compel Yahoo, Google and other Internet companies to provide certain data. It allows the NSA to reach into the companies’ data streams and grab emails, video chats, pictures and more. U.S. officials have said the program is narrowly focused on foreign targets, and technology companies say they turn over information only if required by court order.
In an interview with Bloomberg News Wednesday, NSA Director Gen. Keith Alexander was asked if the NSA has infiltrated Yahoo and Google databases, as detailed in the Post story.
“Not to my knowledge,” said Alexander. “We are not authorized to go into a U.S. company’s servers and take data. We’d have to go through a court process for doing that.”
It was not clear, however, whether Alexander had any immediate knowledge of the latest disclosure in the Post report. Instead, he appeared to speak more about the PRISM program and its legal parameters.
In a separate statement, NSA spokeswoman Vanee Vines said NSA has “multiple authorities” to accomplish its mission, and she said “the assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true.” At no point did the NSA deny the existence of the MUSCULAR program.
The Post said the NSA was breaking into data centers worldwide. The NSA has far looser restrictions on what it can collect outside the United States on foreigners and would not need a court order to collected foreigners’ communications.
To meet legal requirements, the NSA has to distinguish between foreign and U.S. persons, and must get additional authorization in order to view information linked to Americans, said Lewis, who is with the Center for Strategic and International Studies. He said it’s not clear from the reports what the NSA did with the U.S. data, and so it’s difficult to say whether the agency violated the law.
David Drummond, Google’s chief legal officer said the company has “long been concerned about the possibility of this kind of snooping.”
“We do not provide any government, including the U.S. government, with access to our systems,” said Drummond. “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Google, which is known for its data security, noted that it has been trying to extend encryption across more and more Google services and links.