Ride the Lightning

NSA Infiltrates Links to Google and Yahoo Data Centers Globally

October 31, 2013

The Washington Post reported yesterday that the National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

By accessing those links, the agency can collect whatever it wants from hundreds of millions of user accounts, many of them belonging to Americans. According to a top-secret accounting dated January 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters. From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program called PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

The MUSCULAR project appears to be an amazingly aggressive use of NSA monitoring against major American companies. The NSA issued a statement composed of the usual blather about being focused on foreign intelligence targets.

David Drummond, Google's chief legal officer, said that Google has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems. “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said. No kidding.

A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Clearly the controls are not strict enough. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner. Outside U.S. territory, statutory restrictions on surveillance seldom apply and the FISC has no jurisdiction.

As readers may recall, John is scheduled to lecture on the NSA surveillance at ABA TECHSHOW in March of 2014. It looks like he will not suffer from a dearth of content.

http://twitter.com/sharonnelsonesq