Leaked files suggest agency can
obtain information from cables connecting Google and Yahoo's data hubs
Google and
Yahoo,
two of the world's biggest tech companies, reacted angrily to a report
on Wednesday that the National Security Agency has secretly intercepted
the main communication links that carry their users' data around the
world.
Citing documents obtained from former
NSA contractor Edward Snowden and interviews with officials,
the Washington Post claimed the agency could collect information "at will" from among hundreds of millions of user accounts.
The
documents suggest that the NSA, in partnership with its British
counterpart GCHQ, is copying large amounts of data as it flows across
fiber-optic cables that carry information between the worldwide data
centers of the Silicon Valley giants. The intelligence activities of the
NSA outside the US are subject to fewer legal constraints than its
domestic actions.
The story is likely to put further strain on
the already difficult relations between the tech firms and Washington.
The internet giants are furious about the damage done to their
reputation in the wake of Snowden's revelations.
In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations.
"We
have long been concerned about the possibility of this kind of
snooping, which is why we have continued to extend encryption across
more and more Google services and links, especially the links in the
slide," he said.
"We do not provide any government, including
the US government, with access to our systems. We are outraged at the
lengths to which the government seems to have gone to intercept data
from our private fiber networks, and it underscores the need for urgent
reform."
Yahoo said: "We have strict controls in place to protect
the security of our data centers, and we have not given access to our
data centers to the NSA or to any other government agency."
According
to a top-secret document cited by the Post dated 9 January 2013,
millions of records a day are sent from Yahoo and Google internal
networks to NSA data warehouses at the agency's headquarters in Fort
Meade, Maryland. The types of information sent ranged from "metadata",
indicating who sent or received emails, the subject line and where and
when, to content such as text, audio and video.
The Post's documents state that in the preceding 30 days, field collectors had processed and sent on 181,280,466 new records.
Internet
firms go to great lengths to protect their data. But the NSA documents
published by the Post appear to boast about their ability to circumvent
those protections. In one presentation slide on "Google Cloud
Exploitation," published by the Post, an artist has added a smiley face,
in apparent celebration of the NSA's victory over Google security
systems.
The Post said that the interception took place on the cables that connect the internet giants' data centers. The
New York Times reported on Wednesday evening that one of the companies that provides such cables for Google was
Level 3.
It said in a statement provided to the Times: "We comply with the laws
in each country where we operate. In general, governments that seek
assistance in law enforcement or security investigations prohibit
disclosure of the assistance provided."
,
the Post suggested the intercept project was codenamed Muscular, but
the Guardian understands from other documents provided by Snowden that
the term instead refers to the system that enables the initial
processing of information gathered from NSA or GCHQ cable taps.
The data outputted from Muscular is then forwarded to NSA or GCHQ databases, or systems such as the
XKeyscore search tool, previously reported by the Guardian.
The
Post said that by collecting the data overseas, the NSA was able to
circumvent the legal restrictions that prevent it from accessing the
communications of people who live in the
United States, and that it fell instead under an executive order, signed by the president, that authorised foreign intelligence operations.
In
response, the NSA specifically denied that it used the presidential
order to circumvent the restrictions on domestic spying, though the
agency said nothing about the rest of the story.
The NSA statement
said, in full: "NSA has multiple authorities that it uses to accomplish
its mission, which is centered on defending the nation. The Washington
Post's assertion that we use Executive Order 12333 collection to get
around the limitations imposed by the Foreign Intelligence
Surveillance Act and FAA 702 is not true.
"The
assertion that we collect vast quantities of US persons' data from this
type of collection is also not true. NSA applies attorney
general-approved processes to protect the
privacy
of US persons – minimizing the likelihood of their information in our
targeting, collection, processing, exploitation, retention and
dissemination.
"NSA is a foreign intelligence agency. And we're
focused on discovering and developing intelligence about valid foreign
intelligence targets only."
A GCHQ spokesman said: "We are aware of the story but we don't have any comment."
The NSA statement was much more narrowly drawn than the initial response by the agency's director, General Keith Alexander.
At a Washington conference on Wednesday
as the Post story broke, Alexander issued an immediate denial, but was
not specifically asked to address allegations that the NSA intercepted
data transiting between the companies' data centers.
The latest disclosures may shed new light on a reference in a GCHQ document,
first reported in September
by the Guardian, the New York Times and ProPublica. As part of its
efforts with the NSA to defeat internet encryption, GCHQ, the 2012
document said, was working on developing ways into the major webmail
providers, including Google and Yahoo. It added that "work has
predominantly been focused this quarter on Google due to new access
opportunities being developed".
Other documents provided to the
Guardian by Snowden suggest that GCHQ's work on Muscular, and a related
tool called Incensor, is regarded as particularly valuable by the NSA,
providing intelligence unavailable from other sources.
"Muscular/Incensor
has significantly enhanced the amount of benefit that the NSA derives
from our special source access," one 2010 GCHQ document notes. It adds
that this highlights "the unique contribution we are now making to NSA,
providing insights into some of their highest priority targets".
Relations
between the tech companies and the government are already strained over
the Snowden revelations. Speaking at a tech conference in September,
Facebook co-founder Mark Zuckerberg said the government had done a "bad
job" of balancing people's privacy. "Frankly, I think the government
blew it," he said.
Google will have its first turn before a
legislative panel to confront surveillance questions next month.
Senators Al Franken and Dean Heller, who are backing a bill to compel
the government to provide more transparency about bulk surveillance,
announced Wednesday that the Internet giant will send a representative
to a Senate hearing they will hold on 13 November.
.jpg)
