NSA breaks into Google and Yahoo "cloud" data....interception being called illegal
Report: NSA broke into Yahoo, Google information centers
October 30, 2013 11:11 PM
Share with others:
WASHINGTON -- The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, The Washington Post has reported, citing documents obtained from former NSA contractor Edward Snowden.
A secret accounting dated Jan. 9, 2013, indicates that NSA sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency's Fort Meade, Md., headquarters. In the last 30 days, field collectors had processed and sent back more than 180 million new records -- ranging from "metadata," which would indicate who sent or received emails and when, to content such as text, audio and video, the Post reported Wednesday on its website.
The latest revelations were met with outrage from Google, and triggered legal questions, including whether the NSA may be violating federal wiretap laws.
"Although there's a diminished standard of legal protection for interception that occurs overseas, the fact that it was directed apparently to Google's cloud and Yahoo's cloud, and that there was no legal order -- as best we can tell -- to permit the interception, there is a good argument to make that the NSA has engaged in unlawful surveillance," said Marc Rotenberg, executive director of Electronic Privacy Information Center. The reference to "clouds" refers to sites where the companies collect data.
The new details about NSA accessing Yahoo and Google data centers around the world come as Congress is reconsidering the government's collection practices and authority, and as European governments are responding angrily to revelations that the NSA collected data on millions of communications in their nations. Details of the NSA programs have been trickling out since Mr. Snowden shared secret documents with the Post and Guardian newspaper in June.
The NSA's principal tool to exploit the Google and Yahoo data links is a project called MUSCULAR, operated jointly with the agency's British counterpart, GCHQ. The Post said NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.
The NSA has a separate data-gathering program, called PRISM, which uses a court order to compel Yahoo, Google and other Internet firms to provide certain data. It allows the NSA to reach into the companies' data streams and grab emails, video chats, pictures and more. U.S. officials have said the program is narrowly focused on foreign targets, and technology firms say they turn over information only if required by court order.
In a Bloomberg News interview Wednesday, NSA director Gen. Keith Alexander was asked whether the NSA has infiltrated Yahoo and Google databases. "Not to my knowledge," he said. "We are not authorized to go into a U.S. company's servers and take data. We'd have to go through a court process for doing that."
But it was unclear whether Gen. Alexander had immediate knowledge of the Post report's latest disclosure. He appeared to speak more about the PRISM program and its legal parameters.
In a separate statement, NSA spokeswoman Vanee Vines said NSA has "multiple authorities" to accomplish its mission, and that "the assertion that we collect vast quantities of U.S. persons' data from this type of collection is also not true." At no point did the NSA deny the MUSCULAR program's existence. The GCHQ had no comment.
The Post said the NSA was breaking into data centers worldwide.
UPDATE: Looks like the Tech Companies are taking an official stand, which is unusual for them
WASHINGTON -- Mounting revelations about the extent of NSA surveillance have alarmed technology leaders in recent days, driving a renewed push for significant legislative action from an industry that long tried to stay above the fray in Washington.
After months of merely calling for the government to be more transparent about its surveillance requests, tech leaders have begun demanding substantive new restraints on how the National Security Agency collects and uses the vast quantities of data it scoops up around the globe, much of it from streams of U.S. companies.
The pivot marks an aggressive new posture for an industry that often has trod carefully in Washington -- devoting more attention to blunting potentially damaging actions than to pushing initiatives that might prove controversial and alienate users from its lucrative services.
Six leading technology companies -- Facebook, Google, Apple, Yahoo, Microsoft and AOL -- sent a letter Thursday to Senate leaders reflecting the sharpening industry strategy, praising the sponsors of a bill that would end bulk collection of phone records of millions of Americans and create a privacy advocate to represent civil liberties interests within the secretive court that oversees the NSA.
"Transparency is a critical first step to an informed public debate, but it is clear that more needs to be done," said the letter, sent to Senate Judiciary Committee chairman Patrick Leahy, D-Vt., one of the bill's sponsors, as well as three other senators. "Our companies believe that government surveillance practices should also be reformed to include substantial enhancements to privacy protections and appropriate oversight and accountability mechanisms for those programs."
Although historically wary of Washington, the technology industry has been bulking up its political operations in the nation's capital for several years. It took a public stand against the Stop Online Piracy Act with a massive Internet protest last year. More recently, tech leaders made a high-profile push in the immigration debate, calling for more visas for foreign-born workers.
The tone of industry reaction to the NSA revelations has grown more aggressive since the first stories appeared in The Washington Post and Britain's Guardian newspaper in June. Companies that initially were focused on defending their reputations gradually began criticizing the government and challenging it in court. Some companies also have worked to harden their networks against infiltration.
A turning point came with Thursday's Washington Post revealing an NSA program that collects massive amounts of user information from Google and Yahoo as it moved among data centers overseas. To some, this amounted to a degree of intrusiveness that -- though speculated about by privacy activists -- was beyond what many in the industry thought possible.
"Clearly, this is something new and different," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, a Washington-based think tank that receives substantial industry support. Mr. Hall said technology leaders are weary of the revelations. "Right now, it's like, 'Please make it stop!' "
The technology industry backlash is especially striking in light of its once-cozy relationship with President Barack Obama, who got money and votes from Silicon Valley at historic rates last year.
Although Google general counsel David Drummond issued a statement Thursday expressing "outrage" and "the need for urgent reform," a longtime Google security engineer better captured the industry's mood in a post on Google Plus, a social networking service. "Even though we suspected this was happening, it still makes me terribly sad. It makes me sad because I believe in America," wrote engineer Brandon Downey, after cautioning that he was speaking personally, and not for Google.
National security officials have rejected criticism of NSA's collection of communications, particularly any suggestion that the agency had scooped up data under presidential authorities to avoid the greater oversight required by the Foreign Intelligence Surveillance Act. "NSA conducts all of its activities in accordance with applicable laws, regulations and policies -- and assertions to the contrary do a grave disservice to the nation, its allies and partners, and the men and women who make up the National Security Agency," said a statement the agency issued late Thursday.
For all the mounting frustration within the tech industry, the path ahead is murky. Most surveillance bills getting wide Capitol Hill circulation would not address NSA collection operations in other countries.
"To reform this is going to require passing a law that regulates NSA's operations overseas, and none of the bills do that now," said Jennifer Granick, director of civil liberties at Stanford Law School's Center for Internet and Society.
There also are unanswered legal questions. Some scholars say NSA data collection from Google, Yahoo and their users might violate the Fourth Amendment's prohibition on illegal search and seizure, even if it happens in foreign countries.
Some privacy activists said tech firms share at least some blame for the extent of the government surveillance program. They collect detailed user data -- much of it used to target advertising that generates company profits -- that the NSA covets. The companies also have lobbied against laws that would limit data collection in Europe and elsewhere.