National Security Agency spooks can apparently scoop up millions of records every day from the internal networks of Google and Yahoo by secretly tapping into the communication links connecting the Silicon Valley tech giants' data servers. The new revelations suggest that NSA surveillance goes well beyond the court-approved, front-door access to Google and Yahoo user accounts under the now-infamous PRISM program.
The new story from the Washington Post refers to "top-secret accounting dated Jan. 9, 2013" that shows how the NSA collected more than 181 million records from Yahoo and Google networks in 30 days—data including text, audio, video and metadata indicating who sent or received emails. The NSA accomplished this through a project called MUSCULAR, operated with the NSA's British counterpart known as Government Communications Headquarters, which intercepts the flow of data in the fiber-optic cables linking data centers around the world.
News of the NSA's activities led to an angry response from Google in the form of a statement by David Drummond, Google's chief legal officer.
“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
A slide from an NSA presentation titled "Google Cloud Exploitation" detailed how the NSA's MUSCULAR effort bypassed Google's security measures. Two engineers close to Google "exploded in profanity" when they saw the NSA illustration, according to the Washington Post.
Yahoo also denied giving the government permission to access its systems in such a manner.
But the NSA's MUSCULAR program appears to get away with such large-scale data collection by intercepting the data center links overseas, where such intelligence gathering is beyond the reach of most U.S. statutory restrictions and outside the jurisdiction of the Foreign Intelligence Surveillance Court. That allows the intelligence agency to operate under the looser rules of the presidential Executive Order 12333.
The NSA tried to counter the Washington Post story by denying that it had tried to use the executive order to bypass U.S. laws, according to Politico. But an NSA spokeswoman declined to discuss whether the agency had infiltrated the data center links.
Gen. Keith Alexander, head of the NSA, said that the agency is "not authorized" to tap into company data centers and must "go through a court process," during a Bloomberg cyber summit on Oct. 30. And he continued to warn that attempts to set new rules for cyber spying could increase the risks for national security.
The NSA's current woes go beyond a huge publicity problem and possible political backlash. The agency's controversial new Utah data-storage center has run into electrical problems during its past 13 months of construction.
Jeremy Hsu has been working as a science and technology journalist in New York City since 2008. He has written on subjects as diverse as supercomputing and wearable electronics for IEEE Spectrum. When he’s not trying to wrap his head around the latest quantum computing news for Spectrum, he also contributes to a variety of publications such as Scientific American, Discover, Popular Science, and others. He is a graduate of New York University’s Science, Health & Environmental Reporting Program.