Oct 30 2013
Report: The NSA is spying on data from Google and Yahoo, too
New docs show NSA taps Google, Yahoo data center links
Tapping overseas cables grabs more data than the PRISM court-approved process.
US intelligence access to the mounds of data held by Google and Yahoo goes far beyond the court-approved PRISM program, which was described in some of the first National Security Agency (NSA) leaks to come out this summer. Top secret documents published today by The Washington Post reveal that the NSA has tapped into overseas links that Google and Yahoo use to communicate between their data centers.
The newly revealed program, codenamed MUSCULAR, harvests vast amounts of data. A top-secret memo dated January 9, 2013 says that the NSA gathered 181,280,466 new records in the previous 30 days. Those records include both metadata and the actual content of communications: text, audio, and video.
The program is a strikingly aggressive one on the part of the NSA against US-based Internet companies. Operating overseas gives the NSA more lax rules to follow than what governs its behavior stateside.
In one of the documents (a hand-drawn sheet), an NSA presenter explains how the agency gets in to the mid-point where the “Google Cloud” touches the “public Internet.” With a smiley-face drawing added, the slide explains: “SSL Added and removed here!”
The MUSCULAR program taps directly into the fiber optic cables that Google and Yahoo use to transmit data between their own data centers—a situation the companies have tried to avoid, in part by purchasing or leasing thousands of miles of their own fiber optic cables, explains the Post. The program is conducted overseas in conjunction with GCHQ, the UK’s top intelligence agency.
Google has already said the company is moving swiftly to further encrypt the flow of information between its data centers as a reaction to government snooping. It spoke to the Post about that process in a separate story, published on September 6.
Under the PRISM program, Internet companies like Google and Yahoo are compelled to put data for certain users in a kind of digital lock-box for government use through a process overseen by courts.
The MUSCULAR program revealed today apparently takes place without the companies’ knowledge. Google told the Post that it is “troubled by allegations of government intercepting traffic between our data centers, and we are not aware of this activity.”
Yahoo emphasized that it has “strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or any other government agency.”
Neither the White House nor the office that oversees the NSA said anything about the program to the Post. They would not confirm or deny its existence.
The newly published documents are part of the massive trove of information leaked by former NSA contractor Edward Snowden to journalists at the Post and The Guardian.
The Post contacted two engineers close to Google about the slides, and the paper describes how they “exploded in profanity” upon viewing the smiley-face slide—an apparent celebration of government conquest over Google’s security. “I hope you publish this,” one source said.