Not satisfied with the bulk data it collects through court orders from internet giants Google and Yahoo, the National Security Agency reportedly vacuumed up traffic from communication links between the companies’ data centers, according to documents leaked by Edward Snowden. Google expressed outrage over the government’s actions and called for reform.
The taps of the data links allow the spy agency to collect data on millions of users, including Americans, without cooperation from the two companies and without oversight from the Foreign Intelligence Surveillance Court, according to the Washington Post, which broke the story. An NSA slide obtained by the Post even shows where the NSA has presumably exploited a weakness in Google’s encryption to siphon the data.
The NSA project, codenamed MUSCULAR, is operated jointly with the UK spy agency GCHQ. Both agencies copy entire data flows that pass through fiber-optic cables linking one Google data center to another. It does the same with Yahoo, at times sucking down so much information that analysts complained about the quantity.
The data, which amounts to millions of records daily, gets passed to NSA data collection centers at Ft. Meade. In just 30 days NSA field collectors had processed and sent back 181,280,466 records, according to one document. The information siphoned included not only metadata but also content.
The GCHQ directs the data into a “buffer” where it is held for three to five days while custom-built NSA tools unpack and decode the special data formats Google and Yahoo use for data inside their cloud systems. The data then passes through a series of filters to pull out information the NSA wants to keep. One weekly report on MUSCULAR noted that the British operators have allowed the NSA to contribute 100,000 “selectors” or search terms to sift through the data.
Google told WIRED it was angered by the NSA’s conduct.
“We have long been concerned about the possibility of this kind of snooping,” Google Chief Legal Officer David Drummond said in a statement, “which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide….
“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Earlier this year, the Post reported that the NSA operated a program dubbed PRISM that involved collecting bulk data from internet companies using court orders from the FISA Court. The NSA has insisted that such collections are targeted, and the internet companies have been fighting in court to publish data about the number of court orders they receive each year as well as the number of user accounts affected by the government surveillance requests. The NSA has resisted efforts to make the information public.
With the taps on fiber-optic cables specifically focused on the data centers, however, the NSA is able to collect information it cannot obtain under court order.
“Our system of judicial and congressional oversight of the NSA is fundamentally broken, and dragnet programs like this one are the result,” ACLU Deputy Legal Director Jameel Jaffer said in a statement. “If we want the right to privacy to survive the NSA’s assault on it, we need both Congress and the courts once again to play the role the constitution envisioned for them.”
Though some of the data the NSA collects through these links is encrypted, other recent news reports have exposed NSA projects to decrypt secured data. The Post also obtained an internal NSA slide presentation showing the agency’s knowledge of a weakness in Google’s encryption.
The slide presentation on “Google Cloud Exploitation” shows a sketch indicating where the “Public Internet” meets the internal “Google Cloud” where Google data resides. A note on the slide indicates that encryption is “added and removed here!” along with a smiley face noting where the vulnerability in the encryption lies.
Last month, Google announced plants to encrypt data links connecting its data centers. “It’s an arms race,” Google’s vice president for security engineering Eric Grosse said at the time. “We see these government agencies as among the most skilled players in this game.”
Because the collection occurs outside U.S. borders, the NSA is not restrained by legal protections that would make such bulk collections illegal inside the U.S.
Tapping the Google and Yahoo data links allows the NSA to intercept communications in real time and to take “a retrospective look at target activity,” according to an NSA document obtained by the Post.
