Those documents, supplied by former NSA contractor Edward Snowden and obtained by the Washington Post, suggest that the US intelligence agency and its British counterpart have compromised data passed through the computers of Google and Yahoo, the two biggest companies in the world with regards to overall Internet traffic, and in turn allowed those country’s governments and likely their allies access to hundreds of millions of user accounts from individuals around the world.
“From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants,” the Post’s Barton Gellman and Ashkan Soltani reported on Wednesday.
The document providing evidence of such was among the trove of files supplied by Mr. Snowden and is dated January 9, 2013, making it among the most recent top-secret files attributed to the 30-year-old whistleblower.
Both Google and Yahoo responded to the report, with the former’s response being the most forceful.
Google’s chief legal officer, David Drummond, said the company was “outraged” by the allegations.
“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” said Drummond, implying the web giant had been caught by surprise by the revelations..
“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Yahoo likewise implied it was not actively cooperating with the NSA in granting the agency access to its data infrastructure.
“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,” the company said via statement.
Gen. Keith Alexander, the head of the NSA, told reporters Wednesday afternoon, “I don’t know what the report is,” according to Politico, and said his agency is “not authorized” to tap into Silicon Valley companies. When asked if the NSA tapped into the data centers, Alexander said, “Not to my knowledge.”
Earlier this year, separate documentation supplied by Mr. Snowden disclosed evidence of PRISM, an NSA-operated program that the intelligence company conducted to target the users of Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Apple services. When that program was disclosed by the Guardian newspaper in June, reporters there said it allowed the NSA to “collect material including search history, the content of emails, file transfers and live chats” while having direct access to the companies’ servers, at times with the “assistance of communication providers in the US.”
According to the latest leak, the NSA and Britain’s Government Communications Headquarters are conducting similar operations targeting the users of at least two of these companies, although this time under utmost secrecy.
“The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process,” the Post noted.
And while top-brass in the US intelligence community defended PRISM and said it did not target American Internet users, the newest program — codenamed MUSCULAR — sweeps up data pertaining to the accounts of many Americans, the Post acknowledged.
The MUSCULAR program, according to Wednesday’s leak, involves a process in which the NSA and GCHQ intercept communications overseas, where lax restrictions and oversight allow the agencies access to intelligence with ease.
“NSA documents about the effort refer directly to ‘full take,’ ‘bulk access’ and ‘high volume’ operations on Yahoo and Google networks,” the Post reported. “Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.”