During yesterday’s House intelligence committee hearing, Director for National Intelligence James Clapper said to one member of Congress, “There are many things we do in intelligence that, if revealed, would have the potential for all kinds of blowback.”
The Washington Post has revealed that the National Security Agency has infiltrated the main communications that connect Yahoo and Google to its data centers located around the world. Such revelation could have huge ramifications for the NSA.
According to documents from former NSA contractor Edward Snowden—and as reported by Barton Gellman and Ashkan Soltani, the NSA has developed a tool as part of a project called MUSCULAR. The NSA, in partnership with UK spying agency, GCHQ, are able to copy “entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.”
Over a period of 30 days from December 2012 to January 2013, the NSA sent copies of “millions of records” to warehouses at the agency’s Fort Meade headquarters. The agency’s “field collectors” were able to collect, process and send 181,280,466 records in that time span. The records included metadata and content “such as text, audio and video.”
Millions of Americans’ data can be swept up through this exploitation because digital communications and cloud storage is not confined to the United States.
An NSA presentation slide features a sketch showing where the “Public Internet” meets the “Google Cloud.” A smiley face indicates the pride the NSA has that it was able to find a way to exploit communications and access the data.
Engineers with “close ties to Google,” according to the Post, “exploded in profanity when they saw the drawing.” One even said, “I hope you publish this.”
Google reacted that it was “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity” and said the company had “long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.”
A spokeswoman for Yahoo said the company had “strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
It was previously revealed that companies like Google and Yahoo were giving the NSA “direct access” to users’ data, including content, as part of a program called PRISM. That sort of collection has happened, according to the NSA, because the agency has sought to compel the companies to provide the data.
This is what makes the infiltration and collection alarming. It is clearly being done to circumvent US laws. There is much more data the NSA can collect through this method because it does not take place under the Foreign Intelligence Surveillance Act and the secret surveillance court that is supposed to provide oversight cannot scrutinize and act as a check on any of this surveillance activity.
In 2011, the Foreign Intelligence Surveillance Court ruled in regards to collection from data streams that included data from Americans that procedures intended to protect privacy were “deficient on statutory and constitutional grounds.” The collection was deemed illegal.
If companies like Google and Yahoo do not know what the NSA is doing in their networks and if they cannot guarantee to their users, who are not the targets of criminal investigations, that their data will be kept safe from government intrusion, that alienates users. It makes them less willing to use services.
Already Internet companies have challenged the government and demanded they be able to disclose the number of requests for data coming from the government. They want to share this information with users so they do not appear to be complicit enablers of the massive surveillance state. They know this is bad for their brand.
Craig Gorsline, president and chief operating officer, a software development firm based in Chicago with employees in 12 countries around the world, shared, “We have witnessed the adverse effects of the National Security Agency interception of data from Internet transmissions and data centers first-hand and have been involved in many conversations concerning the future of our industry should this unauthorized blanket surveillance be continued without proper transparency and oversight.”
“The government’s sweeping, capricious spying is causing businesses to reconsider the use of many efficient, cost-effective technologies that have become commonplace in recent years, because the NSA may intercept their data, or their customers’ data, during transmission or while at rest, in data centers,” Gorsline added. “This practice threatens productivity, it is bad for business and Congress should end it.”
In a way, the infiltration of Google’s Cloud is similar to spying on US allies. Neither Merkel nor Google is going to deliberately withhold intelligence from NSA that it needs if it has probable cause to investigate a person or if it has evidence for an investigation into suspected terrorists.
Internet companies and US allies would be cooperative partners, but, now that it has been revealed they are engaged in intrusive programs, where the agency is going behind their back to get the information, it is damaging the potential to continue to work closely.
For privacy advocates, it may be satisfying to see the surveillance state unraveling. The government’s ability to alienate world leaders and Internet companies has aided debate and helped bring the country closer to a moment where real reform is possible.
The reality is the NSA has a institutionally sociopathic drive to hoard and control all of the world’s data and be able to do with it as it pleases. It does not care about commerce or civil liberties, privacy or political relationships. It is driven by one agenda and that is maintaining America’s dominance in the world and, as evidenced by its inability to engage in self-criticism, it could not careless what is put at risk or destroyed in the process.