Report: NSA Tapped Into Google, Yahoo and Copied User Data

Thanks to whistleblower Edward Snowden, the NSA surveillance controversy that has engulfed the Obama administration has now hit Google and Yahoo, two of the world’s biggest tech companies, as a report in the Washington Post claims the agency was tapping into fiber-optic cables to copy huge amounts of data as it flows between the companies’ worldwide data centers.

The Post story cited a top-secret document from Jan. 9, 2013, obtained through the Snowden leaks, revealing that millions of records a day are sent from Yahoo and Google internal networks to NSA data warehouses at the agency’s headquarters in Fort Meade, Maryland.

The story said the type of information sent ranged from metadata—indicating who sent or received emails, the subject line and where and when—to content, such as text, audio and video. In the 30 days preceding Jan. 9, field collectors had processed and sent on 181,280,466 new records.

The revelations enraged the two Silicon Valley behemoths, who maintain a delicate bond of trust with their users about the safety of their personal data.

Google’s chief legal officer, David Drummond, said the company was “outraged” by the latest revelations.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

For its part, Yahoo said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

While the Internet firms go to great lengths to protect their data, the NSA documents showed how the agency boasted of its ability to breach their walls. The Post published a slide presentation showing that someone at NSA had added a smiley face to express their triumph over the Google security systems.

According to the Post, the NSA collected the data overseas to get around legal restrictions preventing it from accessing the communications of people who live in the United States. These actions fell instead under an executive order, signed by the president, which authorized foreign intelligence operations.

In response, the NSA, already under fire for revelations that it was snooping on the private cell phone communications of world leaders like German Chancellor Angela Merkel, denied that it used the presidential order to circumvent the restrictions on domestic spying. But the agency was very circumspect in its denial.

“NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true,” the NSA statement said.

“The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

Washington insiders noted the irony of the federal government being attacked because of its supreme technical prowess in tapping into billion-dollar companies, while at the same time Health and Human Services Secretary Kathleen Sebelius was being pummeled because she couldn’t get a simple website to work correctly.

Chris Wysopal, a former hacker who is chief technology officer for Veracode in Burlington, Mass., told the Associated Press that the NSA is famous for employing small, focused teams of highly talented, recruited experts with special skills, but that the Health and Human Services Department’s website designers are “sort of your average developers.”

And there’s also the thrill of hacking that plays into the difference.

“Breaking in, it feels like special ops,” Wysopal said. “Building something feels probably like you’re in the Corps of Engineers. You’re just moving a lot of dirt around.”The experts also acknowledge that it’s easier to break something down than to build it. Tapping into Google and Yahoo is simpler and faster than building a secure website for millions of people to get health care, Wysopal said.Another big difference is that if the NSA techies fail to get through the Google or Yahoo systems, no one ever hears about it. They work in isolation and anonymity. But if the website fails to work properly, everyone gets dragged through very public hearings on Capitol Hill. 

Back to top