Massive cloud networks from companies like Google and Yahoo cache and serve up much of the data on the Internet -- and the NSA has secretly tapped into the unencrypted links behind those company’s enormous servers, according to a new report from the Washington Post.
By tapping into that link, the NSA can collect data at will from hundreds of millions of user accounts, the Post reported -- including not just foreign citizens and “metadata” but emails, videos and audio from American citizens.
Operation MUSCULAR, a joint program of the NSA and its British equivalent GCHQ, relies on an unnamed telecommunications provider outside of the U.S. to offer secret access to a cable or switch through with Google and Yahoo pass unencrypted traffic between their servers.
The massive servers run by the company are carefully guarded and strictly audited, the companies say; according to Google, buildings housing its servers are guarded around the clock by trained personnel, and secured with heat-sensitive cameras, biometric verification, and more.
Two engineers with close ties to Google exploded in profanity when they saw a drawing of the NSA’s hack revealed by Edward Snowden; the drawing includes a smiley face next to the point at which the agency apparently was able to tap into the world’s data.
“I hope you publish this,” one of them said.
White House officials and the Office of the Director of National Intelligence, which oversees the NSA, declined to confirm, deny or explain why the agency infiltrates Google and Yahoo networks overseas.
However, NSA director Gen. Keith Alexander said Wednesday his agency doesn't access such networks servers without a court order, according to Politico.
The NSA also released a statement saying the agency only uses attorney general-approved processes in data collection.
"NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation," the statement reads. "The Washington Post's assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons' data from this type of collection is also not true."
In a statement, Google said it was “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”
“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.
At Yahoo, a spokeswoman said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
Obama said in an interview in June "unequivocally" that the NSA cannot and has not listened to the telephone calls nor target the e-mails of a U.S. person
Read more about the latest in the NSA spying scandal at the Washington Post.