Widget Image
Follow PPD Social Media
Connect With PPD
Wednesday, July 17, 2019
HomePolicyHow NSA Spying Breach On Google And Yahoo Impacts You

How NSA Spying Breach On Google And Yahoo Impacts You

The latest NSA spying revelation reported by the Washington Post represents an unprecedented lack of regard for the Fourth Amendment. Documents obtained by former security contractor and NSA whistleblower Edward Snowden, shows the National Security Agency secretly gained access  — or, rather broke into — main communications links that connect Yahoo and Google data centers all around the world.

Before Americans understand how NSA spying on Google and Yahoo links impacts them, we must first understand the story as it has been reported.

According to “knowledgeable officials” interviewed by the Post, tapping these communication links has now given the NSA the capability to collect data from hundreds of millions of user accounts on demand, including the accounts of millions of Americans. While the NSA does not keep every single bit of data it collects, the agency does store a substantial amount, and the latest move has placed the NSA above privacy rights protected in the Bill of Rights.

The top secret documents dating back to January 9, 2013, show that the NSA acquisitions directorate sends millions of records every single day from Yahoo and Google internal networks to several NSA data warehouses located at Fort Meade, which is home to the headquarters of the NSA. In the 30-day period leading up to January 9 of 2013, NSA field collectors processed and sent 181,280,466 new records to Fort Meade — including “metadata” — which tells the NSA who sent and/or received e-mails and when they did. The program mines other forms of communications content, such as text, audio and video.

The NSA project is referred to as MUSCULAR, and is a joint operation with the British counterpart to the NSA, or the Government Communications Headquarters. Apparently, from several undisclosed undisclosed locations, which are used as interception points, the NSA and the Government Communications Headquarters — or, GCHQ — are collecting data communications across fiber-optic cables that carry information between the data centers of the two Silicon Valley Internet heavyweights — Google and Yahoo.

As previously reported, the NSA already has front-door access to user accounts for both companies, all as part of a separate program known as PRISM, which has already undergone the proper court-approved process.

In a statement, the National Security Agency said it is “focused on discovering and developing intelligence about valid foreign intelligence targets only.” The statement further read, “NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.”

Google’s chief legal officer, David Drummond, responded in a follow-up statement, saying Google has “long been concerned about the possibility of this kind of snooping” and has never provided the government with access to its systems.

“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he added.

Yahoo, as well, commented through a spokeswoman who said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

As it relates to the program known as PRISM, which made headlines with the ousting of whistleblower Edward Snowden, the NSA collected massive amounts of online communications, which they then record legally by compelling U.S. technology companies, including Yahoo and Google, to turn over any data that matches court-approved search terms. That program, which was first disclosed by The Washington Post and the Guardian newspaper in Britain, is an authorized program under Section 702 of the Foreign Intelligence Surveillance Act (FISA) and is currently subjected to oversight by the Foreign Intelligence Surveillance Court (FISC).

Debating the merits and effectiveness of the FISC court is valid, but for the purposes of understanding the difference between PRISM and MUSCULAR, that debate is largely irrelevant.

Unlike PRISM< which is subject to specific court-approved search terms, MUSCULAR as described in the documents, is an operation to gather broad, unapproved data that is later determined to be useful or relevant. Instead, MUSCULAR, is an effort to “full take,” gain “bulk access” and collect a “high volume” of data on Yahoo and Google networks. An operation to collect such a broad amount of Internet content would be illegal in the United States, but the program is supposedly limited to overseas operations, where the NSA is allowed to assume anyone or any entity using a foreign data link is a foreigner.

Unfortunately, there is no way to know whether or not operations occur in the United States, which we now know is the case.

“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” says John Schindler, a former NSA chief analyst and proponent of such programs. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA,” he said, shrugging off the idea that the NSA would cut corners as obvious.

In its statement, the Office of the Director of National Intelligence denied that it was using executive authority to “get around the limitations” imposed by FISA.

Essentially, PRISM gives front-door access to information that Google or Yahoo, as well as the FISC court has complete knowledge of. However, MUSCULAR is a back-door break-in, granting the NSA access to data only Google and Yahoo should have, which is your personal information and activity. Without a legitimate reason, there is no purpose for the NSA to have access, save for illegally spying on American citizens.

As stated in the post, he “operation to infiltrate data links exploits a fundamental weakness in systems architecture. To guard against data loss and system slowdowns, Google and Yahoo maintain fortress-like data centers across four continents and connect them with thousands of miles of fiber-optic cable. These globe-spanning networks, representing billions of dollars of investment, are known as “clouds” because data move seamlessly around them.

 

Another potential privacy disaster, lays in how the data centers need to operated for them to properly and effectively work. The data centers must put together large volumes of information about you and other account holders. For instance, Yahoo’s internal network often sends users’  entire e-mail archives back and forth between data centers, which literally contains years of your messages and even the attachments sent with them.

By tapping into the Google and Yahoo clouds, the NSA is able to directly intercept communications as they take place, or through the backdoor without Google, Yahoo, or you ever knowing. The benefits to national security are obvious, but the same is true regarding the dangers.

To be sure, Google and Yahoo have gone to great lengths to avoid such a program and, in fact, have been quite suspicious of the government’s desire to implement one for a while.

Both companies, as David Drummond noted, have been shelling out substantial amounts of money for premium data links. Not only are the premium links designed to be faster and more reliable for users, but their exclusivity are far more secure. Over the past few years under the Obama administration, both Google and Yahoo have bought or leased literally thousands of miles of fiber optic cables for exclusive use. Insiders told the Washington Post that they knew they needed to protect their private, internal networks from government intrusion.

To give Americans an idea just how little regard the agency has for the Bill of Rights, an NSA slide presentation is called “Google Cloud Exploitation.” On one of the slides, a picture depicts where the “Public Internet” meets the internal “Google Cloud” where the companies’ secure data is located. The drawing then explains how encryption is “added and removed here!” — which prompts an artist who then adds a smiley face, mocking the compromise of Google security.

As you could imagine, according to the Post, two of the engineers associated with Google were furious when showed the drawing. “I hope you publish this,” one of them told the Washington Post.

With the MUSCULAR project, the GCHQ puts all of this data into a “buffer” that can store three to five days worth before having to recycling the storage space. It is in the buffer that the NSA uses certain technology to decipher how Google and Yahoo store your information inside their clouds, which they will afterward translate into your actual information. From the buffer, the data is then are sent through a series of filters to “select” information the NSA wants and “defeat” what it does not.

Meanwhile, no debate surrounds what information the NSA determines to “select” outside of the NSA, outside FISC or Congress.

While Google has announce plans to encrypt their data center links, which is an effort to block the NSA from achieving backdoor access to your information, Yahoo has not announced plans to encrypt its data center links.

The danger lays in the fact that digital communications and cloud storage do not adhere to national boundaries, which means the NSA can conduct a spying operation such as MUSCULAR with the same scope they could a foreign operation. Also, the lack of debate or oversight because the programs are so conveniently dubbed to be classified, which cloaks their existence, let alone their scope.

The law is not keeping up with the technology, and the government can literally violate your Fourth Amendment rights without anyone — except, of course, those who are actually in the room — ever knowing they did.

“Thirty five years ago, different countries had their own telecommunications infrastructure, so the division between foreign and domestic collection was clear,” Sen. Ron Wyden D-OR. “Today there’s a global communications infrastructure, so there’s a greater risk of collecting on Americans when the NSA collects overseas.”

Written by
Data Journalism Editor

Rich, the People's Pundit, is the Data Journalism Editor at PPD and Director of the PPD Election Projection Model. He is also the Director of Big Data Poll, and author of "Our Virtuous Republic: The Forgotten Clause in the American Social Contract."

No comments

leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.