NSA Returns to Stealing from Yahoo and Google

Screen shot 2013-10-30 at 1.23.18 PMThe entire point of the Protect America Act and FISA Amendments Act was to provide a way for NSA to collect data from Yahoo and Google without stealing it from telecom switches, which is what they had been doing for 6 years. That was the primary goal: provide a legal means, with oversight, to collect intelligence from the multinational US-based Internet companies that dominated the free email market.

Yet, as I’ve been predicting for weeks, that wasn’t good enough for NSA. In addition to all the intelligence they collect legally using PRISM under Section 702 authority, it turns out they’ve been busy returning to their thieving ways.

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

By tapping those links, the agency has positioned itself to collect at will from among hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.

Mind you, the apologists will say that breaking into Yahoo and Google’s internal clouds to steal this information isn’t stealing because it takes place overseas, and therefore doesn’t have to abide by FISA, and therefore just amounts to normal old spying.

Case in point:

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.

Outside U.S. territory, statutory restrictions on surveillance seldom apply and the Foreign Intelligence Surveillance Court has no jurisdiction. Senate Intelligence Committee Chairwoman Dianne Feinstein has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.

John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it was obvious why the agency would prefer to avoid restrictions where it can.

“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”

But as I noted in this post, there’s at least an argument to be made that the 2011 John Bates decision ruling Section 702 upstream collection intentional and the existing FAA (that is, far more stringent than the 12333) minimization procedures insufficient under the Fourth Amendment would apply here, making the exposure of US person data under this collection a constitutional violation. And all that’s assuming there’s a purpose, like terrorism, that would warrant (heh) a special needs exception. With such bulk collection and nonexistent oversight, it’s not clear such a case could be made.

So stealing. And in the process doing enormous damage to two important American companies.

There’s one odd thing about this article though. Notice the absence of any discussion of Microsoft?

Tweet about this on Twitter8Share on Reddit1Share on Facebook8Google+2Email to someone

19 Responses to NSA Returns to Stealing from Yahoo and Google

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19

Emptywheel Twitterverse
emptywheel Abdo: Min procedures would be meaningless if Smith governed here.
4mreplyretweetfavorite
emptywheel Booyah. Abdo kills ratification "Many members of Congress not aware of program, those who were were not provided legal analysis of program."
6mreplyretweetfavorite
emptywheel Ut oh. No one brought up First Amendment, meaning no mention of Bates eliminating 1A protections last year.
7mreplyretweetfavorite
emptywheel Again, Delery, if the FISC is providing oversight, then your political branches argument fails.
8mreplyretweetfavorite
emptywheel Let's also talk abt how ODNI is still hiding dates on PRTT program bc they would reveal it lied to court in CA,
11mreplyretweetfavorite
emptywheel "What else haven't you let us know" beyond what ODNI declassified? Let's talk abt how they use phone dragnet w/EO12333 dragnet, judge!
12mreplyretweetfavorite
emptywheel Ut oh. Delery doesn't know answer to whether FISC imposed requirements beyond govt.
13mreplyretweetfavorite
emptywheel Delery's trying to have it both ways. says political branches set limit to program, but not relying on minimization procedures set by FISC
14mreplyretweetfavorite
emptywheel What's nutty as shit abt Delery's current arg is the FISC--not a political branch--sets and oversees minimization procedures.
16mreplyretweetfavorite
bmaz @bsdtectr no, but she isn't good.
16mreplyretweetfavorite
emptywheel I'm so old I remember when Justice Roberts said govt protocols (minimization procedures) not adequate to protect 4th.
17mreplyretweetfavorite
October 2013
S M T W T F S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031