NSA Returns to Stealing from Yahoo and Google
The entire point of the Protect America Act and FISA Amendments Act was to provide a way for NSA to collect data from Yahoo and Google without stealing it from telecom switches, which is what they had been doing for 6 years. That was the primary goal: provide a legal means, with oversight, to collect intelligence from the multinational US-based Internet companies that dominated the free email market.
Yet, as I’ve been predicting for weeks, that wasn’t good enough for NSA. In addition to all the intelligence they collect legally using PRISM under Section 702 authority, it turns out they’ve been busy returning to their thieving ways.
The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.
By tapping those links, the agency has positioned itself to collect at will from among hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.
According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.
The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.
Mind you, the apologists will say that breaking into Yahoo and Google’s internal clouds to steal this information isn’t stealing because it takes place overseas, and therefore doesn’t have to abide by FISA, and therefore just amounts to normal old spying.
Case in point:
Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.
Outside U.S. territory, statutory restrictions on surveillance seldom apply and the Foreign Intelligence Surveillance Court has no jurisdiction. Senate Intelligence Committee Chairwoman Dianne Feinstein has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.
John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it was obvious why the agency would prefer to avoid restrictions where it can.
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”
But as I noted in this post, there’s at least an argument to be made that the 2011 John Bates decision ruling Section 702 upstream collection intentional and the existing FAA (that is, far more stringent than the 12333) minimization procedures insufficient under the Fourth Amendment would apply here, making the exposure of US person data under this collection a constitutional violation. And all that’s assuming there’s a purpose, like terrorism, that would warrant (heh) a special needs exception. With such bulk collection and nonexistent oversight, it’s not clear such a case could be made.
So stealing. And in the process doing enormous damage to two important American companies.
There’s one odd thing about this article though. Notice the absence of any discussion of Microsoft?
I suspect Microsoft would be handled differently. While they too run datacenters they are not in the business of providing the kinds of online identities and communications channels that, we are told, the terrorists favor. Yahoo has its e-mail servers, chat, and a suite of other id tools that people use to setup accounts with only a browser. Google has all that plus youtube where Inspire-related sermons can be found Google+ hangouts and others. As such anyone who wanted to find the source and viewers of say Anwar Al Awlaki’s clips would want to track a wide flow of data from disparate sources.
Simply put most of Microsoft’s DataFarm data is corporate, at least in my experience, while Yahoo and Google cater to the mob.
The shocking thing is that Mr Schindler can say “NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole.” and not feel bad about it. That is tantamount to saying we are the spooks and we are above the sprir if not the letter of the law. Well we knew that but it has taken Snowden to get them to come out and say so. These are the words of dictators. I hope these exposed lawyers are ashamed of themselves, but doubt they are
When, in the process of evaluating possible email providers for a University a few years ago, I looked at the Google and Microsoft cloud architectures, Microsoft’s data centers were far more limited and in far less diverse locations. Google would scatter your data all over the world. Microsoft, if memory serves, would put your email in two datacenters, both in the US.
I’m sure that Microsoft has many more data centers around the world, but I’m also sure that tapping their cloud would lag behind Microsoft’s building it.
I suspect there are some very, very angry people in Google engineering today.
And this also explains one of the initial disconnects between Snowden’s revelations and the internet companies. Yes, they’re listening directly into Google’s servers, and yes, Google didn’t know about it. They were both right.
EW, do you have a link to the article about MUSCULAR that the quotes come from? Perhaps I am overlooking it, but I don’t see it… Thanks!
I wonder what sort of lawsuit Google and Yahoo can bring against the NSA for damages. DoJ may not prosecute Alexander and Clapper, but you can bet corporate titans who see their businesses jeopardized certainly will.
Craig Murray, 7/3/13:
No mention of Microsoft and also no mention of Amazon who also does a hell of a lot of cloud computing hosting.
Couldn’t be happier. Like the lady said, “nationalize the fuckers.”
Have the USPS offer e-mail, phone and internet service. No-third-party walnut shell games. Expectation of Constitutional, original intent privacy. So e-mail is as protected as junk mail:
I can almost touch the Constitution again.
@thatvisionthing: Would give Al Franken’s Senate Subcommittee on Privacy and Technology a reason to finally hold a hearing.
@thatvisionthing: With fanfare:
I think you can be prosecuted for leaving flyers in people’s USPS mailboxes.
If it isn’t mail, it can’t legally go in a mailbox.
Above is a copy of that article.
@PJ Evans: Also, from an ACLU e-mail I printed out back when I could access my Yahoo e-mail:
@joanneleon: Saw your twitter exchange:
That’s funny. When Amazon told me I couldn’t place an order without an e-mail account, I suggested they offer Amazon e-mail accounts for orders.
That reminds me, I need to call Powells.
recidivism. purely and simply recidivism.
clearly the nsa is an institution with a perpetually criminal mind – think 1970’s forward to the present.
consider the “platoons” mentioned below as the equivalent of a mafioso don’s lawyer-squad:
“… John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said…
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA…”
now consider this:
the phenomenal stream of lies over the last five months from general alexander and his immediate underlings are likely the product of teams of government lawyers coaching alexander, et al., in those lawyerly lies.
lawyerly lies are often referred to as “parsing”, but that is an unhelpful word. these lies can better be thought of as verbal strawmen (or strawwomen) which the coached nsa official proceeds to set up and then demolish, as ew has pointed out repeatedly.
I have seen Civil-War-era letters. I think the box they’re in is currently at an aunt’s house.
Like with Canada’s spying on Brazil we now find out about Australia’s contribution to the 5 Eyes club.
“US intelligence agencies are using Australian embassies throughout Asia to intercept data and gather information across the continent, according to the latest report based on documents leaked by NSA whistleblower Edward Snowden.
Data collection facilities operate out of the embassies in Jakarta, Bangkok, Hanoi, Bejing, and Dili, according to Fairfax media. There are also units in the Australian High Commission in Kuala Lumpur, the most populated city in Malaysia, and Port Moresby, the capital of Papua New Guinea. [snip] … intelligence officers speaking to Fairfax Media (Australia) now say that it is good to stop terrorism and international crime, “but the main focus is political, diplomatic and economic intelligence.”
See here: http://rt.com/news/nsa-australian-embassies-asia-intelligence-998/
@PJ Evans: Are they from the terrorists or the patriots?