The Washington Post reports that, according to new documents leaked by PRISM whistleblower Edward Snowden, the NSA has been secretly tapping into the main communication links connecting both Yahoo's and Google's data servers. And you can see it all scribbled—smiley-face included—right here.
The project (which the agency operated in addition to PRISM, not as part of it) is called MUSCULAR, and ran in cooperation with the GCHQ, the NSA's fiber-optic-cable-tapping British counterpart. And this newest revelation is perhaps even more concerning than any that have come before it thus far.
Keeping up with the NSA's lovely proclivity towards PowerPoint, a presentation dubbed "Google Cloud Exploitation" contains the above sketch showing where Google Cloud meets the "Public Internet," which is where their data resides. Pointing to that data-rich chewy center, the drawing remarks that SSL (or any attempts at encryption by Google) are "added and removed here." This is flippantly followed by a smiley face, a discomfortingly cavalier way of denoting the NSA's victory over Google's—and consequently our own—apparently feeble attempts at keeping personal data private.
And with Google and Yahoo being two of the largest online entities in the world, this joint venture is in a position to pull in a lot of secretly stolen data. According to the leaked documents, the NSA is rerouting millions of records from Yahoo's and Google's internal networks to the agency's headquarters at Fort Meade. This, as The Washington Post notes, adds up to a frightening amount of compromised information:
In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.
But unlike PRISM, it seems the companies the NSA has been feeding on for data have not granted the agency permission in these cases. In fact, all of this data collection is allegedly taking place without Google and Yahoo being even remotely aware of what's happening. Google offered the following statement to the Post:
[We are] troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.
We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.
Yahoo's statement followed suit:
We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.
It might be hard to believe that the NSA could make any positive claim to the legality of their actions—until you realize that all this data being collected is taking place overseas. As data from Yahoo and Google is sent around the world, it zips through fiber optic cables that may or may not be encrypted.
It starts to make a lot more sense then why, back in September, Google assured us that they're working on moving towards a total encryption of all their data centers. What at the time might have merely seemed like a way to placate the public amidst a massive backlash was actually a highly necessary proactive measure. Of course, whether or not Google would have mad such an accelerated effort to do so had the public not become aware of PRISM remains in question. Conversely, Yahoo, which has been moving at a snail's pace in terms of locking down user data if even that, walks away looking dangerously incautious by comparison.
White House officials and the Office of the Director of National Intelligence have, unsurprisingly, declined to "confirm, deny or explain why the agency infiltrates Google and Yahoo networks overseas." But with something like this happening right under the nose of massive corporations like Google and Yahoo, it's hard to imagine that there aren't more undesirable surprises to come. [The Washington Post]