The National Security Agency has tapped directly into communications links used by Google and Yahoo to move huge amounts of email and other user information among overseas data centers, the Washington Post reported on Wednesday. It was unclear how the NSA accessed the links.
The report, based on secret NSA documents leaked by former contractor Edward Snowden, appears to show that the agency has used weak restrictions on its overseas activities to exploit even major U.S. companies’ data to a far greater extent than previously realized.
Previously reported programs included those that allowed easy searches of Google’s, Yahoo’s and other Internet giants’ material based on court orders. But because the interception in the newly disclosed effort, code named MUSCULAR, occurs outside the United States, there is no oversight by the secret intelligence court.
Google, which recently said it is speeding its efforts to encrypt internal traffic, told Reuters: “We’re troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”
Like other major companies, Google and Yahoo constantly send data over leased and shared or exclusive international fiber-optic telecommunication lines as they sync information.
The newly disclosed program, operated jointly with the United Kingdom’s Government Communications Headquarters (GCHQ), amassed 181 million records in one recent 30-day span, according to one document reported by the Post. It could not be learned how much of that included material from U.S. residents, how the agency redacted data on them or how much of the information was retained.
An NSA spokesperson said in a statement that the suggestion in the Post article that the agency relies on a presidential order on foreign intelligence gathering to skirt domestic restrictions imposed by the Foreign Intelligence Surveillance Act and other laws “is not true.”
“The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true,” the statement said. “NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”
Asked at an event in Washington about the latest report, NSA Director General Keith Alexander said that he had not read it but that the agency did not have unfettered access to the U.S. companies’ servers.
“I can tell you factually we do not have access to Google servers, Yahoo servers,” Alexander said at a Bloomberg Government conference. “We go through a court order.”
He did not directly address whether the agency intercepts such traffic in transit. The NSA is known to tap undersea cables.
A Yahoo spokeswoman said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
The report is likely to add to growing tensions between the U.S. intelligence establishment and the tech companies, which have been struggling to assure customers overseas that they needn’t fear U.S. spying.
(Reporting by Joseph Menn in San Francisco; Additional reporting by Deborah Charles and Mark Hosenball in Washington; Editing by Warren Strobel and Cynthia Osterman)