The NSA is aggressively targeting Google and Yahoo servers, according to a new report in The Washington Post.
That report, based on internal NSA documents provided by government whistleblower Edward Snowden, suggests that the spy agency has figured out how to tap the links connecting the two tech giants’ datacenters to the broader Web. The collected data is sent to NSA headquarters at Fort Meade, Maryland, where it is warehoused and analyzed. The project is codenamed MUSCULAR.
Those documents claim that, in a 30-day period ending January 9, 2013, the NSA collected some 181,280,466 new records, including metadata and email content. That’s presumably representative of the NSA’s monthly collection; data capture is apparently in real time.
Google told the Post that it was “troubled” by the report. A Yahoo spokesperson told the newspaper that the company had “strict controls in place to protect the security of our datacenters” and that “we have not given access to our data centers to the NSA or to any other government agency.”
Reporters from the Post showed an NSA presentation slide diagramming the surveillance to two engineers “with close ties to Google,” both of whom apparently “exploded in profanity” when they saw the extent of the agency’s setup. “I hope you publish this,” one of them reportedly said.
Google has recently undertaken efforts to encrypt both its search and cloud-storage data. The company lives and dies on the perception that its systems are private and secure; if customers come to believe that their information is no longer safe in a Google datacenter, they may look elsewhere—but given reports of the NSA’s extensive surveillance of the world’s IT infrastructure, and the federal government’s willingness to play legal hardball with companies that attempt to keep email secure, it’s hard to tell where exactly paranoid customers can actually deposit their most sensitive data.
In June, former NSA contractor Edward Snowden began feeding documents about the agency’s activities to The Guardian and other newspapers. One of the NSA projects described in the resulting articles, PRISM, allegedly siphons information from the databases of nine major technology companies: Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. (In emails to Slashdot and other media outlets, as well as postings on their respective corporate blogs, many of these companies have denied involvement with PRISM.) Subsequent revelations over the summer detailed similar NSA programs that pull in data from all over the Web.
There are ways to keep a portion of your data safe from surveillance, of course, but it might take legislation from the federal government to truly change the current situation.
Image: Maksim Kabakou/Shutterstock.com