14 DAY TRIAL // It's been a few months since the Snowden leaks started hitting the web, and the latest revelations are as serious as ever. The Washington Post, based on documents shared by Edward Snowden, is reporting that the NSA has been tapping into the inter-data center communications of Google and Yahoo, to get bulk access to user data.
The NSA does this via a program called MUSCULAR, operated in conjunction with the British GCHQ, the NSA's equivalent. The two agencies intercept communications between data centers and redirect them to their massive storing centers, where they get sorted.
The agencies do this to get access to the bulk of communications inside Google and Yahoo. This way, they can essentially get everything these companies have on all of their users, over one billion people.
The NSA already has lawful access to everything Google and Yahoo stores, via the PRISM program, approved by the FISA Court.
But it intercepts the data center communications at undisclosed locations outside the US, so the actions don't fall under much regulatory legislation or under the jurisdiction of the FISA Court. What this means is that the NSA can capture as much data as it wants without any Congressional oversight.
The agency, inadvertently or not, intercepts data on Americans via this program. Because this happens overseas, it doesn't have to report anything.
The scale of this operation is impressive, if not scary. In an internal report dated January 9, 2013, the NSA revealed that it had intercepted some 181,280,466 records from Google and Yahoo over the previous 30 days.
Most communications between users and Google or Yahoo, at least when it comes to private data such as email, is done over encrypted channels. But communication between data centers is not encrypted, at least it wasn't until very recently in the case of Google, and it still isn't at Yahoo.
At the time of the report, the NSA was able to intercept the plain text data between data centers and then decode the data formats that the two companies use. For example, the NSA would discard Google search index data and would concentrate on things like email archives and other communications.
Because these data centers around the world need to keep data in sync, they occasionally transfer bulk and archival data; for example, the entire email conversations of a user. This is a treasure trove for the NSA, since it can then get access to the entire records, not just real-time data and conversations.
Large companies like Google and Yahoo rent out "premium" networks, i.e. get exclusive access to some cables or at least a guarantee that their data is not mixed with data from other companies or the Internet at large. Both companies also own or lease thousands of kilometers of optical fiber cables for their own private use.
This segregation of communications made the companies think that the internal data was safe, even if it wasn't encrypted. It's now clear that this isn't the case.
This type of bulk data gathering would be illegal in the US. A similar program, at a smaller scale, was declared illegal by the FISA Court, explaining why the NSA had to start getting its data overseas.
If it wasn't clear by now, the NSA can and does everything in its power to skirt the very loose legislation and regulations that govern it, to maximize surveillance data. The NSA denied that this was ever its intention of the overseas surveillance.
Google has already begun encrypting data center communications. It's safe to say Yahoo and all the other big companies will start doing the same. But the NSA will look for other ways to get even more data. Both Google and Yahoo expressed their dismay at NSA's boldness, seen in the latest revelations.
The program underlines one of the agency’s biggest drives, even if it can get large amounts of data via legal means, i.e. the PRISM program, it is never enough, it always wants more.
It's also clear that the agency will never limit itself or that there isn't any actual oversight. The NSA acts on its own authority at this point and there needs to be a clear, strong response from the US Congress and White House to rein in the rogue agency. But that response hasn't come, so far.