The National Security Agency has tapped directly into communications links used by Google and Yahoo to move huge amounts of email and other user information among overseas data centers, the Washington Post reported on Wednesday.
The report, based on secret NSA documents leaked by former contractor Edward Snowden, appears to show the agency has used weak restrictions on its overseas activities to exploit major U.S. companies’ data to a far greater extent than realized.
Previously reported programs included those that allowed easy searches of Google’s, Yahoo’s and other Internet giants’ material based on court orders. But since the interception in the newly disclosed effort, code named MUSCULAR, occurs outside the United States, there is no oversight by the secret intelligence court.
The Post said the operation gained access to a cable or switch that relayed the traffic through an unnamed telecommunications provider.
“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” said Google chief legal officer David Drummond. Google said it had not been aware of the program, although it recently began speeding its efforts to encrypt internal traffic.
Like other companies, Google and Yahoo constantly send data over leased and shared or exclusive international fiber-optic telecommunication lines as they synchronize information.
The newly disclosed program, operated jointly with the United Kingdom’s Government Communications Headquarters, or GCHQ, amassed 181 million records in one recent 30-day span, according to one document reported by the Post. It could not be learned how much of that included material from U.S. residents, how the agency redacted data on them or how much of the information was retained.
An NSA spokesperson said in a statement the suggestion in the Post article that the agency relies on a presidential order on foreign intelligence gathering to skirt domestic restrictions imposed by the Foreign Intelligence Surveillance Act and other laws “is not true.”
“The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true,” the statement said. “NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”
Asked at an event in Washington about the latest report, NSA Director General Keith Alexander said that he had not read it but that the agency did not have unfettered access to the U.S. companies’ servers.
“I can tell you factually we do not have access to Google servers, Yahoo servers,” Alexander said at a Bloomberg Government conference. “We go through a court order.”
He did not directly address whether the agency intercepts such traffic in transit. The NSA is known to tap undersea cables.
A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
Yahoo in January will begin encrypting users’ email as it moves to the company, but it declined to say whether it would go further and keep email encrypted as it moves within Yahoo.
The report is likely to add to growing tensions between the U.S. intelligence establishment and the tech companies, which have been struggling to assure customers overseas that they need not fear U.S. spying.
Senate Judiciary Committee Chairman Patrick Leahy said he would ask for an administration briefing on the program because millions of U.S. residents could have had their communications monitored daily.
“I will be asking whether this report is accurate, what legal authority the government is using, and how they are protecting the privacy rights of law-abiding Americans,” the Vermont Democrat said.