NSA said to tap Google and Yahoo abroad

Charlie Savage, Claire Cain Miller and Nicole Perlroth
Edward Snowden
AFPTV | AFP | Getty Images

The National Security Agency and its British counterpart have apparently tapped the fiber-optic cables connecting Google's and Yahoo's overseas servers and are copying vast amounts of email and other information, according to accounts of documents leaked by the former agency contractor Edward J. Snowden.

In partnership with the British agency known as Government Communications Headquarters, or GCHQ, the N.S.A. has apparently taken advantage of the vast amounts of data stored in and traveling among global data centers, which run all modern online computing, according to a report Wednesday by The Washington Post. N.S.A. collection activities abroad face fewer legal restrictions and less oversight than its actions in the United States.

Google and Yahoo said on Wednesday that they were unaware of government accessing of their data links. Sarah Meron, a Yahoo spokeswoman, said that the company had not cooperated with any government agency for such interception, and David Drummond, Google's chief legal officer, expressed outrage.

(Read more: NSA spied on 60 million Spanish phone calls in a month: Report)

"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links," Mr. Drummond said in a statement. "We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."

In a statement, the N.S.A. did not directly address the claim that it had penetrated the companies' overseas data links. But it emphasized that it was focused on "foreign" intelligence collection — not domestic — and pushed back against the notion that it was collecting abroad to "get around" legal limits imposed by domestic surveillance laws. It also said it was "not true" that it collects "vast quantities" of Americans' data using that method.

(Read more: Protesters march in Washington against NSA spying)

Companies like Google that operate Internet services — including email, online document and photo storage and search queries — send huge amounts of data through fiber-optic lines between their data centers around the world. Those data centers are kept highly secure using heat-sensitive cameras and biometric authentication, and companies believed the data flowing among centers was secure. But Google said last month that it began the process of encrypting this internal traffic before reports of N.S.A. spying leaked during the summer, and accelerated the effort since then. Google security executives were suspicious that outside parties, like governments, could tap into the cables, but did not have hard evidence that the spying was occurring, according to three people briefed on Google's security efforts who spoke on condition of anonymity.

The N.S.A. could physically install a device that clips on the cable and listens to electric signals, or insert a splitter in the cable through which data would travel, said Nicholas McKeown, an expert in computer networking and a professor at Stanford. Or, he said, someone with remote login access to the cable's switch or router could also redirect data flowing through the cables.

Level 3 is a company that provides these cables for Google, according to a person briefed on Google's infrastructure who was not authorized to speak publicly.

(Read more: NSA delayed anti-leak software at Snowden's base: Officials)

In a statement, Level 3 said: "We comply with the laws in each country where we operate. In general, governments that seek assistance in law enforcement or security investigations prohibit disclosure of the assistance provided."

In July, the company denied a German television report that it had cooperated with American intelligence agencies to spy on German citizens using its network. The New York Times reported in September that for at least three years, GCHQ had been working to gain access to traffic in and out of data centers operated by Google, Yahoo, Facebook and Microsoft's Hotmail. The program, described as having been developed in close collaboration with the N.S.A., was said to have achieved "new access opportunities" into Google's systems by 2012, according to GCHQ documents provided by Mr. Snowden. But it was not clear what that meant.

More from The New York Times:

No U.S. Action, So States Move on Privacy Law
Nicholas D. Kristof: The Spies Who Loved to Damage Our Reputation
Tapon Merkel Provides Peek at Vast Spy Net

The Post said that under a system code-named Muscular, GCHQ was storing data taken in from the interception in a rolling three- to five-day "buffer," during which the two agencies decoded it and filtered out information they wanted to keep.

It also reported that the N.S.A. was using about 100,000 "selectors" as its search term filters — more than twice as many, it said, as the agency has been using from its Prism program inside the United States. In that program, the agency collects emails, search queries and other online activity of foreigners abroad from Google, Yahoo and other companies through a court-approved process authorized by the FISA Amendments Act of 2008.

GCHQ documents obtained from Mr. Snowden by The Guardian newspaper and shared with The Times reveal an intense focus over several years by British spies on the development of Muscular and a closely related project code-named Incenser. The documents suggest that both programs are to a large extent driven by N.S.A. intelligence needs and are highly prized by the Americans.

In November 2010, the British wrote that "Muscular/Incenser has significantly enhanced the amount of benefit that the N.S.A. derive from our special source accesses." Those projects in some cases provide data that are unavailable from any other source, one document said, "highlighting the unique contribution we are now making to N.S.A., providing insights into some of their highest priority targets."

In its article, The Post described a January document as saying that the N.S.A.'s headquarters in Fort Meade, Md., was taking in more than 180 million records a month from the project. It also reported that briefing documents said collection from Yahoo and Google had produced important intelligence leads against hostile foreign governments.

The Post published an N.S.A. slide labeled "Current efforts — Google" with a hand-drawn sketch showing that traffic flowed between Google's data centers in "clear text," because encryption was added only at the front-end server that interfaced with users' computers and mobile devices. This notation included a smiley face.

The Post also published speaker notes from a presentation about Muscular. It included a reference to a February proposal to stop collecting Yahoo email account archives flowing through what it describes as a "lucrative" access point on what is apparently a fiber-optic cable linking Yahoo's overseas servers and its servers on United States soil.

As The Post published its story, the director of the N.S.A., Gen. Keith B. Alexander, was being interviewed at a cybersecurity conference. He flatly denied a slightly garbled account of The Post story as "factually inaccurate," but it was not clear that he understood that The Post was reporting infiltration of data links between overseas servers.

"There's no evidence that they are actually breaking into servers," said Alex Stamos, a security consultant at Artemis Internet, a security firm based in San Francisco. "But they are right outside Google and Yahoo's data centers taking data that those companies believed was protected."

Related Tags