Skip to main content

NSA secretly taps into Google, Yahoo networks to collect information, say leaked documents

NSA secretly taps into Google, Yahoo networks to collect information, say leaked documents

Share this story

The NSA intercepts millions of pieces of Google and Yahoo user information each day by tapping into the links between servers, The Washington Post reports. According to documents leaked by Edward Snowden, the agency secretly exploits the data links in Google and Yahoo's global networks through a project called MUSCULAR, allegedly operated jointly with the GCHQ (which was accused earlier this year of snagging data from fiber optic cables). A January 9th document says that in the preceding 30 days, collectors had processed over 181 million pieces of information, including both metadata and the actual contents of communications.

Google is "troubled" by the allegations

The government can already request information from phone or data through the FISA Amendments Act, but this data collection would ostensibly take place without Google and Yahoo even being aware of it. Google told the Post that it had not known about the collection and was "troubled by allegations of the government intercepting traffic between our data centers." Sources close to Google reportedly "exploded in profanity" when shown the drawing above, saying "I hope you publish this." At the time of the initial revelations about PRISM's internet-monitoring capabilities, one slide suggested direct data collection from servers.

The collection alleged by the Post is made possible by the fact that data is sent through servers around the world, connected by dedicated fiber optic cables that may not be encrypted. Google revealed in September that it was working to encrypt information moving between data centers, however Yahoo hasn't announced a similar intention. The NSA may prefer this method in that it would facilitate data collection without the knowledge of the companies it's collecting it from.

"We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform," David Drummond, Google's chief legal officer, tells The Verge in a statement. Drummond also says that Google does not provide any government with access to its servers. In a statement, a Yahoo spokesperson tells us the same thing: "We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."

The data is reportedly being collected primarily from Google and Yahoo's cloud servers, which are generally hosting redundancies of existing information. Because the information isn't brand new, the Post reports that one NSA slide describes the collection as being akin to taking "a retrospective look at target activity." The NSA's collection seemingly occurs as encryption is removed while the data enters Google's servers, as the agency illustrates with a smiley face in the slide above.

The NSA's head says the leak isn't accurate

NSA head Keith Alexander said that the new allegations weren't accurate while speaking in an interview immediately following the leaks. "Not to my knowledge, that's never happened," Alexander says, according to Washington Post reporter Brian Fung. Bloomberg TV anchor Trish Regan quotes him as saying explicitly that the allegations are "not true."

Alexander also said that the leaks at large aren't revealing anything that isn't justifiable. "None of this shows that [the] NSA is doing something illegal, or that it has not been asked to do," he said during the interview. "It's legal, it's necessary, and it's authorized in every case." The Post notes that data collection occurring overseas isn't constrained by the same rules that govern domestic surveillance, potentially allowing the NSA to collect information on Americans as well.

Though Alexander says that the NSA's practices are legal, the Post reports that a similar style of data collection to what's used in MUSCULAR was previously found to be illegal when performed inside of a US territory. The ruling reportedly comes from the Foreign Intelligence Surveillance Court in 2011, which found that such data collection was illegal under the Foreign Intelligence Surveillance Act and that it didn't meet the requirements of the Fourth Amendment. With this new collection occurring around the world, however, it's possible that the NSA isn't bound to the ruling.

Update: The leaked slides have surfaced, which show the program in further detail. According to the slides, the NSA was pulling roughly 15 GB per day from the Yahoo network, but considered the data of poor quality. Internal analysts had also objected to the program, saying the small intelligence value "does not justify the sheer volume of collection."

Update 2: Speaking to Politico, NSA director Keith Alexander has taken issue with the Washington Post article, saying that to his knowledge, the NSA does not directly access Google's data centers and, "the assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true." The statements stop short of a full denial, not addressing whether the NSA gained unauthorized access to internal networks at Google or Yahoo outside of company data centers.

Update 3: In a statement, Google's chief legal officer, David Drummond, tells us that it's been addressing these issues by extending encryption across its network. The full statement is available below, while an excerpt of it has been added into the article above.

We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.

Jacob Kastrenakes contributed to this report. This article has been updated to include statements from Yahoo and Google.

Today’s Storystream

Feed refreshed Sep 23 10 minutes in the clouds

Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.

Spain’s Transports Urbans de Sabadell has La Bussí.

Once again, the US has fallen behind in transportation — call it the Bussí gap. A hole in our infrastructure, if you will.

External Link
Jay PetersSep 23
Doing more with less (extravagant holiday parties).

Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC.

“Maybe you were planning on hiring six more people but maybe you are going to have to do with four and how are you going to make that happen?” Pichai sent a memo to workers in July about a hiring slowdown.

In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.

External Link
Insiders made the most money off of Helium’s “People’s Network.”

Remember Helium, which was touted by The New York Times in an article entitled “Maybe There’s a Use for Crypto After All?” Not only was the company misleading people about who used it — Salesforce and Lime weren’t using it, despite what Helium said on its site — Helium disproportionately enriched insiders, Forbes reports.

James VincentSep 23
Nvidia’s latest AI model generates endless 3D models.

Need to fill your video game, VR world, or project render with 3D chaff? Nvidia’s latest AI model could help. Trained on 2D images, it can churn out customizable 3D objects ready to import and tweak.

The model seems rudimentary (the renders aren’t amazing quality and seem limited in their variety), but generative AI models like this are only going to improve, speeding up work for all sorts of creative types.

Richard LawlerSep 23
Green light.

This week Friday brings the debut of Apple’s other new hardware. We’ve reviewed both the new AirPods Pro and this chonky Apple Watch Ultra, and now you’ll decide if you’re picking them up, or not.

Otherwise, we’re preparing for Netflix’s Tudum event this weekend and slapping Dynamic Island onto Android phones.

The Apple Watch Ultra on a woman’s wrist
Photo by Amelia Holowaty Krales / The Verge
External Link
Jess WeatherbedSep 23
Japan will fully reopen to tourists in October following two and a half years of travel restrictions.

Good news for folks who have been waiting to book their dream Tokyo vacation: Japan will finally relax Covid border control measures for visa-free travel and individual travelers on October 11th.

Tourists will still need to be vaccinated three times or submit a negative COVID-19 test result ahead of their trip, but can take advantage of the weak yen and a ‘national travel discount’ launching on the same date. Sugoi!

External Link
Thomas RickerSep 23
Sony starts selling the Xperia 1 IV with continuous zoom lens.

What does it cost to buy a smartphone that does something no smartphone from Apple, Google, Samsung can? $1,599.99 is Sony’s answer: for a camera lens that can shift its focal length anywhere between 85mm and 125mm.

Here’s Allison’s take on Sony’s continuous-zoom lens when she tested a prototype Xperia 1 IV back in May: 

Sony put a good point-and-shoot zoom in a smartphone. That’s an impressive feat. In practical use, it’s a bit less impressive. It’s essentially two lenses that serve the same function: portrait photography. The fact that there’s optical zoom connecting them doesn’t make them much more versatile.

Still, it is a Sony, and

External Link
Corin FaifeSep 23
If God sees everything, so do these apps.

Some Churches are asking congregants to install so-called “accountability apps” to prevent sinful behavior. A Wired investigation found that they monitor almost everything a user does on their phone, including taking regular screenshots and flagging LGBT search terms.