If you read tech news sites like ours with any frequency, chances are you're well aware at this point that the NSA has its ear to a glass on every bedroom wall in the digital world. We're well aware that companies like Google and Facebook cooperate with it and we know that phone call metadata was being collected. What we didn't know until now though, was that the NSA had found a method of mining data from Google servers without the search giant ever knowing.
While this is impressive in a technical sense – did a government agency just outfox one of the world's biggest tech firms? – it's made Google really sit up and take notice, leading it to fully investigate full user data encryption, in a similar manner to Kim Dotcom's MEGA file locker.
The NSA achieved this by tapping into the data connections between Yahoo and Google data centres around the world, acting as a man in the middle and scooping up reams of personal data on their customers. This isn't just a handful of people either; with companies with as large online presences and account services as Google andYahoo, we're looking at hundreds of millions of consumers world wide.
Using a tool known internally as MUSCULAR, the NSA was hoovering up documents and metadata that produced over 180 million records a month. This project also operated in partnership wit the UK's GCHQ, so the British government has something to answer for right alongside the Obama administration.
What's most surprising about these revelations though, is that the NSA already had it's foot in Google's door, using PRISM legislation to demand data on users. Why then does it need this back door? And more importantly, does it have the legal right to do so? Apparently it does, since the data collection occurs exclusively overseas, where the NSA has much looser limitations on what it can get up to.
In a statement, the NSA said it is “focused on discovering and developing intelligence about valid foreign intelligence targets only.”
“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said.
Google's own statement was one of disbelief, suggesting that it has never given permission for server access to the NSA, at least partially because it knew it would lead to abuse. ““We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” said Google's head legal officer, David Drummond.
It's also understandably surprised that it's data had been so easy for the NSA to tap into. Google invests heavily in security at its datacentres and in thousands of miles of private fibre optic cabling between them; and yet somehow, the NSA managed to sneak its way in.
Looking at the NSA document with the smiley face, it looks like the government body gets in during the transition between the public internet and Google's private cloud. To attempt to prevent this happening on such a scale in the future, Google is said to be working on heavy encryption to make any collected data largely unreadable.
KitGuru Says: The plot thickens. The NSA and GCHQ have a lot to answer for, but hopefully thanks to the efforts of protests like Stop Watching Us and the efforts of rights focused politicians, we'll see laws put in place to prevent these privacy invasions.