The US National Security Agency (NSA) has tapped directly into communications links used by Google and Yahoo to move huge amounts of e-mail and other user information among overseas data centers, the Washington Post reported on Wednesday.
The report, based on secret NSA documents leaked by former contractor Edward Snowden, appears to show the agency has used weak restrictions on its overseas activities to exploit major US companies’ data to a far greater extent than realized.
Previously reported programs included those that allowed easy searches of Google’s, Yahoo’s and other Internet giants’ material based on court orders, but since the interception in the newly disclosed effort, code named MUSCULAR, occurs outside the US there is no oversight by the secret intelligence court.
The Post said the operation gained access to a cable or switch that relayed the traffic through an unnamed telecommunications provider.
“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks and it underscores the need for urgent reform,” Google chief legal officer David Drummond said.
Google said it had not been aware of the program, although it recently began speeding its efforts to encrypt internal traffic.
Like other companies, Google and Yahoo constantly send data over leased and shared or exclusive international fiber-optic telecommunication lines as they synchronize information.
The newly disclosed program, operated jointly with Britain’s Government Communications Headquarters, or GCHQ, amassed 181 million records in one recent 30-day span, according to one document reported by the Post.
An NSA spokesperson said in a statement the suggestion in the Post article that the agency relies on a presidential order on foreign intelligence gathering to skirt domestic restrictions imposed by the Foreign Intelligence Surveillance Act and other laws “is not true.”
“The assertion that we collect vast quantities of US persons’ data from this type of collection is also not true,” the statement said. “NSA is a foreign intelligence agency, and we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”
Asked at an event in Washington about the latest report, NSA Director Keith Alexander said that he had not read the report, but that the agency did not have unfettered access to the firm’s servers.
“I can tell you factually we do not have access to Google servers, Yahoo servers,” Alexander said. “We go through a court order.”
Yahoo in January will begin encrypting users’ e-mail as it moves to the company, but it declined to say whether it would go further and keep e-mail encrypted as it moves within Yahoo.
The report is likely to add to growing tensions between the US intelligence establishment and the technology companies, which have been struggling to assure customers overseas that they need not fear US spying.
US Senate Judiciary Committee Chairman Patrick Leahy said he would ask for a briefing.
“I will be asking whether this report is accurate, what legal authority the government is using and how they are protecting the privacy rights of law-abiding Americans,” Leahy said.