The Washington Post went live this afternoon with the latest Snowden-fueled report, and this one seems like a doozy. In short, the NSA is said to have secretly broken into the main communications links that connect Yahoo’s and Google’s global data centers that form their respective globe-spanning networks known as “clouds.” Why is that a big deal? Because by doing that the NSA has “positioned itself to collect at will from among hundreds of millions of user accounts, many of them belonging to Americans,” according to the report:
According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.
The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.
The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process. The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.
Slate will have more on the news shortly, but in the meantime you can—and should—check out the full report here (which includes an image of a top-secret document with a big, old hand-drawn emoticon on it). While much of the recent Snowden leaks have caused diplomatic headaches for the administration abroad, these new revelations are likely to land harder at home, where most Americans are more likely to care that their government is potentially spying on them than they are about their government’s efforts to listen in on the calls of world leaders abroad.
Under PRISM, the NSA was forcing Yahoo, Google and other companies to turn over huge volumes of online communications or data that matched certain court-approved search terms. MUSCULAR, however, appears to go much further, and the large-scale collection would actually be illegal if it occurred within U.S. borders. But because the data centers are scattered around the globe, the NSA is apparently allowed to presume that anyone using a foreign data link is a foreigner.