According to new documents leaked by PRISM whistleblower Edward Snowden, The Washington Post reports that the NSA has been secretly tapping into the main communication links connecting both Yahoo's and Google's data servers.
The project (which the agency operated in addition to PRISM, not as part of it) is called MUSCULAR and ran in cooperation with the GCHQ, the NSA's fibre optic cable tapping British counterpart. With Google and Yahoo being two of the largest online entities in the world, this joint venture is in a position to pull in a lot of secretly stolen data.
According to the leaked documents, the NSA is re-routing millions of records from Yahoo's and Google's internal networks to the agency's headquarters at Fort Meade. This, as The Washington Post notes, adds up to a frightening amount of compromised information:
In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.
But unlike PRISM, it seems the companies the NSA has been feeding on for data have not granted the agency permission. In fact, all of this data collection is allegedly taking place without Google and Yahoo being even remotely aware of what's happening. Google offered the following statement to the Post:
[We are] troubled by allegations of the government intercepting traffic between our data centres, and we are not aware of this activity.
We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.
Yahoo's statement followed suit:
We have strict controls in place to protect the security of our data centres, and we have not given access to our data centres to the NSA or to any other government agency.
It might be hard to believe that the NSA could make any positive claim to the legality of their actions, until you realise that all this data being collected is taking place overseas. As data from Yahoo and Google is sent around the world, it zips through fibre optic cables that may or may not be encrypted. Back in September, Google assured that they're "working" on it.
White House officials and the Office of the Director of Natinoal Intelligence have, unsurprisingly, declined to "confirm, deny or explain why the agency infiltrates Google and Yahoo networks overseas." [The Washington Post]