NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks
from the here-we-go dept
While NSA boss Keith Alexander issued a misleading denial of this morning's report of how the NSA has infiltrated Yahoo and Google's networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren't quite said while refusing to address the actual point:NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post's assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they're protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they're going to use this loophole to search them:
The assertion that we collect vast quantities of US persons' data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.
NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only.
"If we're validly targeting foreigners and we happen to collect communications of Americans, we don't have to close our eyes to that," Litt said. "I'm not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we've already collected."So, for all the claims that this kind of information will be "minimized," it certainly looks like they've already admitted they don't do that.
Meanwhile, that Guardian article that has the NSA's response also has responses from the 3 other players in this drama. There's the UK's GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn't want to say a damn thing:
"We are aware of the story but we don't have any comment."Google, however, was reasonably furious about this story.
In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations.Yahoo's response, unfortunately, was a lot more restrained and not particularly on point.
"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," he said.
"We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."
"We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is.
Hopefully, this means that Google and Yahoo will stop just focusing on getting more "transparency" out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: executive order 12333, gchq, infiltrate, keith alexander, networks, nsa, nsa surveillance, section 702
Companies: google, yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Insider trading?
Given the vast amounts of searchable, private, and no doubt high percentage of public company email and attachment info NSA employees have at their searchable disposal (with no meaningful insider oversight), how many trades by employees and contractors were based on insider information?
Or does the agency itself maintain shell accounts?
Seems like a good source of funding. And a potential avenue of investigation...
[ link to this | view in thread ]
[ link to this | view in thread ]
Google doesn't say gov't doesn't get the data!
The Google-Borg. Assimilating your privacy since 1998.
11:37:11[m-370-2]
[ link to this | view in thread ]
Re: "I know what to do about it besides bitch."
I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.
What exactly do you do? Inquiring minds want to know!
And why, since you clearly agree with me about the invasion from those mega-corporations, the vague but unnecessary dig?
[ link to this | view in thread ]
Give me a break. They wouldn't send the CEO's of Yahoo or Google to prison for not allowing them to do mass surveillance. If they did, then you'd have proof US is a totalitarian state, where they can send anyone they want on a whim to prison.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: "I know what to do about it besides bitch."
[ link to this | view in thread ]
you dont think receiving an unprecedented number of complaints might work? how about an unprecedented number of people telling Yahoo to take a hike?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
If I were the NSA, I'd just outsource American data collecting to the GCHQ or Israel.
Then all the spy agencies can just share information with each other, under the infinity-eyes agreement.
[ link to this | view in thread ]
Finally, Google is getting angry
But, at last, they're getting public about their anger.
Now - fight back. Put a request on some of that nice white space at http://google.com asking their customers to call their congressmen and senators.
[ link to this | view in thread ]
Re: Finally, Google is getting angry
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
There is only one thing you cannot encrypt: IKE, which does the IPSEC key negotiation (and has its own built-in encryption). As a consequence, you cannot also encrypt some ICMP traffic related to your IKE traffic.
[ link to this | view in thread ]
The difference between Google and Yahoo
[ link to this | view in thread ]
[ link to this | view in thread ]
mmm....
Since its Halloween here in the states and Blade is a favorite of mine... "... Who do you think let them in asshole!?!?"
I praise ya for looking for solutions to issues Mike, I truly truly do and yet ya might want dig a little deeper in corporate sovereignty and ask something pretty relevant to this topic;
Have they ever done ither of those to things?
And possibly a secondary question... why support a company that has basic bent over?
[ link to this | view in thread ]
Re: Re: "I know what to do about it besides bitch."
[ link to this | view in thread ]
Uhm, I've heard of the NSA tapdancing around being honest, but now they've upped their game to contradicting themselves in the same sentence?!?
Let's protect the privacy of Americans by targeting, collecting, processing, exploiting[!], and retaining private information!!!
[ link to this | view in thread ]
Re: Re: Re:
If you're encapsulating (such as through a VPN), then the entire stream is encrypted. This isn't logically relevant to my point, though. You can tunnel traffic (including ICMP) through a VPN, but the encapsulating layer itself is then the "real" network, and you can't encrypt ICMP there unless you also run that through a VPN, in which case the upper-level encapsulator becomes the "real" network, and you can't encrypt ICMP there, and so on and so forth.
My point is that ultimately, at some level, you must have ICMP and control structures (packet headers, etc.) sent in the clear in order for the routers and other machinery to work.
[ link to this | view in thread ]
Re:
Why do you think that? It's exactly what they did to to Joseph Nacchio, the CEO of Qwest, for not allowing them to do mass surveillance.
[ link to this | view in thread ]