NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks

from the here-we-go dept

While NSA boss Keith Alexander issued a misleading denial of this morning's report of how the NSA has infiltrated Yahoo and Google's networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren't quite said while refusing to address the actual point:

NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post's assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.

The assertion that we collect vast quantities of US persons' data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.

NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only.

Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they're protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they're going to use this loophole to search them:

"If we're validly targeting foreigners and we happen to collect communications of Americans, we don't have to close our eyes to that," Litt said. "I'm not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we've already collected."

So, for all the claims that this kind of information will be "minimized," it certainly looks like they've already admitted they don't do that.

Meanwhile, that Guardian article that has the NSA's response also has responses from the 3 other players in this drama. There's the UK's GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn't want to say a damn thing:

"We are aware of the story but we don't have any comment."

Google, however, was reasonably furious about this story.

In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations.

"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," he said.

"We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."

Yahoo's response, unfortunately, was a lot more restrained and not particularly on point.

"We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."

Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is.

Hopefully, this means that Google and Yahoo will stop just focusing on getting more "transparency" out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.

Filed Under: executive order 12333, gchq, infiltrate, keith alexander, networks, nsa, nsa surveillance, section 702
Companies: google, yahoo