The latest documents to be leaked via whistleblower Edward Snowden suggest that the US National Security Agency (NSA) and GCHQ have tapped the communications networks of popular internet companies.
“Top secret” documents published in the Washington Post newspaper indicate that GCHQ and the NSA have cracked the encrypted links that connect the respective data centres of Yahoo and Google, enabling both state espionage organisations to conduct surveillance at will on the users of Google’s and Yahoo’s services.
Called Project MUSCULAR, the documents flatly contradict denials by the NSA that it only conducts surveillance with the correct legal authority of the secret FISA Court, and that its spying activities go much further than it has ever admitted.
The documents are less than one year old, but indicate that the NSA is able to crack, at will, the SSL security that connects users to the services of Google, Yahoo and other internet companies.
“For the MUSCULAR project, the GCHQ directs all intake into a ‘buffer’ that can hold three to five days of traffic before recycling storage space. From the buffer, custom-built NSA tools unpack and decode the special data formats that the two companies use inside their clouds.
Then the data is sent through a series of filters to ‘select’ information the NSA wants and ‘defeat’ what it does not,” writes the Washington Post.
“According to a top secret accounting dated 9 January 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters,” it added.
It continued: “In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records – ranging from ‘metadata’, which would indicate who sent or received emails and when, to content such as text, audio and video.”
The surreptitious access to Google and Yahoo networks comes in addition to the access it enjoys, almost at will, under the Prism programme, which requires a court-approved process.
In a statement, Google claimed that it was “troubled by allegations of the government intercepting traffic between our data centres, and we are not aware of this activity. We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.
A Yahoo spokesperson, meanwhile, said: “We have strict controls in place to protect the security of our data centres, and we have not given access to our data centres to the NSA or to any other government agency.”
The use of GCHQ to help collect data indicates not only that the NSA is downloading personal information about British users, but also seeking to circumvent US constitutional bars against domestic surveillance.