FacebookTwitterGoogle+RedditEmail

The NSA’s Invasion of Google and Yahoo Servers

by ALFREDO LOPEZ

What a week! Shortly after Secretary of State John Kerry admitted that maybe our government had gone “too far” in its surveillance programs, the Washington Post dropped another Edward Snowden bombshell demonstrating that it is going a whole lot farther than we knew.

If Kerry’s ersatz admission — couched in a defense of National Security Agency surveillance — provoked a collective yawn from many who follow these developments, the latest Snowden stuff snapped us to attention. The Post published an article detailing the NSA’s interception of information coming in and out of Google and Yahoo servers over non-public, internal network fibre optic lines. In December, 2012 alone, the program (revealingly called “MUSCULAR”) processed 181,280,466 Google and Yahoo records that included email, searches, videos and photos.

Up to now, the NSA has defended its actions by telling us it is combatting terrorism through the capture of data in a public space, the Internet, after obtaining court orders. This shows they were lying. MUSCULAR is the theft of about 25 percent of all Internet data from two of the most popular data handling companies with no court orders or advisories in complete defiance of the law and our rights. It is, quite simply, government gangsterism.

And it brings into focus the most important question: why? Because this isn’t about counter-terrorism, not with that many records and their surreptitious capture. This is about surveillance and analysis of the daily communications of an entire country and much of the world.

The technology of MUSCULAR, a program jointly carried on by the NSA and its British counterpart, isn’t hard to explain. Essentially, technologists at the spy agency have figured out a way to intercept data being exchanged among servers that store everything you do on Google and Yahoo.

Here’s the difference between this and other previously revealed spying programs. Your data travels over the Internet to get to those servers and be stored there. For others to see what data you’ve stored, it must travel out, again over the Internet. That’s legally protected data and the NSA (at least theoretically) needs a court order to remove it from those servers. The FISA court (the NSA’s blessing source) almost always rubber stamps NSA requests so it’s pretty easy to conduct that kind of data extraction but at least there is still a record of what the NSA is looking for and why and some grounds for taking legal action against it.

Muscular doesn’t go near the data as it’s travelling on the Internet or while it’s on those servers. Instead it intercepts data that’s already been stored and is travelling through non-public connections between each company’s many servers as the companies synchronize stored data or transfer it internally. Internet giants like Google transfer data among their servers constantly in networks of servers known as (you’ve heard it before) “clouds”. This constant transfer helps distribute server activity so that a sudden spike in requests for data on a particular server doesn’t crash it (called “load management”) or for maintenance, security and other reasons. To do this they use special fibre-optic wires that connect their various servers and are not publicly available.

The data transferred among these servers is typically encoded so nobody can read it without having the decoding keys. That’s a security measure. According to these reports, the NSA has figured out a way to de-code those formats, then captures the data being transferred by tapping into these internal connections and then, without anyone outside the NSA knowing it, decodes the stuff and analyses it to decide what, if anything, they want to do with it. If they decide to store it, they have several NSA storage centers that can easily handle it. They then allow the data to resume its journey. It all happens in micro-seconds.

This is typically called a “man in the middle interception” and it’s like tapping the wire between your computer and an external hard drive you use for storage — except multiplied hundreds of millions of times.

“I knew the NSA drawing was real from the smiley-face,” wrote Slate’s David Auerbach, referring to the Internet smile icon used in the leaked diagram and replicated above [2]. “Only an eager and myopic software engineer — seeing the interception of Google and Yahoo’s data as a challenge and game rather than as a security and political matter — would make such a light-hearted and self-satisfied gesture at the prospect of hacking into Google’s internal servers.”

Of course, it’s not a game. It is a highly sophisticated and intentionally intrusive method of data-gathering: spycraft at its most pernicious performed constantly on the email, photos, videos and other data posted by the people of this country (and many others).

NSA chief Keith Alexander was immediately dispatched to issue his predictable disclaimers: “It would be illegal for us to do that. So, I don’t know what the report is,” he told a cyber-security conference last week. [3] “But I can tell you factually we do not have access to Google servers, Yahoo servers. We go through a court order.” Alexander has proven himself a master of evasion in the past but this was a doozy. This is about tapping wires not accessing servers.

Officials at both Google and Yahoo tried to put make-up on their black eyes through statements of outrage, calls for “restraint”, and assurance that they were not “advised” of a massive surveillance effort they would never have approved. But the point is that it’s happening and their PR-driven assurances to users that our data is safe mean absolutely nothing.

What a mess! In the space of two weeks, President Obama publicly states that he didn’t know the extent of the spying but will aggressively “look into it”. Secretary Kerry admits it may have gone too far but it’s all in a good cause. Alexander side-stepped comment on the real revelation and his National Security Advisor boss James Clapper seemed intent on avoiding the issue entirely be issuing another of his famous non-denial statements. In fact, the non-denials were bouncing like a bunch of ping-pong balls during an earthquake — colliding with each other in a nonsensical frenzy. That was coupled with the flow of rhetorical outrage emanating from many governments as Snowden information made clear that surveillance was being conducted on everything from Spanish citizens’ email accounts to the personal emails (and perhaps phone calls) of German chancellor Angela Merkel.

Obviously, data gathering of this scope isn’t about catching terrorists. That certainly could be part of the outcome but there’s no way you analyze over 183 million pieces of data in a month to identify crazies. Something else is going on.

Post reporter Bart Gellman, who broke the story, told PBS [4] that “…on its face I don’t see any evidence that they’re flouting the law here. They’re using it in ways that the companies and the public didn’t expect.” But that challenges logic. Going into a company’s internal systems to remove data without that company’s knowledge sure seems illegal. At the very least, it reflects a disturbing cynicism on the Administration’s part about the spirit of the law and what privacy laws tell our government about how it should relate to its citizens.

The question, however, isn’t whether this is legal but what the Obama Administration is trying to do with the definition of legality. The history of this Administration demonstrates that it’s preparing for some very troubled times and its preparations are obscenely repressive. With an economy that simply cannot return 25 million unemployed people to work, the massive retrenchment of people’s rights, the slashing of our social safety nets, a society ripped apart by the frantic hysteria of weekly domestic terrorism, an insane but growing extreme right-wing and a Congress that has no popular support and is no longer governing anyone, the eruption of massive protest and resistance in every corner of the society is no surprise. Nor does it take much vision to predict that things are going to get a whole lot hotter.

The politically powerful are involved in an intense debate about how to govern this society while the social contract it has used to govern in the past can’t be met. The debate rages but it’s clear that all sides are talking about a more restrictive society. The key to such repression is data capture. No matter how intense and widespread this repression turns out to be, they have the data they need to make all options possible including the crushing of protest movements. Do we trust them not to use the data that way?

In past contributions to these web pages, I’ve written that, while we are not in a police state, the government has constructed an apparatus capability of turning this country into one with a flip of its legal switch.

That’s the meaning of the MUSCULAR revelations. As far as data is concerned, everything is in place.

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

More articles by:

CounterPunch Magazine

minimag-edit

bernie-the-sandernistas-cover-344x550

zen economics

April 26, 2017
Richard Moser
Empire Abroad, Empire At Home
Stan Cox
For Climate Justice, It’s the 33 Percent Who’ll Have to Pick Up the Tab
Paul Craig Roberts
The Looting Machine Called Capitalism
Lawrence Davidson
The Dilemma for Intelligence Agencies
Christy Rodgers
Remaining Animal
Joseph Natoli
Facts, Opinions, Tweets, Words
Mel Gurtov
No Exit? The NY Times and North Korea
Alexandra Isfahani-Hammond
Women on the Move: Can Three Women and a Truck Quell the Tide of Sexual Violence and Domestic Abuse?
Michael J. Sainato
Trump’s Wikileaks Flip-Flop
Manuel E. Yepe
North Korea’s Antidote to the US
Kim C. Domenico
‘Courting Failure:’ the Key to Resistance is Ending Animacide
Barbara Nimri Aziz
The Legacy of Lynne Stewart, the People’s Lawyer
Andrew Stewart
The People vs. Bernie Sanders
Daniel Warner
“Vive La France, Vive La République” vs. “God Bless America”
April 25, 2017
Russell Mokhiber
It’s Impossible to Support Single-Payer and Defend Obamacare
Nozomi Hayase
Prosecution of Assange is Persecution of Free Speech
Robert Fisk
The Madder Trump Gets, the More Seriously the World Takes Him
Giles Longley-Cook
Trump the Gardener
Bill Quigley
Major Challenges of New Orleans Charter Schools Exposed at NAACP Hearing
Jack Random
Little Fingers and Big Egos
Stanley L. Cohen
Dissent on the Lower East Side: the Post-Political Condition
Stephen Cooper
Conscientious Justice-Loving Alabamians, Speak Up!
Michael J. Sainato
Did the NRA Play a Role in the Forcing the Resignation of Surgeon General?
David Swanson
The F-35 and the Incinerating Ski Slope
Binoy Kampmark
Mike Pence in Oz
Peter Paul Catterall
Green Nationalism? How the Far Right Could Learn to Love the Environment
George Wuerthner
Range Riders: Making Tom Sawyer Proud
Clancy Sigal
It’s the Pits: the Miner’s Blues
Robert K. Tan
Abe is Taking Japan Back to the Bad Old Fascism
April 24, 2017
Mike Whitney
Is Mad Dog Planning to Invade East Syria?    
John Steppling
Puritan Jackals
Robert Hunziker
America’s Tale of Two Cities, Redux
David Jaffe
The Republican Party and the ‘Lunatic Right’
John Davis
No Tomorrow or Fashion-Forward
Patrick Cockburn
Treating Mental Health Patients as Criminals
Jack Dresser
An Accelerating Palestine Rights Movement Faces Uncertain Direction
George Wuerthner
Diet for a Warming Planet
Lawrence Wittner
Why Is There So Little Popular Protest Against Today’s Threats of Nuclear War?
Colin Todhunter
From Earth Day to the Monsanto Tribunal, Capitalism on Trial
Paul Bentley
Teacher’s Out in Front
Franklin Lamb
A Post-Christian Middle East With or Without ISIS?
Kevin Martin
We Just Paid our Taxes — are They Making the U.S. and the World Safer?
Erik Mears
Education Reformers Lowered Teachers’ Salaries, While Promising to Raise Them
Binoy Kampmark
Fleeing the Ratpac: James Packer, Gambling and Hollywood
Weekend Edition
April 21, 2017
Friday - Sunday
Diana Johnstone
The Main Issue in the French Presidential Election: National Sovereignty
FacebookTwitterGoogle+RedditEmail