Snowden document reveals key role of companies in NSA data collection

ScreenHunter_97 Nov. 02 10.15

NSA leverages relationships with commercial partners to collect vast quantities of data from fibre-optic cables, file shows

Tapping fibre-optic cables – see the NSA slide

NSA HQ at Fort Meade, Maryland

Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies. Photograph: Paul J Richards/AFP

The key role private companies play in National Security Agency surveillance programs is detailed in a top-secret document provided to the Guardian by whistleblower Edward Snowden and published for the first time on Friday.

One slide in the undated PowerPoint presentation, published as part of the Guardian’s NSA Files: Decoded project, illustrates the number of intelligence reports being generated from data collected from the companies.

In the five weeks from June 5 2010, the period covered by the document, data from Yahoo generated by far the most reports, followed by Microsoft and then Google.

Between them, the three companies accounted for more than 2,000 reports in that period – all but a tiny fraction of the total produced under one of the NSA‘s main foreign intelligence authorities, the Fisa Amendents Act (FAA).

It is unclear how the information in the NSA slide relates to the companies’ own transparency reports, which document the number of requests for information received from authorities around the world.

Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies’ co-operation was “legally compelled”.

But this week the Washington Post reported that the NSA and its UK equivalent GCHQ has been secretly intercepting the main communication links carrying Google and Yahoo users’ data around the world, and could collect information “at will” from among hundreds of millions of user accounts.

The NSA’s ability to collect vast quantities of data from the fibre-optic cables relies on relationships with the companies, the document published on Friday shows.

The presentation, titled “Corporate Partner Access” was prepared by the agency’s Special Source Operations division, which is responsible for running those programs.

In an opening section that deals primarily with the telecom companies, the SSO baldly sets out its mission: “Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world.”

The NSA is helped by the fact that much of the world’s communications traffic passes through the US or its close ally the UK – what the agencies refer to as “home-field advantage”.

The new revelations come at a time of increasing strain in relations between the intelligence community and the private sector. Google and Yahoo reacted angrily on Wednesday to the Washington Post’s report on the interception of their data.

The Guardian approached all three companies for comment on the latest document.

“This points out once again the need for greater transparency,” a Google spokesman said.

He referred to a letter the company and other Silicon Valley giants sent to the Senate judiciary committee on Thursday. “The volume and complexity of the information that has been disclosed in recent months has created significant confusion here and around the world, making it more difficult to identify appropriate policy prescriptions,” the letter said.

A Microsoft spokesperson said: “We are deeply disturbed by these allegations, and if true they represent a significant breach of trust by the US and UK governments. It is clear that there need to be serious reforms to better protect customer privacy.”

Yahoo had not responded by the time of publication.

The companies are also fighting through the courts to be allowed to release more detailed figures for the number of data requests they handle from US intelligence agencies. Along with AOL, Apple and Facebook, they wrote to the Senate judiciary committee this week calling for greater transparency and “substantial” reform of the NSA.

Google, the first to publish a transparency report, has reported US authorities’ requests for user data increased by 85% between 2010 and 2012 (from 8,888 in 2010 to 16,407 in 2012). But the vast majority of those are requests from local law enforcement looking for information about potential drug traffickers, fraudsters and other domestic criminal activity.

Legally compelled NSA request relating to foreign terrorist targets, which none of the firms are allowed to disclose, are thought to represent a tiny fraction of the overall figure.

While the internet companies are listed by name in the NSA document, the telecoms companies are hidden behind covernames.

The names of these “corporate partners” are so sensitive that they are classified as “ECI” – Exceptionally Controlled Information – a higher classification level than the Snowden documents cover. Artifice, Lithium and Serenade are listed in other documents as covernames for SSO corporate partners, while Steelknight is described as an NSA partner facility.

In a statement defending its surveillance programs, the NSA said: “What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them. US service provider communications make use of the same information superhighways as a variety of other commercial service providers.

“NSA must understand and take that into account in order to eliminate information that is not related to foreign intelligence.

“NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with US law and with the applicable laws under which those partners and allies operate.”

UPDATE: Microsoft issued a further statement after publication of the Guardian’s story. A spokesperson said: “Microsoft only discloses customer data when served with valid legal orders and in June we published a complete view of the volume of orders we received from the US government.

“But it is clear that much more transparency is needed to help the companies and their customers understand these issues.”

Categories: Cyber Security, Intelligence Gathering

Tags: , , , , , , ,

3 replies

  1. Another thing to do. The BEST virus/spy protection is Kaspersky.
    McFee says it is coming out with one that is better….wait ‘n’ see.
    Norton is Okay….
    But, Kaspersky is better and they are the same price.
    Kaspersky can be bought at Best Buy.

    The ghing I like most about Gmail (Google):
    You can go to the “history section” and “delete all the articles you have made comments on.
    There is also an “incognito” search on Gmail that will NOT show your cookies.



  2. Your friends who are not used to security measures will get ticked off for you asking them to follow all of your protocol…but believe me….IF they don’t understand now what is at stake, you’ll have to tell them, “I’m sorry, but we are in dangerous times now and IF you don’t want to abide by the security measures….don’t get in touch with me and I’ll take you off of my list.
    Good Luck to you.


    I have had the same Yahoo email address for years. I NEVER SIGN OUT.
    About a month ago, I couldn’t sign in. I looked back in my files to see if I had changed my password. I hadn’t.
    “Password not strong enough” was the message I kept getting.
    Finally, I made a “37 character” password with Capital letters, small case letters, numbers and symbols intermingled between all of the letters.

    Yahoo then said, “We need your cell phone number and photo ID.”

    I told them to delete my account. I fear I was online too long and they did get my URL address and location.

    Gmail (Google) has not done a thing wrong (yet)…except for changing the damn way Gmail is created … they do this every few months…irritates the hell outta me…guess the Geek Squad gets bored.

    Please REMEMBER this:
    Always email out BCC;
    When you do get what would be considered a sensitive email about Obama before forwarding, “change the title.” That is what they watch for.

    You will be able to see who sent it. FIRST, call or email them to ask them, did you send me a “blank email?” EVERY TIME I HAVE ASKED THIS…..THEY DID NOT!

    This was the first time I have seen this…and it scared the b-Jezuz outta me.
    I did receive an email from a friend I know very well. It was some stupid story that she knows I don’t like.
    As I hit return to reply, “why did you send me this?”
    WHEN I HIT “SEND”, her name disappeared and some other person’s name appeared in the TO SECTION!


%d bloggers like this: