NSA leverages relationships with commercial partners to collect vast quantities of data from fibre-optic cables, file shows
The key role private companies play in National Security Agency surveillance programs is detailed in a top-secret document provided to the Guardian by whistleblower Edward Snowden and published for the first time on Friday.
One slide in the undated PowerPoint presentation, published as part of the Guardian’s NSA Files: Decoded project, illustrates the number of intelligence reports being generated from data collected from the companies.
Between them, the three companies accounted for more than 2,000 reports in that period – all but a tiny fraction of the total produced under one of the NSA‘s main foreign intelligence authorities, the Fisa Amendents Act (FAA).
It is unclear how the information in the NSA slide relates to the companies’ own transparency reports, which document the number of requests for information received from authorities around the world.
Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies’ co-operation was “legally compelled”.
But this week the Washington Post reported that the NSA and its UK equivalent GCHQ has been secretly intercepting the main communication links carrying Google and Yahoo users’ data around the world, and could collect information “at will” from among hundreds of millions of user accounts.
The NSA’s ability to collect vast quantities of data from the fibre-optic cables relies on relationships with the companies, the document published on Friday shows.
The presentation, titled “Corporate Partner Access” was prepared by the agency’s Special Source Operations division, which is responsible for running those programs.
In an opening section that deals primarily with the telecom companies, the SSO baldly sets out its mission: “Leverage unique key corporate partnerships to gain access to high-capacity international fiber-optic cables, switches and/or routes throughout the world.”
The NSA is helped by the fact that much of the world’s communications traffic passes through the US or its close ally the UK – what the agencies refer to as “home-field advantage”.
The new revelations come at a time of increasing strain in relations between the intelligence community and the private sector. Google and Yahoo reacted angrily on Wednesday to the Washington Post’s report on the interception of their data.
The Guardian approached all three companies for comment on the latest document.
“This points out once again the need for greater transparency,” a Google spokesman said.
He referred to a letter the company and other Silicon Valley giants sent to the Senate judiciary committee on Thursday. “The volume and complexity of the information that has been disclosed in recent months has created significant confusion here and around the world, making it more difficult to identify appropriate policy prescriptions,” the letter said.
A Microsoft spokesperson said: “We are deeply disturbed by these allegations, and if true they represent a significant breach of trust by the US and UK governments. It is clear that there need to be serious reforms to better protect customer privacy.”
Yahoo had not responded by the time of publication.
The companies are also fighting through the courts to be allowed to release more detailed figures for the number of data requests they handle from US intelligence agencies. Along with AOL, Apple and Facebook, they wrote to the Senate judiciary committee this week calling for greater transparency and “substantial” reform of the NSA.
Google, the first to publish a transparency report, has reported US authorities’ requests for user data increased by 85% between 2010 and 2012 (from 8,888 in 2010 to 16,407 in 2012). But the vast majority of those are requests from local law enforcement looking for information about potential drug traffickers, fraudsters and other domestic criminal activity.
Legally compelled NSA request relating to foreign terrorist targets, which none of the firms are allowed to disclose, are thought to represent a tiny fraction of the overall figure.
While the internet companies are listed by name in the NSA document, the telecoms companies are hidden behind covernames.
The names of these “corporate partners” are so sensitive that they are classified as “ECI” – Exceptionally Controlled Information – a higher classification level than the Snowden documents cover. Artifice, Lithium and Serenade are listed in other documents as covernames for SSO corporate partners, while Steelknight is described as an NSA partner facility.
In a statement defending its surveillance programs, the NSA said: “What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them. US service provider communications make use of the same information superhighways as a variety of other commercial service providers.
“NSA must understand and take that into account in order to eliminate information that is not related to foreign intelligence.
“NSA works with a number of partners and allies in meeting its foreign-intelligence mission goals, and in every case those operations comply with US law and with the applicable laws under which those partners and allies operate.”
UPDATE: Microsoft issued a further statement after publication of the Guardian’s story. A spokesperson said: “Microsoft only discloses customer data when served with valid legal orders and in June we published a complete view of the volume of orders we received from the US government.
“But it is clear that much more transparency is needed to help the companies and their customers understand these issues.”