Citing confidential documents leaked by former sysadmin Edward Snowden, The Washington Post is reporting that the National Security Agency (NSA) is tapping fiber lines connecting global overseas data centers operated by Google and Yahoo.
"According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters," the Post writes.
"In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from 'metadata,' which would indicate who sent or received e-mails and when, to content such as text, audio and video."
The Post doesn't specify the method being used to access this data, but outlines several methods by which these interceptions could be accomplished:
- The NSA may have developed ways to tap directly into Google's privately owned network between its data centers.
- The NSA's British counterpart, GCHQ, may have induced or compelled a third-party operating a cable landing station, multi-tenant data center or Internet exchange to install surveillance equipment on Google's private cables.
These possibilities are laid out in an infographic prepared by The Washington Post.
“We have long been concerned about the possibility of this kind of snooping,” Google Chief Legal Officer David Drummond told Wired in a statement, "which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Google recently said an existing program to encrypt more data in transit was stepped up in June as Google sought to reassure consumers about the U.S. government’s access to data traveling across its network.
We'd like to hear from the data center community, so we welcome your comments. Does the Post's account sound feasible? What steps, if any, can be taken by data centers, cable landing firms and Internet exchange providers to address the methods described in the story?