NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks
from the here-we-go dept
While NSA boss Keith Alexander issued a misleading denial of this morning’s report of how the NSA has infiltrated Yahoo and Google’s networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren’t quite said while refusing to address the actual point:
NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.
The assertion that we collect vast quantities of US persons’ data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.
NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.
Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they’re protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they’re going to use this loophole to search them:
“If we’re validly targeting foreigners and we happen to collect communications of Americans, we don’t have to close our eyes to that,” Litt said. “I’m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we’ve already collected.”
So, for all the claims that this kind of information will be “minimized,” it certainly looks like they’ve already admitted they don’t do that.
Meanwhile, that Guardian article that has the NSA’s response also has responses from the 3 other players in this drama. There’s the UK’s GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn’t want to say a damn thing:
“We are aware of the story but we don’t have any comment.”
Google, however, was reasonably furious about this story.
In a statement, Google’s chief legal officer, David Drummond, said the company was “outraged” by the latest revelations.
“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.
“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
Yahoo’s response, unfortunately, was a lot more restrained and not particularly on point.
“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is.
Hopefully, this means that Google and Yahoo will stop just focusing on getting more “transparency” out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.
Filed Under: executive order 12333, gchq, infiltrate, keith alexander, networks, nsa, nsa surveillance, section 702
Companies: google, yahoo
Comments on “NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks”
I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.
Re: "I know what to do about it besides bitch."
Anonymous Coward, Oct 30th, 2013 @ 3:05pm
I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.
What exactly do you do? Inquiring minds want to know!
And why, since you clearly agree with me about the invasion from those mega-corporations, the vague but unnecessary dig?
Re: Re: "I know what to do about it besides bitch."
He has the mental capacity to use the many available alternatives and get on with his meaningful life.
Re: Re: "I know what to do about it besides bitch."
I thought vague but unnecessary dig was your middle name 😀
Insider trading?
I’m still shocked no one has thought to invoke the SEC in all of this.
Given the vast amounts of searchable, private, and no doubt high percentage of public company email and attachment info NSA employees have at their searchable disposal (with no meaningful insider oversight), how many trades by employees and contractors were based on insider information?
Or does the agency itself maintain shell accounts?
Seems like a good source of funding. And a potential avenue of investigation…
All network traffic should start having end-to-end encryption, even if it is something as simple as a ‘ping’ it should all be encrypted.
Re: Re:
You can’t encrypt a ping — it’s at the wrong network layer. Also, it’s pointless to do so. A ping packet contains no sensitive information, and every router between you and the destination machine has to be able to look at the contents of the ping packet in order for pinging to work.
Re: Re: Re:
That’s not just ping but all ICMP traffic.
Re: Re: Re:
Actually you can encrypt pings and every other packet using IPSec and other encrypted VPN technologies.
Re: Re: Re: Re:
And you can use IPSEC without making it a VPN (IPSEC has “transport mode” which only encrypts/authenticates, but does not encapsulate).
There is only one thing you cannot encrypt: IKE, which does the IPSEC key negotiation (and has its own built-in encryption). As a consequence, you cannot also encrypt some ICMP traffic related to your IKE traffic.
Re: Re: Re: Re:
Yes, I was oversimplifying a bit. This stuff get hard to discuss with brevity and clarity.
If you’re encapsulating (such as through a VPN), then the entire stream is encrypted. This isn’t logically relevant to my point, though. You can tunnel traffic (including ICMP) through a VPN, but the encapsulating layer itself is then the “real” network, and you can’t encrypt ICMP there unless you also run that through a VPN, in which case the upper-level encapsulator becomes the “real” network, and you can’t encrypt ICMP there, and so on and so forth.
My point is that ultimately, at some level, you must have ICMP and control structures (packet headers, etc.) sent in the clear in order for the routers and other machinery to work.
Google doesn't say gov't doesn't get the data!
Just this carefully mis-leading “We do not provide any government, including the US government, with access to our systems.” — RIGHT, Google just delivers to them the DATA those systems glean.
The Google-Borg. Assimilating your privacy since 1998.
11:37:11[m-370-2]
Very disappointed in Marissa Mayer. Last I checked she seemed scared shitless about doing anything against NSA, because “she might go to prison”.
Give me a break. They wouldn’t send the CEO’s of Yahoo or Google to prison for not allowing them to do mass surveillance. If they did, then you’d have proof US is a totalitarian state, where they can send anyone they want on a whim to prison.
Re: Re:
Why do you think that? It’s exactly what they did to to Joseph Nacchio, the CEO of Qwest, for not allowing them to do mass surveillance.
‘the company will realize just how bad this situation is.’
you dont think receiving an unprecedented number of complaints might work? how about an unprecedented number of people telling Yahoo to take a hike?
You raise a good point Mike. The NSA will just intercept American communications using foreign allies.
If I were the NSA, I’d just outsource American data collecting to the GCHQ or Israel.
Then all the spy agencies can just share information with each other, under the infinity-eyes agreement.
Re: Re:
ever heard of echelon? They already farm it out.
Finally, Google is getting angry
Actually I think they’ve been angry for a while, but have been holding it in for the sake of getting along with the US Government (who, after all, has their nuts in a vise).
But, at last, they’re getting public about their anger.
Now – fight back. Put a request on some of that nice white space at http://google.com asking their customers to call their congressmen and senators.
Re: Finally, Google is getting angry
Oh – and ask for Ed Snowden to get the Presidential Medal of Freedom, too.
The difference between Google and Yahoo
There is one important difference between Google and Yahoo which can explain the different visible reaction: from what I have heard, at Google the engineers are much closer to the management. The top management itself is a pair of computer scientists. So when the Google engineers “exploded in profanity”, as mentioned in a previous post, some of that leaks through the management.
Tell that to raging engineers engaged in all sorts of profanities… I do hope such profanities are converted into large difficulties to the NSA. If anything Google is pissed off enough to give the middle finger to quite a few players out there including but not limited to the US Govt, the MAFIAA etc
mmm....
Become more aware and going to court? Build better security?
Since its Halloween here in the states and Blade is a favorite of mine… “… Who do you think let them in asshole!?!?”
I praise ya for looking for solutions to issues Mike, I truly truly do and yet ya might want dig a little deeper in corporate sovereignty and ask something pretty relevant to this topic;
Have they ever done ither of those to things?
And possibly a secondary question… why support a company that has basic bent over?
” NSA applies [an] approved processes to protect the privacy of US persons ? minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. “
Uhm, I’ve heard of the NSA tapdancing around being honest, but now they’ve upped their game to contradicting themselves in the same sentence?!?
Let’s protect the privacy of Americans by targeting, collecting, processing, exploiting[!], and retaining private information!!!