A new report from the Post's Barton Gellman and Ashkan Soltani reveals that the NSA has been tapping into the primary communications links that connect Yahoo and Google data centers around the world. That allowed the agency to collect metadata and content from hundreds of millions of user accounts -- including many belonging to American citizens and residents.
The NSA already had robust front door access to those companies via PRISM. So why did it need a back door?
There are some obvious reasons: The operations take place overseas, where many statutory restriction on surveillance don't apply -- and where the Foreign Surveillance Intelligence Court (FISC) has no jurisdiction. In fact, the FISC ruled a similar, smaller scale program involving cables on U.S. territory illegal in 2011. So if the NSA decides to harvest that data on foreign soil, it can skip most of the oversight mechanisms.
Data are an essentially global commodity, and the backup processes of companies often mean that data is replicated many places across the world. So just because you sent an e-mail in the U.S., doesn't mean it will always stay within the nation's borders for its entire life in the cloud.
The PRISM program, revealed earlier this year by the Post and the Guardian, provided the NSA access to huge volumes of online communications from nine technology companies including Yahoo and Google by legally compelling them to turn over data matching court-approved search terms. Just yesterday, NSA chief Gen. Keith B. Alexander defended tech companies role in the PRISM program during a House Intelligence Committee hearing. "We have compelled industry to help us in this manner by court order," he argued, "and what they're doing is saving lives."
But the NSA may have preferred its back-door method of accessing the data because it was less visible to the technology companies holding the data. By accessing data without the knowledge of tech companies, it didn't have to worry that the volume of data iit was accessing could raise privacy alarm bells within those companies.
Both Yahoo and Google expressed concern about Gellman and Soltani's revelations and claimed the data link infiltration was done without their knowledge. In a statement to the Post, Google said it was "troubled" by the allegations and they were "not aware of this activity." Similarly, a Yahoo spokeswoman said the company had "not given access to our data centers to the NSA or to any other government agency."
Of course, it's also possible that the decision to collect the data wasn't part of any broader strategy. The NSA's mission is to collect and analyze foreign intelligence. Here, it had an opportunity to parse through a truly astounding amount of data. Over one 30-day period earlier this year, the agency collected 181,280,466 new records, including metadata and the actual content of e-mails. Scooping up data is deep in the NSA's DNA, and it may simply have been unable to help itself.