TOPICS > Politics

NSA ‘taking full advantage’ of spying laws to tap into Yahoo, Google traffic

October 31, 2013 at 12:00 AM EDT
Documents leaked by former NSA contractor Edward Snowden claim the NSA and its British counterpart tapped fiber-optic cables connected to Google and Yahoo data centers, gaining access to metadata from user accounts. Gwen Ifill talks to The Washington Post's Barton Gellman about the legality of the NSA alleged actions.

GWEN IFILL: Newly published information leaked by former NSA contractor Edward Snowden is reinforcing the notion that U.S. spying spreads wide and goes deep.

The latest bombshell, partly denied by the Obama administration, appears in The Washington Post. It says U.S. intelligence agencies have gained access to hundreds of millions of Google and Yahoo! user accounts by secretly tapping into company data centers. Late today, six top tech companies Yahoo!, Google, AOL, Apple, Microsoft, and Facebook, sent a letter to Congress, calling for enhanced privacy protections.

Barton Gellman broke the story for The Washington Post.

Welcome, Bart Gellman. How are you? Welcome to the NewsHour.

What is the difference between what you’re reporting that happened and what the White House and the administration is pushing back at and saying didn’t happen?

BARTON GELLMAN, The Washington Post: Well, there have been several versions of it, but so far they have not actually denied any of the facts stated in the story.

Related Video

Yesterday, General Alexander, the head of the NSA, denied that the NSA is tapping into the servers or databases or data centers of Google and Yahoo!. That’s not what we said. What we said is, they’re tapping into the traffic that’s between the data center here and the data center there. So they’re capturing the data as it moves across the net, not in storage, where it’s at rest.

GWEN IFILL: How does this work? This works in the cloud, I suppose. And it also works in collaboration with the British government. Is that it?


They’re using a what they call a signals intelligence address or activity designator, which just means a place and program from which they’re tapping the data. We don’t know where it is. We don’t know exactly how it is. The evidence we have, besides them saying so in their own documents that they’re doing it, is that they are seeing things that don’t exist on the public Internet, that exist only in the cloud that belong to Google or belong to Yahoo!.

What that means is their internal systems don’t ever touch the public Internet. They have private fiberoptic cable, private systems that transmit the data back and forth. They’re seeing things in special formats that are used by Google and Yahoo! to move their own day they that they couldn’t see anywhere else.

GWEN IFILL: Now, we heard earlier in the series of revelations about NSA surveillance that, in fact, they had to go to a court and the court had to give permission for them to seek information from some of these tech companies, some of whom provided the information, some of whom didn’t. How is this different?

BARTON GELLMAN: Well, it’s different because if you want to tap into communications from a place inside the United States on U.S. territory, you have to have — you have to do it under either FISA authority or what’s called transit authority, but, in general, you can’t just bulk-collect information that would reside in a database of Yahoo! or Google.

If you’re doing it from overseas, different rules apply. You’re not relying on statutory authority. You’re not relying on the FISA court. Instead, you’re relying solely on presidential authority under Executive Order 12333. And there, the rules are a little bit different. And when you’re tapping into a foreign access point, you’re allowed to presume legally, if you’re the NSA, that the people using that foreign access point are foreigners.


BARTON GELLMAN: … because of the way the…


GWEN IFILL: So, in that case, this is not…


BARTON GELLMAN: … way that data moves across — go ahead, please.


In — so, in this case, what you’re saying is what they did is not illegal because it was — involved international networks?

BARTON GELLMAN: Well, it’s a bit of a rough analogy, but if your — your accountant would say you’re allowed to avoid taxes. You’re not allowed to evade them.

So they’re taking full advantage of the rules as they interpret them. There are some outside surveillance lawyers who say it may raise some interesting questions about lawfulness, but on its face I don’t see any evidence that they’re flouting the law here. They’re using it in ways that the companies and the public didn’t expect.

GWEN IFILL: Well, that’s exactly what it is. So tell me what kind of information they’re getting. Are they actually getting information from people’s accounts? Do we even know? Or is this just the fact that they have the ability to get this information?

BARTON GELLMAN: Well, we don’t know how much they’re keeping. But the way the law works, as soon as you touch it, as soon as you divert the information from where it’s been going into a pot that you control, that’s called acquisition. That’s collection and that is restricted by law.

Now, we have changed the law after 9/11 to say just that it’s OK to — it’s OK to collect information from U.S. facilities, because lots of foreign traffic passes through there. We have not added restrictions because a lot of Americans’ traffic passes through foreign switches.

So, we now have this global Internet, and so you could be sitting in Boise and log on to your Yahoo! account or your Google account, and you’re actually talking to a server in Finland, which is getting information from a data center in South America. And so the information in your account is also being synchronized across all those data centers. And so, as it moves across, you could have five years of e-mails packaged up moving across the wire, and this program will intercept it.

Whether they keep it and under what circumstances, all those rules are classified.

GWEN IFILL: So we don’t really know whether they’re actually holding on to this information, just that they have the ability to collect it. How are the companies responding to this? We saw that they’re writing letters to Congress asking for more transparency. But how do they protect us?

BARTON GELLMAN: Well, Google and Yahoo! are responding in slightly different ways.

I mean, Google executives are clearly, openly very angry about this. And engineers I have talked to who are closely familiar with Google’s internals were, as I said in the story, quite profane. They exploded in these very angry reactions when they realized what was being done to them.

And Google is now accelerating its efforts to encrypt all the traffic that flows between those data centers. Yahoo! simply gave a statement that it wasn’t aware of and didn’t cooperate in any of this, and it has not announced any efforts to prevent it.

GWEN IFILL: Barton Gellman writing for The Washington Post, thanks so much.

JUDY WOODRUFF: We had planned to bring you an interview with the director of national intelligence, James Clapper, tonight. That has been delayed while he holds meetings with lawmakers on Capitol Hill. We will reschedule it.