NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks

from the here-we-go dept

While NSA boss Keith Alexander issued a misleading denial of this morning's report of how the NSA has infiltrated Yahoo and Google's networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren't quite said while refusing to address the actual point:
NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post's assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.

The assertion that we collect vast quantities of US persons' data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.

NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only.
Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they're protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they're going to use this loophole to search them:
"If we're validly targeting foreigners and we happen to collect communications of Americans, we don't have to close our eyes to that," Litt said. "I'm not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we've already collected."
So, for all the claims that this kind of information will be "minimized," it certainly looks like they've already admitted they don't do that.

Meanwhile, that Guardian article that has the NSA's response also has responses from the 3 other players in this drama. There's the UK's GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn't want to say a damn thing:
"We are aware of the story but we don't have any comment."
Google, however, was reasonably furious about this story.
In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations.

"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," he said.

"We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."
Yahoo's response, unfortunately, was a lot more restrained and not particularly on point.
"We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."
Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is.

Hopefully, this means that Google and Yahoo will stop just focusing on getting more "transparency" out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 3:05pm

    I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymoose, Oct 30th, 2013 @ 3:10pm

    Insider trading?

    I'm still shocked no one has thought to invoke the SEC in all of this.

    Given the vast amounts of searchable, private, and no doubt high percentage of public company email and attachment info NSA employees have at their searchable disposal (with no meaningful insider oversight), how many trades by employees and contractors were based on insider information?

    Or does the agency itself maintain shell accounts?

    Seems like a good source of funding. And a potential avenue of investigation...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 3:11pm

    All network traffic should start having end-to-end encryption, even if it is something as simple as a 'ping' it should all be encrypted.

     

    reply to this | link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Oct 30th, 2013 @ 3:37pm

    Google doesn't say gov't doesn't get the data!

    Just this carefully mis-leading "We do not provide any government, including the US government, with access to our systems." -- RIGHT, Google just delivers to them the DATA those systems glean.

    The Google-Borg. Assimilating your privacy since 1998.

    11:37:11[m-370-2]

     

    reply to this | link to this | view in thread ]

  5. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Oct 30th, 2013 @ 3:41pm

    Re: "I know what to do about it besides bitch."

    Anonymous Coward, Oct 30th, 2013 @ 3:05pm

    I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.


    What exactly do you do? Inquiring minds want to know!

    And why, since you clearly agree with me about the invasion from those mega-corporations, the vague but unnecessary dig?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 3:46pm

    Very disappointed in Marissa Mayer. Last I checked she seemed scared shitless about doing anything against NSA, because "she might go to prison".

    Give me a break. They wouldn't send the CEO's of Yahoo or Google to prison for not allowing them to do mass surveillance. If they did, then you'd have proof US is a totalitarian state, where they can send anyone they want on a whim to prison.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    John Fenderson (profile), Oct 30th, 2013 @ 4:01pm

    Re:

    You can't encrypt a ping -- it's at the wrong network layer. Also, it's pointless to do so. A ping packet contains no sensitive information, and every router between you and the destination machine has to be able to look at the contents of the ping packet in order for pinging to work.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 4:04pm

    Re: Re: "I know what to do about it besides bitch."

    He has the mental capacity to use the many available alternatives and get on with his meaningful life.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 4:05pm

    'the company will realize just how bad this situation is.'

    you dont think receiving an unprecedented number of complaints might work? how about an unprecedented number of people telling Yahoo to take a hike?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 4:56pm

    Re: Re:

    That's not just ping but all ICMP traffic.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 5:13pm

    Re: Re:

    Actually you can encrypt pings and every other packet using IPSec and other encrypted VPN technologies.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 6:02pm

    You raise a good point Mike. The NSA will just intercept American communications using foreign allies.

    If I were the NSA, I'd just outsource American data collecting to the GCHQ or Israel.

    Then all the spy agencies can just share information with each other, under the infinity-eyes agreement.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    OldMugwump (profile), Oct 30th, 2013 @ 6:59pm

    Finally, Google is getting angry

    Actually I think they've been angry for a while, but have been holding it in for the sake of getting along with the US Government (who, after all, has their nuts in a vise).

    But, at last, they're getting public about their anger.

    Now - fight back. Put a request on some of that nice white space at http://google.com asking their customers to call their congressmen and senators.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    OldMugwump (profile), Oct 30th, 2013 @ 7:01pm

    Re: Finally, Google is getting angry

    Oh - and ask for Ed Snowden to get the Presidential Medal of Freedom, too.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Oct 30th, 2013 @ 8:05pm

    Re:

    ever heard of echelon? They already farm it out.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Oct 31st, 2013 @ 2:35am

    Re: Re: Re:

    And you can use IPSEC without making it a VPN (IPSEC has "transport mode" which only encrypts/authenticates, but does not encapsulate).

    There is only one thing you cannot encrypt: IKE, which does the IPSEC key negotiation (and has its own built-in encryption). As a consequence, you cannot also encrypt some ICMP traffic related to your IKE traffic.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Oct 31st, 2013 @ 2:40am

    The difference between Google and Yahoo

    There is one important difference between Google and Yahoo which can explain the different visible reaction: from what I have heard, at Google the engineers are much closer to the management. The top management itself is a pair of computer scientists. So when the Google engineers "exploded in profanity", as mentioned in a previous post, some of that leaks through the management.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Ninja (profile), Oct 31st, 2013 @ 4:51am

    Tell that to raging engineers engaged in all sorts of profanities... I do hope such profanities are converted into large difficulties to the NSA. If anything Google is pissed off enough to give the middle finger to quite a few players out there including but not limited to the US Govt, the MAFIAA etc

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Chris in Utah (profile), Oct 31st, 2013 @ 5:11am

    mmm....

    Become more aware and going to court? Build better security?

    Since its Halloween here in the states and Blade is a favorite of mine... "... Who do you think let them in asshole!?!?"

    I praise ya for looking for solutions to issues Mike, I truly truly do and yet ya might want dig a little deeper in corporate sovereignty and ask something pretty relevant to this topic;

    Have they ever done ither of those to things?
    And possibly a secondary question... why support a company that has basic bent over?

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    The Groove Tiger (profile), Oct 31st, 2013 @ 8:26am

    Re: Re: "I know what to do about it besides bitch."

    I thought vague but unnecessary dig was your middle name :D

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Oct 31st, 2013 @ 8:59am

    " NSA applies [an] approved processes to protect the privacy of US persons minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. "

    Uhm, I've heard of the NSA tapdancing around being honest, but now they've upped their game to contradicting themselves in the same sentence?!?

    Let's protect the privacy of Americans by targeting, collecting, processing, exploiting[!], and retaining private information!!!

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    John Fenderson (profile), Oct 31st, 2013 @ 10:15am

    Re: Re: Re:

    Yes, I was oversimplifying a bit. This stuff get hard to discuss with brevity and clarity.

    If you're encapsulating (such as through a VPN), then the entire stream is encrypted. This isn't logically relevant to my point, though. You can tunnel traffic (including ICMP) through a VPN, but the encapsulating layer itself is then the "real" network, and you can't encrypt ICMP there unless you also run that through a VPN, in which case the upper-level encapsulator becomes the "real" network, and you can't encrypt ICMP there, and so on and so forth.

    My point is that ultimately, at some level, you must have ICMP and control structures (packet headers, etc.) sent in the clear in order for the routers and other machinery to work.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    John Fenderson (profile), Oct 31st, 2013 @ 11:03am

    Re:

    They wouldn't send the CEO's of Yahoo or Google to prison for not allowing them to do mass surveillance.


    Why do you think that? It's exactly what they did to to Joseph Nacchio, the CEO of Qwest, for not allowing them to do mass surveillance.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This