NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks

from the here-we-go dept

While NSA boss Keith Alexander issued a misleading denial of this morning’s report of how the NSA has infiltrated Yahoo and Google’s networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren’t quite said while refusing to address the actual point:

NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.

The assertion that we collect vast quantities of US persons’ data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.

NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.

Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they’re protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they’re going to use this loophole to search them:

“If we’re validly targeting foreigners and we happen to collect communications of Americans, we don’t have to close our eyes to that,” Litt said. “I’m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we’ve already collected.”

So, for all the claims that this kind of information will be “minimized,” it certainly looks like they’ve already admitted they don’t do that.

Meanwhile, that Guardian article that has the NSA’s response also has responses from the 3 other players in this drama. There’s the UK’s GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn’t want to say a damn thing:

“We are aware of the story but we don’t have any comment.”

Google, however, was reasonably furious about this story.

In a statement, Google’s chief legal officer, David Drummond, said the company was “outraged” by the latest revelations.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Yahoo’s response, unfortunately, was a lot more restrained and not particularly on point.

“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is.

Hopefully, this means that Google and Yahoo will stop just focusing on getting more “transparency” out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.

Filed Under: , , , , , , ,
Companies: google, yahoo

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks”

Subscribe: RSS Leave a comment
23 Comments
out_of_the_blue says:

Re: "I know what to do about it besides bitch."

Anonymous Coward, Oct 30th, 2013 @ 3:05pm

I long ago decided neither Google, Bing, nor Yahoo was a search engine I wanted to use. Unlike ootb, I know what to do about it besides bitch.


What exactly do you do? Inquiring minds want to know!

And why, since you clearly agree with me about the invasion from those mega-corporations, the vague but unnecessary dig?

Anonymoose says:

Insider trading?

I’m still shocked no one has thought to invoke the SEC in all of this.

Given the vast amounts of searchable, private, and no doubt high percentage of public company email and attachment info NSA employees have at their searchable disposal (with no meaningful insider oversight), how many trades by employees and contractors were based on insider information?

Or does the agency itself maintain shell accounts?

Seems like a good source of funding. And a potential avenue of investigation…

Anonymous Coward says:

Re: Re: Re: Re:

And you can use IPSEC without making it a VPN (IPSEC has “transport mode” which only encrypts/authenticates, but does not encapsulate).

There is only one thing you cannot encrypt: IKE, which does the IPSEC key negotiation (and has its own built-in encryption). As a consequence, you cannot also encrypt some ICMP traffic related to your IKE traffic.

John Fenderson (profile) says:

Re: Re: Re: Re:

Yes, I was oversimplifying a bit. This stuff get hard to discuss with brevity and clarity.

If you’re encapsulating (such as through a VPN), then the entire stream is encrypted. This isn’t logically relevant to my point, though. You can tunnel traffic (including ICMP) through a VPN, but the encapsulating layer itself is then the “real” network, and you can’t encrypt ICMP there unless you also run that through a VPN, in which case the upper-level encapsulator becomes the “real” network, and you can’t encrypt ICMP there, and so on and so forth.

My point is that ultimately, at some level, you must have ICMP and control structures (packet headers, etc.) sent in the clear in order for the routers and other machinery to work.

Anonymous Coward says:

Very disappointed in Marissa Mayer. Last I checked she seemed scared shitless about doing anything against NSA, because “she might go to prison”.

Give me a break. They wouldn’t send the CEO’s of Yahoo or Google to prison for not allowing them to do mass surveillance. If they did, then you’d have proof US is a totalitarian state, where they can send anyone they want on a whim to prison.

OldMugwump (profile) says:

Finally, Google is getting angry

Actually I think they’ve been angry for a while, but have been holding it in for the sake of getting along with the US Government (who, after all, has their nuts in a vise).

But, at last, they’re getting public about their anger.

Now – fight back. Put a request on some of that nice white space at http://google.com asking their customers to call their congressmen and senators.

Anonymous Coward says:

The difference between Google and Yahoo

There is one important difference between Google and Yahoo which can explain the different visible reaction: from what I have heard, at Google the engineers are much closer to the management. The top management itself is a pair of computer scientists. So when the Google engineers “exploded in profanity”, as mentioned in a previous post, some of that leaks through the management.

Chris in Utah (profile) says:

mmm....

Become more aware and going to court? Build better security?

Since its Halloween here in the states and Blade is a favorite of mine… “… Who do you think let them in asshole!?!?”

I praise ya for looking for solutions to issues Mike, I truly truly do and yet ya might want dig a little deeper in corporate sovereignty and ask something pretty relevant to this topic;

Have they ever done ither of those to things?
And possibly a secondary question… why support a company that has basic bent over?

Anonymous Coward says:

” NSA applies [an] approved processes to protect the privacy of US persons ? minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. “

Uhm, I’ve heard of the NSA tapdancing around being honest, but now they’ve upped their game to contradicting themselves in the same sentence?!?

Let’s protect the privacy of Americans by targeting, collecting, processing, exploiting[!], and retaining private information!!!

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...