Is There Anything Left for the NSA to Spy On?
New leaks from Edward Snowden portray an agency breaking into systems it already had obtained legal access to. By Dustin Volz, Matt Berman and Brian Resnick
There's a new leak out today from Edward Snowden and The Washington Post. And it just confirms the mantra of 2013: If you thought the last leak was big, just wait for the next one. Today we learn that the NSA dragnet can capture the cloud.
The fittingly named program, MUSCULAR, secretly sends "millions of records every day from Yahoo and Google internal networks to data warehouses at the agency's Fort Meade headquarters."
The new disclosure is stunning—even for a Snowden leak—because the National Security Agency already possesses court-approved authority to collect vast amounts of online communication records, thanks to Section 702 of the Foreign Intelligence Surveillance Act. Legislation introduced this week by Rep. Jim Sensenbrenner, R-Wis., and Sen. Patrick Leahy, D-Vt., would limit the government's authority for such data-sweeping under the section.
As The Post notes, "The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process."
So why go through a stealth backdoor, too? Because getting additional information from the cloud is apparently too much for the NSA to pass up.
The leaks come just a day after senior intelligence officials testified before Congress and expressed skepticism that the White House did not know about NSA's overseas eavesdropping that has included tapping communications of foreign heads of state. Both NSA Director Keith Alexander and Director of National Intelligence James Clapper indicated that the White House is aware, at least generally, of much of the agency's spying.
[Read more: Congress vs the President: Who Should Make the Calls on NSA?]
The intelligence officials also said that a lot of this work occurs with the collaboration of foreign governments. The data collection abroad "represents information that we and our NATO allies have collected in defense of our countries and in support of military operations," Alexander said. MUSCULAR is run in conjunction with Britain's GCHQ.
In case this wasn't already completely obvious, the MUSCULAR revelation is not going over well with Google. The Snowden-leaked NSA slides that describe the program make it seem as if the government is intentionally congratulating itself for out-thinking the Internet colossus:
In an NSA presentation slide on "Google Cloud Exploitation," however, a sketch shows where the "Public Internet" meets the internal "Google Cloud" where their data resides. In hand-printed letters, the drawing notes that encryption is "added and removed here!" The artist adds a smiley face, a cheeky celebration of victory over Google security.
Two engineers with close ties to Google exploded in profanity when they saw the drawing. "I hope you publish this," one of them said.
Google, of course, is not alone in having something to shout profanities about.
To recap, from the leaked files of Edward Snowden we've learned that the NSA tracks phone-call metadata; tracks email correspondence taking place in foreign countries (and apparently has the technical capabilities to do the same with U.S. citizens); has a system that allows analysts to dig through these expansive databases; does mass collections of address books; sometimes intercepts the communications of world leaders; and has direct taps into the most widely used Internet services.
But wait, there's more. Almost simultaneously, Al Jazeera published NSA documents obtained through a Freedom of Information Act request coaching officials to use the terrorist attacks of Sept. 11, 2001, as justification when publicly discussing surveillance programs.
What's next?