Skip to Content
MIT Technology Review
Sign in

NSA Takes Huge Amounts of Data from Google and Yahoo

America’s spy agency has been tapping links between global data centers of the Internet giants.
October 30, 2013

The National Security Agency has gained access to Google and Yahoo’s cloud networks and downloaded massive amounts of data including from Americans, according to the latest revelation on leaks from Edward Snowden, this time in the Washington Post.

The project involved, known as MUSCULAR, is operated jointly with the British intelligence agency known as GCHQ, and engages in copying data from an undisclosed interception point outside of the United States from fiber-optic cables that carry information between the companies’ data centers.

Circumventing a court-approved process that allows intelligence agencies to make requests directly from companies, the NSA inhales data as it moves between data centers around the world. Data is shuttled around this as part of regular backup processes at the companies, and to enable you to quickly access your data from anywhere in the world. Google and Yahoo run their own private networks, often passing data between countries and making it vulnerable to NSA taps.

Some of this was already implied to have been happening, given that Google said early last month that it was working to encrypt the torrents of information that flow among its data centers (see “Circumventing Encryption Free’s NSA’s Hands Online”). According to the report, none of Yahoo’s inter-server traffic is encrypted, and not all of Google’s is, though the companies are working to change that.

The scale of the NSA data-grab is staggering. The Post reported that “according to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.”

Those kinds of numbers dwarf what the companies themselves have been saying they are compelled to hand over. For instance, last week Yahoo issued an earnest “government transparency report,” in which it said it had received 12,444 requests for data from the U.S. government this year, covering the accounts of 40,322 users.

Although Google already encrypts much of the data sent between you and its servers, weaknesses exist in between its own data centers. And that compromises user information including e-mails, search queries, videos and Web browsing history (see “Bruce Schneier: NSA Spying is Making Us Less Safe.”)

Keep Reading

Most Popular

DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.

“This is a profound moment in the history of technology,” says Mustafa Suleyman.

What to know about this autumn’s covid vaccines

New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.

Human-plus-AI solutions mitigate security threats

With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure

Next slide, please: A brief history of the corporate presentation

From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.