Skip to Content

NSA Takes Huge Amounts of Data from Google and Yahoo

America’s spy agency has been tapping links between global data centers of the Internet giants.
October 30, 2013

The National Security Agency has gained access to Google and Yahoo’s cloud networks and downloaded massive amounts of data including from Americans, according to the latest revelation on leaks from Edward Snowden, this time in the Washington Post.

The project involved, known as MUSCULAR, is operated jointly with the British intelligence agency known as GCHQ, and engages in copying data from an undisclosed interception point outside of the United States from fiber-optic cables that carry information between the companies’ data centers.

Circumventing a court-approved process that allows intelligence agencies to make requests directly from companies, the NSA inhales data as it moves between data centers around the world. Data is shuttled around this as part of regular backup processes at the companies, and to enable you to quickly access your data from anywhere in the world. Google and Yahoo run their own private networks, often passing data between countries and making it vulnerable to NSA taps.

Some of this was already implied to have been happening, given that Google said early last month that it was working to encrypt the torrents of information that flow among its data centers (see “Circumventing Encryption Free’s NSA’s Hands Online”). According to the report, none of Yahoo’s inter-server traffic is encrypted, and not all of Google’s is, though the companies are working to change that.

The scale of the NSA data-grab is staggering. The Post reported that “according to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.”

Those kinds of numbers dwarf what the companies themselves have been saying they are compelled to hand over. For instance, last week Yahoo issued an earnest “government transparency report,” in which it said it had received 12,444 requests for data from the U.S. government this year, covering the accounts of 40,322 users.

Although Google already encrypts much of the data sent between you and its servers, weaknesses exist in between its own data centers. And that compromises user information including e-mails, search queries, videos and Web browsing history (see “Bruce Schneier: NSA Spying is Making Us Less Safe.”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.