Back in August, I e-mailed a Guy Who Knows Stuff:
> In order to fudge
the legal limitations on collection of strictly intra-US phone calls by US
persons, could the US gov ask ATT (which, I expect, has a pretty close working
relationship with Bell Canada)
to route calls either by number or in bulk to Canada and then back to the
USA? Then the NSA
could pick up the traffic on the outbound or inbound end, or the Canadians
could rummage through it on our behalf. Unfortunately, I have no concrete
information to back up this brainwave, but it would seem to be a logical way
for the NSA to advance its goal of getting all the data. Any thoughts on
this?
And he replied:
Yes. They could certainly do that.
But then I came across:
"The Americans will not use Canadians to collect data on U.S. persons, nor will any of the other Five Eyes countries," Skillicorn says.
"In fact, in practice, it’s as if the five countries’ citizens were one large, collective group, and their mutual communications are not intercepted by any in the Five Eyes community."
Poked around a bit, came up empty, didn’t pursue it.
Then, today, courtesy of Barton Gellman at the Washington
Post, there’s this, describing an NSA program that circumvents limits on
domestic surveillance by intercepting Google and Yahoo! traffic between their data centers through our Anglophone
allies/proxies:
The NSA’s principal
tool to exploit the data links is a project called MUSCULAR, operated jointly
with the agency’s British counterpart, GCHQ. From undisclosed interception
points, the NSA and GCHQ are copying entire data flows across fiber-optic
cables that carry information between the data centers of the Silicon Valley
giants.
As for that “undisclosed intercept point”, I vote for Canada
as the most likely suspect. North
American traffic traverses Canada, gets bundled off to Blighty, and stored for
sharing with the NSA.
Naturally, we’re treated to generous descriptions of Google
outrage and privacy heroism:
Google and Yahoo also pay for premium data links, designed to be faster, more reliable and more secure. In recent years, each of them is said to have bought or leased thousands of miles of fiber optic cables for their own exclusive use. They had reason to think, insiders said, that their private, internal networks were safe from prying eyes.
In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.
Two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.
Publish what? Evidence that Google's security is cracked? Or document Google's hyperbolic anger at NSA transgressions to reassure Google Cloud customers?
If you’re searching for privacy heroes, I think you’d better scratch Google off your list. Per Gellman:
If you’re searching for privacy heroes, I think you’d better scratch Google off your list. Per Gellman:
Last month, long
before The Post approached Google to discuss the penetration of its cloud, vice
president for security engineering Eric Grosse announced that the company is
racing to encrypt the links between its data centers. “It’s an arms race,” he
said then. “We see these government agencies as among the most skilled players
in this game.”
Google knew, kids.
Get used to it.
Another guy I’m crossing off my personal list together with
David Skillicorn is John Schindler, whose tweets, posts, and sneers are a
mainstay of defenders of the NSA:
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”
But what about that "honesty" elixir you were peddling to the NSA in that smarmy open letter that appeared the same day Gellman's piece came out?
[H]ey, I’m fine with secrecy in principle – intelligence is conducted in secret by its very nature. But the current crisis has exposed the Agency to scrutiny based on falsehoods proffered by Kremlin-backed scoundrels and their useful idiots among activists masquerading as journalists. Time to beat that back with some honesty, what might seem scarily radical honesty to old SIGINT hands.
...
Rebrand now while you still can and regain the public’s trust. I’m confident that, once they understand what NSA really does, the vast majority of Americans will be glad the Agency is on watch.
Good luck with that rebranding, "Dash":
I also think the NSA has platoons of shills and their entire
job is figuring out how to stay within the realm of plausible deniability and
minimize transparency by exploiting every loophole. But, given their commitment to suppressing instead
of informing public debate about surveillance, I don’t see any reason to trust
them or listen to them. Why anyone would
rely on Schindler for objective and honest insight into the scope and
implementation of the US surveillance regime is beyond me.