This week Eric Schmidt, Google’s Executive Chairman, lashed out at the U.S. National Security Agency (NSA), describing its spying activities as “outrageous” and “possibly illegal”, after a string of exposés based on documents provided by whistleblower Edward Snowden revealed covert surveillance of the company’s internal server data.
Starting last week, The Washington Post published several stories detailing how the NSA secretly broke into the main communications links connecting Yahoo and Google data centres across the world, positioning itself to “collect at will from hundreds of millions of user accounts, many of them belonging to Americans”.
This week’s insights into the NSA’s snooping takes the allegations further in suggesting that the Agency also worked with its British counterpart, the GCHQ, to break into the private “clouds”, or internal networks of the companies, and that this happened on “British territory.”
At an event in Hong Kong, Mr. Schmidt was quoted by The Wall Street Journal saying, “It’s really outrageous that the NSA was looking between the Google data centres, if that’s true … The steps that the organisation was willing to do without good judgment to pursue its mission and potentially violate people’s privacy, it’s not OK.”
Mr. Schmidt also said that Google had lodged complaints with the NSA, the White House and members of Congress, adding, “The NSA allegedly collected the phone records of 320 million people in order to identify roughly 300 people who might be a risk. It’s just bad public policy … and perhaps illegal.”
Neither the NSA nor any other administration agency has refuted the latest spying allegations, which come on the back of documents provided by Mr. Snowden, who is currently on a temporary asylum in Russia.
On the surveillance of server data The Washington Post argued, “We do know they are intercepting it from inside the Yahoo and Google private clouds, because some of what NSA and GCHQ collect is found nowhere else.”
Among the slides that the newspaper published are examples illustrating how the NSA obtained cyber traffic that experts said could not be encountered outside of Google’s internal network. These slides showed data formats “only used on and between Google machines”, experts were quoted as saying, and these included Google’s binary “remote procedure call,” and proprietary authentication system “Gaia.”
Similarly, under the U.K.-based GCHQ-supported project “MUSCULAR,” the NSA was said to have used a “demultiplexer” tool to take apart data packages sent across Yahoo’s internal networks in that company’s proprietary “NArchive” format. To process the traffic obtained through this tool the NSA was then said to apply another system that it possessed called TURMOIL.