Skip to main content

NSA secretly taps into Google, Yahoo data centers, leaked documents show

nsa collecting google yahoo data drawing
Image used with permission by copyright holder

The National Security Agency has secretly tapped into the fiber optic networks that connect Google and Yahoo’s global data centers, reports the Washington Post. According to documents leaked by form NSA contractor Edward Snowden and unnamed “knowledgable officials,” this network interception allows the NSA to collect, “at will,” the communications and files of hundreds of millions of users, which likely includes many American citizens.

Wait – isn’t this old news, you ask? Nope. You’re thinking of PRISM, the program through which the NSA compelled a number of U.S.-based technology companies, including Google and Yahoo, to hand over users’ private data through the use of secret court orders issued by the Foreign Intelligence Surveillance Court. What we’re dealing with here is a whole different monkey – a program called MUSCULAR, which is allegedly a joint operation between the NSA and the U.K.’s intelligence agency, GCHQ.

Recommended Videos

Here’s how the whole thing works: Google and Yahoo both have data centers all over the world. These networks are used for internal communications and operations, but they are also connected to the larger Internet, and used to store and process data related to public accounts, like your Gmail emails or Flickr photos, for example. Multiple copies of your user data are often stored in these data centers, unencrypted, and passed back and forth between these so-called data “clouds.”

What the NSA has done through MUSCULAR is tap into links between these data centers that are located in foreign counties. According to the Post, the NSA claims to have the authority to assume that any data transferred in a foreign country is fair game for surveillance, thanks to an old executive order called 12333. The Post reports that, over a 30 day period, the NSA collected and processed 181,280,466 new records. Some of these records were metadata – the To, From, and Subject fields in an email, for instance – while other records included content, like emails, photos, files, and videos.

It is not known how much, if any, Americans’ private data is collected by the NSA through MUSCULAR. In a statement to the press, an NSA spokesperson said it is “not true” that “we collect vast quantities of U.S. persons’ data from this type of collection.” The NSA also says that it does not use Executive Order 12333 to circumvent legal restrictions on the agency.

According to Washington Post reporter Brian Fung, and Bloomberg reporter Trish Regan, NSA Director General Keith Alexander has refuted the Post’s report.

Neither Google nor Yahoo appear to have known about MUSCULAR. Google told the Post that it is “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”

“We have long been concerned about the possibility of this kind of snooping,” a Google spokesperson said, “which is why we continue to extend encryption across more and more Google services and links.”

Yahoo said in a response to the report: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

The documents describing MUSCULAR include a hand-drawn diagram – adorned with a smiley face! – sketching out where and how the NSA intercepts Google’s data center communications. When the Post contacted two Google engineers about MUSCULAR, they reported “exploded in profanity” when they were shown the drawing.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
I paid Meta to ‘verify’ me — here’s what actually happened
An Instagram profile on an iPhone.

In the fall of 2023 I decided to do a little experiment in the height of the “blue check” hysteria. Twitter had shifted from verifying accounts based (more or less) on merit or importance and instead would let users pay for a blue checkmark. That obviously went (and still goes) badly. Meanwhile, Meta opened its own verification service earlier in the year, called Meta Verified.

Mostly aimed at “creators,” Meta Verified costs $15 a month and helps you “establish your account authenticity and help[s] your community know it’s the real us with a verified badge." It also gives you “proactive account protection” to help fight impersonation by (in part) requiring you to use two-factor authentication. You’ll also get direct account support “from a real person,” and exclusive features like stickers and stars.

Read more
Here’s how to delete your YouTube account on any device
How to delete your YouTube account

Wanting to get out of the YouTube business? If you want to delete your YouTube account, all you need to do is go to your YouTube Studio page, go to the Advanced Settings, and follow the section that will guide you to permanently delete your account. If you need help with these steps, or want to do so on a platform that isn't your computer, you can follow the steps below.

Note that the following steps will delete your YouTube channel, not your associated Google account.

Read more
How to download Instagram photos for free
Instagram app running on the Samsung Galaxy Z Flip 5.

Instagram is amazing, and many of us use it as a record of our lives — uploading the best bits of our trips, adventures, and notable moments. But sometimes you can lose the original files of those moments, leaving the Instagram copy as the only available one . While you may be happy to leave it up there, it's a lot more convenient to have another version of it downloaded onto your phone or computer. While downloading directly from Instagram can be tricky, there are ways around it. Here are a few easy ways to download Instagram photos.

Read more