Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":851716,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"D"}']

Why we shouldn’t be shocked about the NSA tapping Google and Yahoo

Image Credit: Meghan Kelly/VentureBeat

These leaks about the NSA are really gumming up the works. U.S. tech companies are pissed. Citizens are pissed. The international community is pissed.

And rightfully so.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":851716,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"D"}']

This week we learned that the NSA is grabbing unencrypted data by monitoring the connections between Google’s and Yahoo’s various data centers. Last week we discovered the NSA has information on 35 world leaders and may have tapped German Chancellor Angela Merkel’s cellphone. Since June, the news has been peppered with leaks on a variety of programs that sweep up U.S. citizen information such as PRISM and the regular breaking of huge amounts of encryption.

But at this point, can we, the citizens, companies, and international communities of the world really continue to be shocked about what’s happening? According to experts in the field: no.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

“[It’s] not surprising at all,” Stuart McClure, chief executive of big data security company Cylance told VentureBeat of the recently revealed Google-Yahoo tap, “But then again prism wasn’t surprising either.”

Let’s look more closely at Muscular, the Google-Yahoo data collection program.

Unlike simply grabbing data as part of subpoenas or monitoring network flows of communications between customers of the service, the NSA directly targeted Google’s and Yahoo’s infrastructure.

“The difference is they are tapping lines from one Google data center to another. This traffic wasn’t encrypted, unlike everything else. Clever,” Mikko Hypponen, chief research officer for anti-virus and research firm F-Secure, told VentureBeat.

These lines are the fiberoptic cables that connect the data centers. The things is, we already knew the NSA was tapping the world’s fiberoptic cables in order to siphon off huge amounts of data. We just didn’t know it was doing this to Google and Yahoo behind their own lines. Back in August, we learned about the NSA collecting over 56,000 domestic e-mail through fiberoptic cable monitoring before actually getting permission to obtain the messages — and all their contents.

This was a part of an “upstream collection” program that promised to filter out any e-mail belonging to U.S. citizens. The program grabbed copies of everything flowing through those cables, but it seems the NSA was not able to follow through on its minimization promise, prompting a judge to deny approval of the program and force the NSA to delete the data.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":851716,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"D"}']

But even Google chief legal officer David Drummond said the company was not surprised.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Jon Callas, the chief technology officer for encrypted messaging app Silent Circle, echoed Drummond telling VentureBeat, “No, it’s not surprising. It actually explains things we’ve seen hints of previously. A number of the documents we’ve seen in the past have assumed capabilities that weren’t explained. Google’s David Drummond said as much — that they’ve suspected this for some time.”

But let’s not write off the initial, shocked reactions of the public. Those who are unhappy with the government’s oversight of the NSA, or the shadow under which it operates, are actually forming protests. The international community is calling for stricter spying regulations, and Germany might even launch an investigation into the NSA using Snowden as a witness.

Silent Circle, alongside Lavabits founder Ladar Levison have even come together to create the Dark Mail Alliance, a project to create an open source, encrypted e-mail option where only the individuals using the service can unlock the message.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":851716,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"D"}']

To those in other industries, this type of spying and reaction to espionage might seem like some James Bond-level craziness.

While we shouldn’t be surprised, that natural gut reaction is a good thing. It has opened real discussion about how important spying is for our respective countries and what respect our countries should give each other around spying.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More