(Washington, DC) Gen. Keith Alexander, Director of the National Security Agency (NSA), denied today a Washington Post report that the intelligence agency has secretly broken into communications links that connect Yahoo and Google data centers around the world. Speaking at a Bloomberg Government cybersecurity conference, Alexander was--within minutes of the report's publication--asked about this latest bombshell revelation stemming from the documents obtained by former NSA contractor Edward Snowden.
"Not to my knowledge. That has never happened," Alexander said when asked if it's true that NSA secretly infiltrates the two Internet giant's networks. Alexander's further denial seemed to be premised on the erroneous notion that this latest report dealt with court orders for surveillance data from the Foreign Intelligence Surveillance Court (FISC), an entirely different and legal, although murky, form of NSA data collection that came to light earlier this year. "Those companies are compelled to work with us," he said. "These are specific requirements that come via court order....We go through a court order, we issue that order to them through the FBI."
Both the Washington Post and The Guardian began their series on the Snowden documents by revealing a "front door" NSA program called PRISM, under which NSA petitions the FISC to obtain user data from Internet companies, including Google and Yahoo. However, today's Washington Post report reveals a secret initiative under which NSA uses a data extraction tool called MUSCULAR, which is operated jointly with GCHQ, the British intelligence agency.
Although Yahoo and Google are aware of and comply with the FISC orders, even while sometimes fighting them, both companies express in the Post article surprise and anger over the possible infiltration of their data communications links without their permission. Those links are not encrypted (Google is in the process of putting that measure into place) but the NSA seemingly did have to infiltrate what the Post calls "gold standard" security measures to gain access to the companies' networks.