NSA

NSA Doesn't Need Google to Monitor Most Internet Communications Anyway, Says NSA Whistleblower

Internet hubs located in the US likely already monitored by the NSA

|

irl internetz
xeni/foter.com

Google's CEO Larry Page became the latest and most high-profile representative of an internet company reported to be connected to the NSA's PRISM program to say he's never heard of the surveillance operation, but according to one former U.S. intelligence official the NSA doesn't need Google's help to access a lot of Internet communications already. How? The business website Quartz reports:

The answer, says 30-year NSA veteran turned whistleblower William Binney, is simple: Since at least 2001, the US government has had access to all the internet communication passing through at least one and possibly more fiber-optic hubs in the US. That would give the NSA access to a vast amount of data without "direct access" to company servers…

"I figure they could get 80% on what's on the network and the other 20%, the companies [like Google and Facebook] have to fill in," says Binney, who adds that these numbers are "just my estimate" based on what's known about how much traffic flows through the Internet's busiest hubs.

Binney also points out that, given the structure of the internet, the NSA is best equipped to spy on Americans, not foreigners, because the hubs it has access to are all in the US. Despite this fact, much of the world's internet traffic travels through the US anyway, making it a uniquely advantageous place to put listening devices. US spy agencies have even warned that the gradual shift away from the US as the primary hub for internet communications could make it more difficult for them to eavesdrop.

The 2008 New York Times article Quartz links to about the gradual shift of internet hubs away from the U.S. explains that that eavesdropping U.S. intelligence services so prize is one of the main reasons why the shift of internet hubs away from the U.S. has been accelerating. 

More Reason on the NSA.

NEXT: Supreme Court Rules Raisin Farmers Can Fight Federal Controls

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I guess those SSL connections aren’t that secure after all.

    1. I wonder if they can actually see encrypted data or only see where it’s coming from and where it’s going. I doubt they can read something encrypted with modern standards.

      1. They can see which router sent it, but not specifically what person was sending it. So in general they can look into a packet and say “it came from Comcast in the Denver area” and “is requesting data from google’s mail farm”.

        But imagine decrypting all those packets without targeting. Very very difficult to do. They need some sort of targeting so they can focus their efforts.

        This is why they want the PRISM access to companies like Google. If they identify a “risky” person, they want to see all of his email. They don’t want to sit and sniff every packet going to google from IP addresses associated with that person, then spend time decrypting it…Not at the scale they are working. No, they want to have google package it up and send it to them to look at.

        The moral of this story is that if you are storing anything online (google docs, mail, etc) unless you decrypt it at the source on your computer, they can read it if they take sufficient interest.

        1. I imagine google analytics would be quite handy to them.

    2. It works, but it has limitations. In today’s world of massive parallel processing, you probably cannot trust that encrypted data will remain un-cracked unless you are using a massively complex cypher.

      The problem for the government is the massive amount of data out there. They may be able to spend 10 processor hours to crack one session with google, but multiply that times the billions of sessions that google has each month, and even the government’s 80 billion dollar budget isn’t enough.

      This is why the government 1) wants meta-data like the Verizon records and 2) wants access like revealed in PRISM. The metadata allows them to determine “risky” behavior that they want to focus on for decryption and then their access to Google (for example) gets them all the information from the source, rather than having to decrypt all of it.

  2. …the NSA is best equipped to spy on Americans, not foreigners, because the hubs it has access to are all in the US.

    It’s always easier to search for your keys under the lamp post.

  3. PAUL KRUGMAN: There was a really good article written five years ago by Jack Balkin at the Yale Law School. He said that technology means that we’re going to be living in a surveillance state. That’s just gonna happen. But there are different kinds of surveillance states. You can have a democratic surveillance state which collects as little data as possible and tells you as much as possible about what it’s doing. Or you can have an authoritarian surveillance state which collects as much as possible and tells the public as little as possible. And we are kind of on the authoritarian side.

    Yeah, he said that. I guess he’s only 99.9% progtard.

    1. That’s cuz attacking the surveillance state empowers the Rethuglikkkans. With the right Top Men we can get to the liberty side.

    2. But does he blame corporations more, or the government?

  4. But if doing that would prevent the people at Google from doing their part for the cause.

  5. The answer, says 30-year NSA veteran turned whistleblower William Binney, is simple: Since at least 2001, the US government has had access to all the internet communication passing through at least one and possibly more fiber-optic hubs in the US. That would give the NSA access to a vast amount of data without “direct access” to company servers?

    I was wondering when we were going to get back to this. Due to my lack of ambition and general amivilance to all things everything, I was too lazy to research it, but I distinctly remembered that during the BOOOOOOSH!!11!!11 years that there was a brief but noisy controversy over these huge super-secret packet capturing and monitoring thingies that were literally built into AT&Ts; central internet hubs and the like.

    Now, the good side of this is that encrypted traffic becomes difficult to get because at these hubs, all your shit is encrypted at this stage of its travel. Net Neutrality could, of course, fix this.

  6. proxy proxy proxy proxy proxy

  7. 611 Folsom…not the worst. 350 Cermak in Chicago, Dallas’ Infomart (1950 Stemmons), One Wilshire Building in LA, 60 Hudson in NYC (111 8th also)…these are the massive colos. If someone wnated to snoop all, and I do mean all, internet traffic in the US they would need to just do those locations. They hold the largest peering presence and have every major and minor carrier in them. It would be trivial to tie into the backbone routers and get unimaginable amounts of data. On the otherhand, hitting the data centers would provide session level granularity and there are far more of those under less centralized control. So, I would just crack the transport at the colos nut and call it good.

  8. OT: Marilyn Manson, in desperate plea for attention, tries to do something controversial in world where his brand of controversial means ‘wednesday’.

    http://www.nydailynews.com/ent…..-1.1367998

  9. OK man lets roll that beautiful ben footage!

    http://www.AnonStuff.tk

Please to post comments

Comments are closed.