Is this likely to be true?


I was interested in this story about how some major communications companies are shocked that the NSA tapped into their networks via the cables. Companies like Google and Yahoo say that the NSA got entry into its data systems without their knowledge.

People knowledgeable about Google and Yahoo’s infrastructure say they believe that government spies bypassed the big Internet companies and hit them at a weak spot — the fiber-optic cables that connect data centers around the world and are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and Level 3 Communications. In particular, fingers have been pointed at Level 3, the world’s largest so-called Internet backbone provider, whose cables are used by Google and Yahoo.

The Internet companies’ data centers are locked down with full-time security and state-of-the-art surveillance, including heat sensors and iris scanners. But between the data centers — on Level 3’s fiber-optic cables that connected those massive computer farms — information was unencrypted and an easier target for government intercept efforts, according to three people with knowledge of Google’s and Yahoo’s systems who spoke on the condition of anonymity.

It is impossible to say for certain how the N.S.A. managed to get Google and Yahoo’s data without the companies’ knowledge. But both companies, in response to concerns over those vulnerabilities, recently said they were now encrypting data that runs on the cables between their data centers. Microsoft is considering a similar move.

“Everyone was so focused on the N.S.A. secretly getting access to the front door that there was an assumption they weren’t going behind the companies’ backs and tapping data through the back door, too,” said Kevin Werbach, an associate professor at the Wharton School.

Microsoft also claims to be stepping up its encryption in the light of these revelations.

There is good reason to be skeptical of these companies’ claims to innocence. They like to give the impression of being custodians of their customers’ privacy while at the same time are dependent on the government for many benefits and they may be playing both sides of the net.

I do not have the expertise to judge if what they say is true but being the skeptic I am, I always find it safe to assume, unless convinced otherwise, that government and big business are colluding against ordinary people,. History is on my side on this one.

Comments

  1. doublereed says

    I wouldn’t be surprised if they didn’t know, only because there’s no real reason why the NSA should inform them. Although, I wouldn’t be surprised they had agreements with the companies that actually manage the datalinks, like Level 3 Commnications.

    I mean tapping the backdoor is a pretty bizarrre move. It seems completely unnecessary to do if you have agreements already in place. But as we are seeing, NSA seems to be doing everything they possible can in every possible way they can.

  2. hyphenman says

    Good afternoon Mano,

    My money is on a legal move targeted at short-stopping invasion-of-privacy suits and stockholder outrage.

    Do all you can to make today a good day,

    Jeff

  3. sigurd jorsalfar says

    I suspect they are annoyed to discover that the NSA was stealing from them data which they were readily handing over to them anyway. They are outraged that the NSA didn’t trust them to hand over everything like they said they would. And they recognize a golden opportunity to make this outrage appear to be on behalf of their customers’ rights to privacy, which they think they can get away with because the NSA will never admit to any of it.

  4. Jockaira says

    I always find it safe to assume, unless convinced otherwise, that government and big business are colluding against ordinary people,.

    I’m pretty sure your assumption is safe. Consider that big business receives much of its economic patronage and preferential legislation from government, and the government’s politicians (and through them, appointees) would probably not have their jobs without hefty campaign contributions from business.

    Quid pro quo is a very ancient principle of getting things done in any society. In a democratic society one should expect all these exchanges (even the tiniest) to be a matter of public record, but of course, they’re not. If they were, the public might terminate some of these relationships that had no social utility and many in the upper tiers of wealth and privilege would lose their lofty life styles.

  5. sailor1031 says

    google and yahoo may be telling the truth -- or some version of it -- but it is not remotely credible that verizon and the other communications companies did not collude with the NSA.

  6. lorn says

    Is it likely to be true? There is a good possibility it, at some level, in some way, resembles truth.

    The US intelligence services have spent a whole lot of time and effort tapping lines. The Navy tapped submarine cables used by the Russians to communicate with their bases in the Kamchatka peninsula. These were deep in the ocean and deep inside Russian controlled territory. They were assumed to be so inherently secure that much of the information transmitted over it was done unencrypted.

    The submarine they used had been listed as a rescue vehicle for disabled submarines.

    http://en.wikipedia.org/wiki/Deep-submergence_rescue_vehicle

    The thing about undersea cables is that once they go into the sea people figure they are safe, or almost impossible to tap without being detected. Not so much any more. And almost all international communications travel, at least in part, through an underwater cable. I mention this because off all the fiber lines those deep underwater cables are, by far, the hardest to physically tap. Tapping one on land is easy.

    Of course, assuming anyone wished to go to the trouble, they can, given favorable conditions, and the allocation of a whole lot of very high-dollar hardware, read what shows up on your computer screen by gathering up the slight EM signal created by your device:

    http://en.wikipedia.org/wiki/Tempest_%28codename%29

    Point here is that if anyone really wants to listen in or watch they can. It isn’t a trivial undertaking and it is highly likely that you are just not special enough to warrant that attention. If, by chance, you are doing something to warrant that level off attention you had best assume that every form of communication is monitored, is not actually recorded.

    Also, don’t assume encryption will help much. Many of the most popular encryption programs have back doors installed and the concept of encryption itself means there may be no practical way of not being cracked. Encryption, the use of a cypher, the transposition of individual characters in a message, can be automated and conveniently read. It is this regularity that makes them vulnerable.

    Codes, where groups of words represent an idea, as long as they are well implemented and used, are essentially unbreakable simply because they are not systematized. Without a key no combination of smarts or computer power can touch them.

    On the other hand they are very slow in transmitting information and may not be able to transmit any concept not included initially.

  7. lanir says

    Telco’s can do a site to site connection. It’s easy to assume this is secure because no one else is on it. It’s kind of like a cable modem setup. Your data goes up to a junction calld a CO which forwards it on through your ISP’s network (and later out to the internet if that’s where your destination lies). It’s easy to think this is secure because no one else’s traffic gets to your cablemodem (it’s routed elsewhere) and your internet traffic doesn’t get to anyone else’s modem. But you’re always trusting your provider anytime you send data over their connection without encrypting it. Google and Yahoo are basically saying they did the same thing here. Encrypting the pipe involves a bit of overhead. I haven’t operated in that area of networking personally but my assumption is encryption would be the exception rather than the norm.

    Basically this takes advantage of how the internet works. There is no one big “internet”. The internet is ISP’s connected to backbone providers who connect to each other. A backbone provider is just a name for a provider that has wires all over and connections to a lot of other big networks. It’s still just one network connected to another network connected to another network. Plain text information can be grabbed anywhere along the way if someone’s wants it.

    But what really has me wondering is, I don’t think you wouldn’t overreach in this fashion just once or twice. So… What else are they doing?

  8. Jonny Vincent says

    Yep, all power from the parent to the Pope, is dependent on secrecy. In a world without secrets, there could be no conflict.

  9. Reginald Selkirk says

    I think it is likely that the companies have been cooperating with the NSA for access. I have noticed that Google has resumed haranguing me to link additional data, such as a cell phone number, with my gmail account.

    I also think it is possible that the NSA got access that the big companies did not know about. Certainly tapping cables is a thing. Do you remember back in 2008, when several undersea comm cables connecting the middle east were disrupted? This series of events even has its own Wikipedia page. The apologetics put forward at the time involved ships dragging their anchors in a storm or some such. I’m sure it had nothing at all to do with US intelligence forces tapping the fiber optic cables. (wink wink)

  10. jamessweet says

    My impression is that it is true, partially based on the private Twitter reaction of some Google engineers. Actually, I think there are some analogies to the Lavabit situation here: Recall that the Lavabit guy always cooperated with individual subpoenas, he just balked at handing over the keys entirely. He was cooperating, and the spooks still pushed for more.

    By the same token, I get the feeling that Google et al felt like they were cooperating by agreeing to programs like PRISM. There was no grand gesture to stand up for their users’ privacy, but they thought they had agreed to a situation that allowed the government access while also being tolerable to Google, letting them remain in control of their own data. Then the government turns around and taps them anyway without their knowledge. That’s almost worse than if Google had never cooperated to begin with, you know? More insulting at least. The level of outrage coming from some of the Google engineers seems to match with this scenario. I’m inclined to believe it.

  11. Wylann says

    jamessweet: The engineers, maybe, but would you bet that at the higher levels of management, someone didn’t know? I’m torn, actually. It wouldn’t surprise me to find that some high level managers at L3, and the big ISPs knew about it. On the flip side, it wouldn’t surprise me if they all but willingly just handed that information over to the NSA, but the NSA still went and tapped their lines anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *