The Washington Post reported last Wednesday that the National Security Agency has been tapping into the private links that connect Google and Yahoo data centers around the world. Today we offer additional background, with new evidence from the source documents and interviews with confidential sources, demonstrating that the NSA accessed data traveling between those centers. The background also helps explain the response of U. S. officials following the publication of the story. The U. S. government declined repeated requests to discuss the story beginning eight days before it was published. Since publication it has made four responses. Immediately after the story posted online, a reporter asked NSA Director Keith B. Alexander about it at a cybersecurity event hosted by Bloomberg Government. Neither the reporter nor Alexander had read the story yet.Alexander replied:The story did not say the NSA breaks into “servers” or “databases. ” It said the agency, working with its British counterpart, intercepts communications that run on private circuits between the fortress - like data centers that each company operates on multiple continents. The distinction is between “data at rest” and “data on the fly. ” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another.Alexander also said:Here he appeared to be talking about PRISM, the previously reported program that makes use of authority granted by Congress in 2008 when it amended the Foreign Intelligence Surveillance Act. Under Section 702 of the amendments, the NSA was empowered to compel technology companies to turn over information about their users. A special court oversees the program, renewing it once a year. Our Wednesday story reported that the NSA is not relying only on PRISM to get information from Yahoo and Google. It is also working with its British counterpart, the GCHQ, to break into the private “clouds, ” or internal networks, of those companies. We do not know exactly how the NSA and GCHQ intercept the data, other than it happens on British territory. But we do know they are intercepting it from inside the Yahoo and Google private clouds, because some of what NSA and GCHQ collect is found nowhere else. The two companies do not entrust their data center communications to the “public internet, ” which is comparable to an international highway system that anyone can use. Instead, they link their data centers with thousands of miles of privately owned or privately leased fiber optic cable – in effect, a system of private highways. When Google and Yahoo have to share a stretch of road with the public internet, they take other precautions to keep their traffic secure. We showed some of the NSA’s briefing slides to private sector experts with detailed knowledge of the internal corporate networks of each company. In separate conversations, they agreed that the slides included samples of data structures and formats that never travel unencrypted on the public Internet. Below is one example, which the NSA captured from Google.

“This is not traffic you would encounter outside of Google ' s internal network, ” said one of the experts. The slide shows data in a format that is “only used on and between Google machines. And, also as far as I know, Google doesn ' t publish their binary RPC protocol, which is what this resembles. " An RPC is a “remote procedure call, ” and this one is used when one Google data server has to confirm that it is talking to another. The author of the slide confirms that, describing the captured data as “internal server - to - server authentication. ” Google’s proprietary authentication system is “Gaia, ” which appears in the captured data stream. Another expert with inside knowledge confirmed that its characteristics are not public. Another NSA slide provided by former contractor Edward Snowden showed that the NSA developed Google - specific “protocol handlers " so that it could parse the company’s proprietary formats and pull out the information it wanted to keep.

Another NSA document, similarly, describes NSA’s use of a “demultiplexer” tool to take apart data packages sent across Yahoo’s internal networks in that company’s proprietary “NArchive” format.The project name for this collection is MUSCULAR, which corresponds to an alphanumeric string, DS - 200B:

DS - 200B is one of many “sigads” used by the NSA to identify where it collects electronic communications. Sigad is short for “signals intelligence address” or “signals intelligence activity designator. ” This one is described as an “international access, ” which means an overseas fiber optic cable or switch that routes Internet traffic. MUSCULAR is “located in the United Kingdom” and the GCHQ has primary responsibility for operating it. The NSA works cooperatively alongside its British partner, and the system used for processing that traffic, TURMOIL, belongs to the NSA. Other slides show how the traffic is routed from DS - 200B to NSA databases at its Fort Meade, Md., headquarters. More annotated documents have been posted here.Our Wednesday story noted that the NSA is governed by fewer rules and less oversight when it does its intelligence collection outside U. S. territory:NSA spokeswoman Vanee Vines, in a statement late Wednesday, did not address the rules, or confirm that Yahoo and Google traffic is collected overseas. She denied untoward motives:Vines also said the NSA follows the attorney general’s guidelines for protecting the privacy of U. S. citizens. Our story said the same thing, and added that the guidelines are classified. On Thursday, the top lawyers for the NSA and DNI returned to the questions of motivation and intent. Speaking at an American Bar Association conference in Washington, NSA General Counsel Rajesh De said, “The implication, the insinuation, suggestion or the outright statement that an agency like NSA would use authority under Executive Order 12333 to evade, skirt or go around FISA is simply inaccurate. ” He added, “The suggestion of that requires some backing up. ” “There is no scandal about the lawfulness of NSA’s activities under current law, ” he said.Robert S. Litt, the DNI’s general counsel, said at the same conference:On Thursday evening, the NSA put out another statement. It began:The statement did not specify the errors or false inferences. It defended NSA operations in general as compliant with “applicable laws, regulations, and policies, ” and said “assertions to the contrary do a grave disservice to the nation, its allies and partners, and the men and women who make up the National Security Agency. ”