The US National Security Agency has penetrated the main communication links that connect Yahoo and Google data centres around the world, giving it access to the accounts of hundreds of millions of people including US residents, The Washington Post reported yesterday.
By tapping the links, the agency is able to collect at will a wide range of content such as metadata - indicating the recipients of emails and when the messages were sent - as well as actual content like text, audio and video, according to the report.
The NSA does not store all of the content permanently, but it keeps a lot, the newspaper reported, based on documents provided by former NSA contractor Edward Snowden as well as interviews with what the Post called "knowledgeable" officials.
Through the programme, millions of records are sent every day from Yahoo and Google's internal networks to data warehouses at the NSA's headquarters in Fort Meade, Maryland, the report said. In the past 30 days alone, more than 181 million records containing various data had been processed by field collectors, according to the report.
The data links are exploited using a tool called MUSCULAR, which is operated in partnership with the NSA's British counterpart, GCHQ, the Post reported. Together, the NSA and GCHQ can copy entire data flows across fiber-optic cables carrying information between Yahoo and Google data centres, the report said.
The interception points were not disclosed.
In a statement, Google Chief Legal Officer David Drummond said the company does not give any government access to its systems. However, the company has been concerned about the possibility of this kind of snooping and has encrypted more of Google's services and links as a result, he said.
"We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform," he said.
The revelation constitutes the latest in a series of high-profile leaks of information about US surveillance programs since the Post and the Guardian newspaper first reported the existence of a programme known as Prism in June. That programme allows the NSA to access data stored within the servers at major internet companies like Yahoo, Google, Facebook, Microsoft and others.