News Column

NSA Snoops Scoop up U.S. Citizens' Personal Data

October 31, 2013

Ron Acohido, USA TODAY

computer spying
New leaks by former NSA contractor Edward Snowden show gaps in U.S. security networks. (Patrick Semansky, AP)

The latest revelation of how government spies tap into the personal data that U.S. consumers so blithely place into the control of the Internet's advertising giants is the most profound yet.

The Washington Post on Wednesday outed a National Security Agency data snooping program, code-named Muscular, which copies all traffic flowing between two of the largest online advertising giants: Google and Yahoo.

In the latest installment of revelations from Edward Snowden, the Post is reporting that NSA partnered with its British counterpart, GCHQ, to carry out Muscular.

"This is the first real evidence of deep intrusions by NSA and GCHQ into the internal networks of major Internet companies," says Dave Jevans, chief technology officer of mobile security firm Marble Security. "By essentially copying all traffic that flows through these networks, the intelligence agencies can see everything that happens at these companies."

Muscular appears to give government snoops access to not just contact lists and address books -- last week's Snowden revelation -- but all e-mail and business documents, including Google docs which is used by hundreds of thousands of companies.

"Consider what the NSA is trying to do -- detect and monitor terrorist organizations," says Dave Frymier, chief information security officer at IT supplier Unisys. "They are looking for a proverbial needle in the haystack -- and to find that needle, you need access to the haystack."

Yet the steady flow of revelations may be having the effect of keeping convenience-minded consumers more attuned to the intensive harvesting of their every online move by Google, Yahoo, Facebook, Instagram, LinkedIn, Microsoft, AOL and other major and minor players treating consumer privacy as a free profit-making resource.

Tanuj Gulati, chief technology officer at security intelligence firm Seuronix, says raising the privacy consciousness of consumers and businesses could alter the course of how we use mobile devices and Internet cloud services.

"In the last few years, many businesses have increased their reliance on cloud providers for essential service," says Gulati. "If NSA is able to get their hands on this data, there may be others that may be tapping into the same data. All cloud providers need to act quickly to regain customer confidence."

Consumers and companies should not take this lightly. "We can assume a whole new level of threat," Jevans says. "The NSA and GCHQ must have insiders either working at Google and Yahoo, or in the data centers where their servers are housed."

Global companies could be susceptible to similar government snooping and should assess the security of data transfers between various data centers. "This is going to add significant cost to the operation of these data centers," Jevans says.

The large-scale collection of data that is happening through the Muscular program would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner, the Postexplained.

"The scope of Muscular program and the fact that it blatantly leverages loopholes in the legal system is particularly concerning," says Michael Sutton, a researcher at network security firm Zscaler. "MUSCULAR is fundamentally different than PRISM, which is subject to oversight from U.S. courts. Muscular is intentionally focused overseas where the same U.S. laws don't apply and the NSA has far greater freedom with data collection practices."

Copyright 2013 USA TODAY

Original headline: How NSA's spying is affecting privacy

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Copyright 2013 USA TODAY

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters