By Brendan Sasso - 10/30/13 03:33 PM EDT
The National Security Agency secretly broke into overseas communications links that connect Google and Yahoo data centers, according to documents provided to The Washington Post by Edward Snowden.
Intercepting the traffic could give the NSA access to hundreds of millions of user accounts, including many belonging to Americans, according to the report. The records include the "to" and "from" on emails, as well as the contents of communications, such as text, audio and video.
In a top secret document dated Jan. 9 2013, the NSA said it transfers millions of records every day from Google and Yahoo internal networks to data warehouses at its Fort Meade headquarters. The document said the NSA had received 181,280,466 new records over the preceding 30 days.
The Post reported that the NSA program to access Google and Yahoo links is carried out under Executive Order 12333—which was issued by President Reagan in 1981 to define the basic rules for overseas surveillance.
At a Bloomberg cybersecurity event Wednesday, NSA Director Gen. Keith Alexander said he hadn't seen the Post report, but he denied that the NSA has direct access to Google and Yahoo servers.
"We go through a court order. We issue that court order to them through the FBI," Alexander said, adding that the program has "nothing to do with U.S. persons."
In a formal statement, NSA spokeswoman Vanee Vines did not deny that the NSA accesses the links connecting Google and Yahoo servers without their knowledge.
"The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and [FISA Amendments Act] 702 is not true," she said. "The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true."
She said the NSA follows Justice Department rules to protect Americans' privacy.
"NSA is a foreign intelligence agency," she said. "And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”
In a statement, Yahoo said it has "strict controls" in place to protect its data centers and has not given the NSA or any other agency direct access to its data centers.
Google said it is “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”
“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.
Jameel Jaffer, deputy legal director for the American Civil Liberties Union (ACLU), said the dragnet program is the result of a "fundamentally broken" oversight system.
“If we want the right to privacy to survive the NSA's assault on it, we need both Congress and the courts once again to play the role the constitution envisioned for them,” he said in a statement.
— This story was updated at 4:28 p.m.