{"id":38432,"date":"2013-11-01T09:47:58","date_gmt":"2013-11-01T14:47:58","guid":{"rendered":"http:\/\/www.ict-pulse.com\/?p=38432"},"modified":"2013-11-01T09:47:58","modified_gmt":"2013-11-01T14:47:58","slug":"5-takeaways-allegations-nsa-infiltrated-links-yahoo-google-data-centers-worldwide","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2013\/11\/5-takeaways-allegations-nsa-infiltrated-links-yahoo-google-data-centers-worldwide\/","title":{"rendered":"5 takeaways from new allegations that the NSA infiltrated links to Yahoo, Google data centers worldwide"},"content":{"rendered":"

The word \u201cMUSCULAR\u201d took on new meaning this week. It now also refers to a NSA project in which data was being intercepted in transmission. We outline five initial takeaways based on this new development.<\/em><\/p>\n

\"TableDay before yesterday, 30 October, the Washington Post in the United States published an article alleging that the US\u2019 National Security Agency (NSA) had been infiltrating links to Yahoo, Google data centers worldwide<\/a>. According the publication, the details were revealed by former NSA contractor, Edwards Snowden, and \u201cinterviews with knowledgeable officials<\/i>\u201d. In summary, although the NSA can (and is authorised) to compel online service providers (such as Google and Yahoo) to furnish data via its programme known as PRISM, it is alleged that through a project called MUSCULAR, the organisation has also been harvesting large volumes data during transmission without permission. The image below is reportedly from a NSA presentation and highlights the vulnerability that the NSA allegedly has been exploiting.<\/p>\n

\"GOOGLE-CLOUD-EXPLOITATION<\/p>\n

As at the time of publication of this post, the NS has refuted the claims that have been made. However, the affected service providers are reportedly furious about the revelations, stating emphatically that they were unaware of this matter and are demanding answers from the US government. In light of the hot water the US is currently in for spying on its allies, this new allegation may remain unaddressed into the immediate future. However, outlined below are five initial takeaways that might be worth considering.<\/p>\n

1.\u00a0 US spying may still be deeper and more pervasive than we think<\/h3>\n

The earlier revelations, about the NSA collecting metadata from telephone calls in the US and collecting large volumes of information from online service providers via PRISM, pales in comparison to some of the most recent news \u00a0about the NSA tapping the phones of senior government officials in foreign \u00a0countries, and now the interception\/infiltration allegations. However, we are still learning about the extent of the US\u2019 spying capabilities and actions, and at this time we ought not to be surprised if additional scandals come to light.<\/p>\n

2.\u00a0 Private leased lines might not safe as we believe<\/h3>\n

Based on news reports, although the affected online companies had leased dedicated capacity on fibre optic cables networks to carry their data, the NSA was \u201ccopying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants<\/i>\u201d (Source: Washington Post<\/a>). The slide above from a NSA presentation suggests where in the routing the infiltration might have occurred. However, the key takeaway is that any sort of protection or safeguards that private leased lines inherently offer might not be enough to thwart the sophisticated interception\/spying technology available to government intelligence agencies.<\/p>\n

3.\u00a0 Our fear of having our privacy breached by our service provider might be what we should be worrying about<\/h3>\n

Over the last few years, and especially among large online properties such as Google and Yahoo that offer free services to the public, there has been a trend away from sharing user information with third party companies. Generally, those properties use the information internally to further their own business efforts, or for advertising and promotional purposes. However the details of what purposes user information might be subject to are usually set out in the websites\u2019 Terms of Use and Privacy Policies.<\/p>\n

The result of this position by websites is that many users \u2013 individuals and organisations alike \u2013 are wary about using certain online properties. However, this recent allegation indicates that the interception might have been done unbeknownst to the affected online firms, and as a result we, as users, have no idea how our data is being used; who might be liable; and what recourse we might have.<\/p>\n

4.\u00a0 Organisations might become more wary of cloud services and remote storage than they already are<\/h3>\n

Cloud technology and cloud services have been huge buzzwords in recent years, and in the last two years, they have been gaining traction as cost effective means of accessing data and a broad range of services over the internet. More importantly, global analysts firms, such as Gartner<\/a>, have projected that data centres, and cloud technology and services will become increasingly integral to businesses into the future. However, these new allegations might be setback in the shift to greater take up of cloud and remote storage services, but may also have the positive effect of prompting persons to ask more questions of their current and prospective service providers.<\/p>\n

5.\u00a0 Organisations and countries could benefit from re-examining their data protection policies and tools<\/h3>\n

Finally, when the above are considered, especially the latitude the US might have (or is prepare to take) regarding electronic data in their jurisdiction, it might be prudent for countries, and even organisations to re-examine their data protection policies and exactly how they being implemented and followed. For example, the data protection law in many countries worldwide require that personal data should only be transferred to countries that offer similar or better data protection as the home country.<\/p>\n

In light of the US\u2019 aggressive posture on intelligence and spying, which is supported in law, such as via the Patriot Act 2001, companies may need to seriously consider whether or not, or the extent to which they are okay with having their data access or intercepted by the US government and the alternatives they could to consider.<\/p>\n

 <\/p>\n

Salvatore Vuono \/ FreeDigitalPhotos.net<\/a><\/p>\n

______________<\/p>\n","protected":false},"excerpt":{"rendered":"

The word \u201cMUSCULAR\u201d took on new meaning this week. It now also refers to a NSA project in which data was being intercepted in transmission. We outline five initial takeaways […]<\/p>\n","protected":false},"author":2,"featured_media":38436,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[82,27,11,28],"tags":[71,38,32,48,43,41],"class_list":["post-38432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","category-computing","category-ict-tech","category-networking","tag-businesses","tag-data-protection","tag-information-society","tag-infrastructure","tag-internet-governance","tag-privacy","et-has-post-format-content","et_post_format-et-post-format-standard"],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/ict-pulse.com\/wp-content\/uploads\/2013\/11\/Table-Eyes-by-Salvatore-Vuono-FreeDigitalPhotos.net_.jpg?fit=400%2C182&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2iE1G-9ZS","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/38432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/comments?post=38432"}],"version-history":[{"count":3,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/38432\/revisions"}],"predecessor-version":[{"id":38438,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/posts\/38432\/revisions\/38438"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/media\/38436"}],"wp:attachment":[{"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/media?parent=38432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/categories?post=38432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ict-pulse.com\/wp-json\/wp\/v2\/tags?post=38432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}