But, what is the NSA doing, if anything, anyway? Good question. The NSA PowerPoint post-it note of a slide on Google Cloud Exploitation simply shows a sketch where the Public Internet meets the internal Google Cloud at a Google Front-End (GFE) server. This is not exactly a detailed technical document.
Here's are some of the ways this could work. First, you should know that Google, Yahoo, and other major multinational Internet traffic companies store multiple copies of data across datacenters. That way when you do a search, read a Facebook post, what-have you, when your Web request goes to the closest possible datacenter it will get the fastest possible results.
To make that happen, and to ensure that you have the freshest information, the big boys use either their own or privately leased fiber-optic connections. These use networking technologies such as OC-768 and 100Gigabit Ethernet for data transmission rates of up to 100 Gigabits per second to hook up datacenters.
This traffic, over these network connections, is not being encrypted at this time. The companies seem to have thought that since encryption does take up some time, and the traffic goes over a private connection, this was safe enough. They were wrong.
Of course, it's a cryptography truism that it's easier to get around cryptography than it to break it. So if the NSA, or one of its partners such as the UK's Government Communications Headquarters (GCHQ) could tap into Google's and Yahoo's private networks, that would be their method of choice.
David Drummond, Google's Chief Legal Officer, said, "We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."
ZDNet has asked Yahoo for their take on the matter, but Yahoo hasn't responded yet. When they do, we'll update this story.
For now, we just don't know, which, if not all three, methods the NSA used and what the companies will be doing in reaction to this. What we do know, and we should have known all along, is that privacy really doesn't exist on today's Internet.
The moral of the story, for anyone, who runs datacenters in more than one country, is that it's well past time to start using as secure connections as you can find for your datacenter-to-datacenter communications. Simply having a "private" line doesn't mean that you're not actually on a party line with the NSA.