It is unclear exactly how the intrusions were carried out, but Daniel Castro, senior analyst at the Washington nonprofit Information Technology and Innovation Foundation, suspects the surveillance required a computer savvy person either working for the NSA, another government, or a contractor, to physically get inside a network provider's facilities to tap into the fiber optic network and route a copy of the online traffic into their own network. The set up could be similar to a secret NSA room built into an AT&T building in San Francisco in 2002 and made public by a retired AT&T staffer in 2007.
The Post reported that the NSA isn't breaking into accounts as they sit, stored in data centers, but is able to gather the emails and other communications as they move between them.
The NSA says that if they accidentally scoop up extra, non-criminal related information from Americans, there are strict limits about how it can be used. But there's no guarantee those limits apply if British intelligence agents are doing the rerouting and then turning information over to the NSA, and the Obama Administration will not talk about their methods.
Thus the immediate pushback from advocates is a loud call for new laws.
"It's a relatively new phenomenon that the government is sweeping through American communications outside the U.S., so there haven't been a lot of legal decisions," said American Civil Liberty Union's national security project attorney Patrick Toomey. "We think that these revelations show the ways in which the surveillance laws are in desperate need of reform. The location in which surveillance and collection occurs no longer matters."
Those reforms are already underway, spearheaded by the USA FREEDOM Act introduced by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Congressman Jim Sensenbrenner (R-Wisc.), chairman of the Crime and Terrorism Subcommittee in the House; the proposed legislation, which is widely supported by the tech industry including Google, seeks to limit the NSA's surveillance powers both here and abroad. The bill appears to have bipartisan support.
But it might not go far enough for Kel McClanahan, executive director of National Security Counselors, which represents clients involved in security or privacy law-related proceedings. McClanahan says in addition to the broad privacy questions, there's a problem with the NSA actions when it comes to attorney-client privilege. Working with an attorney in the United Kingdom, McClanahan is currently fighting a legal Freedom of Information Act battle with the NSA, seeking documents related to Sharif Mobley, a U.S. citizen charged with terrorism in Yemen. Under current law, says McClanahan, the NSA could ostensibly tap into the private communications between himself and the British attorney he is working with, and read the litigation strategies as he and the British attorney plan them.
"From what I can tell, what they're doing is technically legal because of the lack of any law prohibiting it," he said.
The NSA says it has "minimization procedures" that limit how deeply it can examine communications of U.S. citizens while they're in the U.S., but it's unclear whether they extend to foreign attorneys.
Earlier reports based on Snowden's documents revealed the existence of other NSA programs, including the PRISM data-gathering program, which forces major tech firms to turn over the detailed contents of Internet communications, although those required court orders.
The difference this time is that the NSA is "tapping into the data centers as a backdoor activity, which made the tech firms extremely unhappy," said attorney Pat Fowler, who handles data privacy and security cases from his Phoenix, Arizona office.
Indeed, several Google engineers who spend their days fighting hackers fired back with furious online responses to their systems being targeted.
And it's quite possible Yahoo and Google weren't the only ones, said Fowler, noting that Microsoft's Hotmail, which with Google's Gmail and Yahoo's email dominate the email market.
"It wouldn't be a stretch to think they might try to get that data from the other entities," said Fowler.
Attorney Steven Bradbury, who headed of the Justice Department's office of legal counsel until 2009, used to advise the president and executives on constitutional questions of privacy and security. Today he says public concerns about invasions of privacy are off base because the NSA is not allowed to target U.S. data abroad, and when it gets it, there are tight limits.
"Communications that travel over wires overseas are susceptible to interception by all kinds of foreign governments that are active in collecting and doing surveillance," he said. "The difference is that the NSA and U.S. intelligence agencies are subject to strict rules and oversight. There's much more protection for U.S. persons than for foreign citizens."
Follow Martha Mendoza at https://twitter.com/mendozamartha
- Live at the GOP convention: Donald Trump...
- No sign of Trump endorsement, but plenty of...
- Trump speechwriter apologizes for Melania...
- Thunderous boos for Cruz for refusing to...
- 17 arrested in flag-burning melee outside GOP...
- Trump's moment: Speech to close GOP...
- Cruz: Not supporting candidate who wages...
- Rupert Murdoch vows Fox News without Ailes is...
- Utah delegates finally stand and cheer... 93
- Utah GOP delegates finally fired up... 74
- Obama rejects Trump depiction of US in... 40
- The day after: Lee defends Cruz at GOP... 32
- Trump speechwriter apologizes for... 27
- Police give all-clear in Munich... 27
- Thunderous boos for Cruz for refusing... 22
- Ohio Mormon offered invocation at... 22