SAN JOSE, Calif. (AP) -- Back when Yahoo was something hollered at a rodeo and no one could conceive of Googling anything, President Ronald Reagan signed an executive order that extended the power of U.S. intelligence agencies overseas, allowing broader surveillance of non-U.S. suspects. At the time, no one imagined he was granting authority to spy on what became known as Silicon Valley.
But recent reports that the National Security Agency secretly broke into communications on Yahoo and Google overseas have technology companies, privacy advocates and even national security proponents calling for a re-examination of Reagan's order and other intelligence laws.
Experts suggest a legislative update is long overdue to clear up what Electronic Frontier Foundation legal director Cindy Cohn calls "lots of big gray areas."
With the cooperation of foreign allies, the NSA is potentially gaining access to every email sent or received abroad, or between people abroad, from Google and Yahoo's email services, as well as anything in Google Docs, Maps or Voice, according to a series of articles in the Washington Post. It's impossible to know how many of Google and Yahoo's collective 1.8 billion accounts are affected, but in a single 30-day period last year, field collectors processed and warehoused more than 180 million new records - ranging from "metadata," which would indicate who sent or received emails and when, to content such as text, audio and video, the Post reported.
The NSA and its British counterpart, the U.K. Government Communications Headquarters, have intercepted and tapped into data funneled by Google and Yahoo through fiber optic cables, routing information in an NSA operation called Muscular, the Post reported. The information was provided to the newspaper by former NSA contract employee Edward Snowden, who is being sought by the U.S. for leaking classified information.
"Had the NSA done the same warrantless tapping at Google's Mountain View, California, headquarters, there's no doubt they would be violating the law," said Cohn, whose San Francisco-based non-profit fights for digital freedoms. "They're doing this abroad because they want that fig leaf of legality."
The NSA, in an online statement, says its collection operations comply with federal laws and orders.
Reagan's 1981 Executive Order 12333 for the first time in a public, written record allowed foreign covert action to be conducted from inside the U.S. The measure, amended several times after 9/11, outlines key rules for more than a dozen intelligence agencies. It spells out when spies are allowed to peek into mail, homes and electronics, identifies who has to approve of specific searches, and details how to carry out clandestine collection of foreign intelligence.
"What NSA does is collect the communications of targets of foreign intelligence value, irrespective of the provider that carries them," the agency said, likening the data channels at private firms to super highways.
In other words, the NSA is not targeting information about Google and Yahoo as such, but is conducting surveillance on foreigners using the services these companies provide, said University of Indiana law professor David Fidler. But Fidler says this explanation ignores the fact that the NSA is directly targeting the facilities of U.S. companies, "even if the information ostensibly sought concerned foreign persons."
Even Google's chairman Eric Schmidt, outraged by the invasion, says he's not sure it is illegal, telling CNN the operation is "perhaps a violation of law but certainly a violation of mission."
It is unclear exactly how the intrusions were carried out, but Daniel Castro, senior analyst at the Washington nonprofit Information Technology and Innovation Foundation, suspects the surveillance required a computer savvy person either working for the NSA, another government, or a contractor, to physically get inside a network provider's facilities to tap into the fiber optic network and route a copy of the online traffic into their own network. The set up could be similar to a secret NSA room built into an AT&T building in San Francisco in 2002 and made public by a retired AT&T staffer in 2007.
The Post reported that the NSA isn't breaking into accounts as they sit, stored in data centers, but is able to gather the emails and other communications as they move between them.
The NSA says that if they accidentally scoop up extra, non-criminal related information from Americans, there are strict limits about how it can be used. But there's no guarantee those limits apply if British intelligence agents are doing the rerouting and then turning information over to the NSA, and the Obama Administration will not talk about their methods.
Thus the immediate pushback from advocates is a loud call for new laws.
"It's a relatively new phenomenon that the government is sweeping through American communications outside the U.S., so there haven't been a lot of legal decisions," said American Civil Liberty Union's national security project attorney Patrick Toomey. "We think that these revelations show the ways in which the surveillance laws are in desperate need of reform. The location in which surveillance and collection occurs no longer matters."
