Fort Meade, UNITED STATES: (FILES): This 25 January 2006 file photo shows the National Security Agency (NSA) in the Washington suburb of Fort Meade, Maryland, where US President George W. Bush delivered a speech behind closed doors and met with employees in advance of Senate hearings on the much-criticized domestic surveillance. The US National Security Agency has assembled the world's largest database of telephone records tracking the phone calls of tens of millions of AT and T, Verizon and BellSouth customers, sources familiar with the program told USA Today. In an article published 11 May 2006, the daily said the NSA launched the secret program in 2001, shortly after the 11 September 2001 attacks, to analyze calling patterns in a bid to detect terrorist activity. AFP PHOTO/FILES/Paul J. RICHARDS (Photo credit should read PAUL J. RICHARDS/AFP/Getty Images
Report: NSA snooped using Google, Yahoo
02:51 - Source: CNN

Story highlights

Gen. Keith Alexander says the NSA doesn't break into Google, Yahoo databases

But The Washington Post reports that the NSA accesses data as it moves between centers

Alexander didn't appear to address that specific claim

The NSA later denies using the technique to "collect vast quantities of U.S. persons' data"

Washington CNN  — 

The National Security Agency doesn’t have access to servers run by Internet giants Google and Yahoo, its chief said in a pushback to a Washington Post report that the U.S. spy network taps into overseas data links to slurp up millions of text, video and audio records every day.

But Gen. Keith Alexander’s comments at a cybersecurity conference Wednesday don’t appear to address the substance of the newspaper’s allegations – that the NSA has found a way to tap into the data as it moves between servers around the world without many of the restrictions imposed by U.S. law and court oversight.

Asked about the report by a Bloomberg Television reporter who interviewed him on stage at the conference, Alexander denied breaking into servers or databases run by Internet companies.

“Not to my knowledge,” he said in response to a question about tapping into company databases.

“It would be illegal for us to do that. So, I don’t know what the report is,” Alexander said. “But I can tell you factually we do not have access to Google servers, Yahoo servers. We go through a court order.”

However, the allegations published by The Post – based on documents leaked by former NSA contractor Edward Snowden – aren’t that the NSA has hacked into data centers or databases owned by the companies.

Instead, the newspaper – citing the Snowden documents and unnamed “knowledgeable officials” – reported that the NSA gets access to the data as it passes through vulnerable points overseas on its way to databases around the world.

According to The Post, the NSA and the British Government Communications Headquarters found a way to exploit a weakness in Internet architecture to copy data as it moves from the public Internet into data centers maintained by the companies.

The agency then uses custom-built software to decode the companies’ internal data formats and filter the resulting data for information it wants to collect, the newspaper reported.

The material collected under the program – code-named MUSCULAR – includes e-mail addressing information, as well as “content such as text, audio and video,” according to The Post.

The agency’s Fort Meade, Maryland, headquarters received 181,280,466 such records in the 30 days preceding the top-secret January 9, 2013, accounting on which The Post’s report is based, according to the newspaper.

In a statement, the NSA said “the assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons,” the agency said.

It’s unclear how much of the material collected involves what the NSA calls “U.S. persons,” a category that includes U.S. citizens, permanent residents, groups predominantly made up of those groups and businesses incorporated in the United States.

But unlike domestic programs that fall under restrictions imposed by law and the oversight of a secret court, surveillance conducted overseas falls under an executive order with less restrictive standards, The Post reported.

The report raised concerns from Google and Yahoo, with the Internet behemoths saying they never gave the NSA permission to access communication links to their servers.

“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,” said Yahoo spokeswoman Sarah Meron.

Google has “long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,” said David Drummond, Google’s chief legal officer.

“We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

The newspaper report emerged a day after Alexander and James Clapper, the director of national intelligence, testified before a House committee reviewing the agency’s surveillance activities.

The hearing, billed as a discussion of potential changes to the 35-year-old Foreign Intelligence Surveillance Act, commonly known as FISA, came after a report by the German magazine Der Spiegel that the NSA monitored German Chancellor Angela Merkel’s cell phone. Some reports also suggest the United States carried out surveillance on French and Spanish citizens.

Jim Sciutto reported from Washington; Chelsea J. Carter reported and wrote from Atlanta. CNN’s Jeremy Harlan contributed to this report.