Privacy group sues to get data about NSA-Google ties

September 14, 2010 By Ken Dilanian

The National Security Agency should divulge information about its reported agreement with Google Inc. to help the Internet company defend itself against foreign cyber attacks, according to a lawsuit filed Monday by a privacy group.

The ad hoc and secretive nature of Google's arrangement with the federal spy agency also spotlights what some experts said was the lack of a clear federal plan to deal with the growing vulnerability of U.S. computer infrastructure to cyber intrusions launched from foreign countries. At risk are , banks and other crucial public services.

"We have a faith-based approach, in that we pray every night nothing bad will happen," said James Lewis of the Center for Strategic and International Studies, a Washington think tank.

In January, announced that it had been the victim of "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property."

A month later, newspapers reported that Google had begun cooperating with the NSA, the spy agency in charge of defending the U.S. military from such attacks. Google, according to reports, enlisted the NSA, which has a vast electronic surveillance capability and a trove of cyber-warfare experts, to help trace the source of the attack and take steps to prevent future intrusions.

The nonprofit Information Center, which has tangled with Google in the past over the security of its e-mail system, filed a request under the Freedom of Information Act for documents related to any agreement between Google and the NSA. The NSA denied the request, and on Monday the privacy group took the agency to court, seeking to force it to hand over records.

"As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google," the privacy group's request said. "In order for the public to make meaningful decisions regarding their personal data and e-mail, it must be aware of the details of that relationship. Neither Google nor the NSA has provided information regarding their relationship."

There probably isn't a significant privacy concern in the NSA's dealings with Google, said Richard Clarke, a top national security official in the Clinton and Bush administrations and author of "Cyber War: The Next Threat to National Security and What to Do About It."

"But the easy way for Google and NSA to prove that is by letting an outside group come in and find out," Clarke said.

Lewis said the NSA still must overcome a lack of trust among consumers after it enlisted telecom companies to help with surveillance it conducted without warrants in the wake of the Sept. 11 terrorist attacks.

Beyond the privacy issue, the Google-NSA alliance shows that no single U.S. government agency is responsible for defending the country's private from the daily onslaught of foreign-based cyber attacks, Clarke and Lewis said. NSA gets involved only in select cases.

"NSA can't become the antivirus provider for the U.S. economy," Lewis said.

Clarke said the Obama administration's cyber-defense policy makes private companies responsible for their own defense, "and that obviously doesn't work."

The current approach, he said, would be akin to President John F. Kennedy urging steel companies in 1961 to buy fighter planes and air defenses to protect against the Russian bombers that had them on target lists.

In a statement, NSA declined to confirm or deny its relationship with Google. "NSA works with a broad range of commercial partners and research associates to ensure the availability of secure, tailored solutions," the statement said.

A Google spokesman declined to comment Monday, but in January, the company issued a statement saying it was "working with the relevant U.S. authorities" in response to the cyber attack.

The attack on Google was the latest in a series of intrusions attributed to China, including the hacking of Lockheed Martin Corp. documents related to the F-35 fighter program.

"The United States is fighting a cyber-war today, and we are losing," Mike McConnell, former director of national intelligence, wrote in The Washington Post in February. "As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking."

McConnell, who also used to run the NSA, believes it is best suited to oversee the nation's defenses against cyber attacks.

"The NSA is the only agency in the United States with the legal authority, oversight and budget dedicated to breaking the codes and understanding the capabilities and intentions of potential enemies," he wrote.

Explore further: Top US cybersecurity official quits


Related Stories

Top US cybersecurity official quits

March 7, 2009

A top US cybersecurity official has quit, complaining in a resignation letter obtained by Wired magazine that US cyber protection efforts are being dominated by the super-secret National Security Agency (NSA).

US wants privacy in new cyber security system

July 3, 2009

(AP) -- The Obama administration is moving cautiously on a new pilot program that would both detect and stop cyber attacks against government computers, while trying to ensure citizen privacy protections.

US senators call for cybersecurity czar

April 1, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

US adviser says cybersecurity must be joint effort

April 23, 2009

(AP) -- The challenge of protecting the government's computer networks is too big for any one agency to handle alone, a top adviser to President Barack Obama said Wednesday. That suggests the administration doesn't intend ...

Recommended for you

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (2) Sep 14, 2010
I think the necessary conclusion for the honest, liberty-minded individual is to assume the following things are true until otherwise proven:

* The Internet (At least the USA parts of it) has been completely subsumed by the dominant intelligent agencies and all of its traffic is routed through their devices;

* The objective of all USA legislation regarding the Internet is to regain control over the flow of information and assert its authority to control what we hear, see, and know;

* Every item of computerized data in your transactions, communications, and browsing has been recorded and can be used against you by the factions ruling the USA at this time.

* The true threat against the American people is not external and trying to get in, but is internal and building a construct from which we cannot escape.

* Computer network technology represents a threat to the large investments in information control made by the ruling factions in the late 20th century.
5 / 5 (2) Sep 14, 2010
Does any one find it ironic that a privacy group is trying to get other groups private data made public?
1 / 5 (1) Sep 14, 2010
The "Strawman" used to propagate factional control over the free networks is the bogeyman of "cyberwar", which are more like the enemies in "World of Warcraft" or perhaps "America's Army".

The proposed "remedies" for the "threat" of "cyberwar" are absurd to anyone who understands basic network security - If your aim to to protect a sensitive network from external attack, the most economical and effective remedy is to REMOVE the sensitive network from the rest of the Internet.

Obviously, the aim is not to achieve the most economical or effective remedy, but to provide plausible entry points for control mechanisms that allow surveillance and data control by the ruling factions. Only stupidly naive people believe that these control points are for their protection and benefit.

In the event of factional aggression against the Constitutional rule of law, or the American people, these control points will be used as assets against us.
1 / 5 (1) Sep 14, 2010
The controls specified by the Lieberman / Rockefeller bill are more useful to those trying to control INTERNAL traffic in the domestic networks of the USA, specifically to disallow certain content and servers from public access during times of "crisis" or "war".

Obviously the nature of a "crisis" is open to wide interpretation, for instance if there should be made public some damaging bit of information about the ruling factions or their activities at home or abroad, this may constitute a "crisis" and since we are continuously at war, it may be that any information can made sensitive to "national security", especially if the information reveals war crimes or embarrassing behavior by the factions.

Only the stupidly naive cannot understand the relationship between power and the control of information. Only the dangerously stupid mind is not able to describe the nature of the powers behind the ruling factions today.
4 / 5 (4) Sep 14, 2010
Wow, you guys are beyond paranoid. Yes, the NSA is actively spying on many of us, illegally. It sucks, it's wrong, it's inexcusable, but when WWIII hits, you'll appreciate the fact that you still have power and water. We need the NSA is all I'm saying.

Do you really think "all of its traffic is routed through their devices"? That is absurd. They would need a device at nearly every internet router in the country with a dedicated link back to their dedicated national backbone.

Cyber war from China is a red herring? That's just as naively stupid as thinking the NSA isn't spying on US citizens. All we need is to remove the network from the rest of the world? Right. I'm sure these multinational corporations would love that idea.

The threat is real, security is complex, and you're just going to have to live with the fact that the people who protect you are also a threat to your liberty. You can't have it all; a balance must be reached.
1 / 5 (2) Sep 14, 2010
Protect me. . .hmmm I think I addressed your comments with the descriptor "Stupidly naive."

Do you assign any negative to factional rule of your formerly free and open society, or are all forms of government the same to you?

Does rule of law have any meaning to you?

Do you praise and trust the NSA for a reason, or do you just like the idea of a Russian style intelligence faction dominating the West?

I know you can't directly answer any of my questions, so please, continue to believe what you want to believe about the structure of power in our society.

BTW, if you readily admit that everything I said is true, why does stating them qualify as "paranoid?"
Oh, and if you were still wondering about how internet traffic is routed, please visit here: http://www.dailyk...916/3612

But of course, you have absolute trust in your rulers, because. . .you just do. They would never abuse their extraordinary powers, right? Insanity.
5 / 5 (2) Sep 15, 2010
I know exactly how the internet is routed. I am well aware of your link. That was for international connections ONLY, not within the US.

Try again. This time, don't make so many assumptions about what I trust and don't.
3.7 / 5 (3) Sep 16, 2010
Critical infrastructure systems like Utilities are NOT directly connected to and therefore not accessible via the internet so this threat as it relates to these systems is a RED HERRING. The point about attempted attack on our networks by foreign nations is real its just been skewed by the government in order to persuade the public to let them have more control and invade our privacy, what little we have left.

3 / 5 (2) Sep 16, 2010
Does any one find it ironic that a privacy group is trying to get other groups private data made public?

Uhhhhh, NO! The government is not a private entity and not entitled to privacy as an individual l would. As far as Google's privacy goes, if they have worked with the government then those actions are just as open to the public and not protected under privacy laws as they were intended even if not as they have been interpreted by a power hungry government.
not rated yet Sep 16, 2010
The point about attempted attack on our networks by foreign nations is real its just been skewed by the government in order to persuade the public to let them have more control and invade our privacy, what little we have left.

We'll never know if it is unfairly skewed or not. Believe it or not, sometimes they make things classified for a very good reason.

What is the point of "the govt," which is just a bunch of people trying to impress their boss btw, gaining control merely to invade your privacy? The US citizens that make up the govt are not inherently evil. However, the system of trying to improve lives for the general population may inherently evolve towards an acquisition of more control. THIS is the danger, but I do not think the people that control said system are using propaganda for the benefit of the system itself. That would be like saying all govt managers are analogous to the agents in "The Matrix."
1 / 5 (1) Sep 18, 2010
What I would like to know is -where is the outrage from marjon, et al, regarding this most obvious corporate socialism, government overreach, freemarket interference? I suspect that, since it has nothing to do with restriction of the industries that provide the mangyhole with all the comforts of home, that this encroachment upon our god-given right to extremely limited government, and a totally unregulated "free market" will go unremarked, as it actually falls right in line with the objectives of the mangymasters -mangy being their trollpuppet, and all.

And Yes - we should all be very afraid of this type of collusion between industry and government, as it cannot result in any thing else than an increase in TYRANNY.

All US intelligence/law enforcement has access to our private data/communications past, present, future, BY LAW, either covertly or transparently, in most cases without probable cause.

There is a way to make internet traffic virtually INVULNERABLE to attack CONTD
1 / 5 (1) Sep 18, 2010
but in doing so, would simultaneously make it impervious to surveillance. This just won't do, so look for a new law(s) in the very near future enacting just this piece of corporate welfare-because why should corporations have to spend their profits protecting themselves from cybercriminals? The "unforseen" consequence of this legislation will be that the cost of corporate compliance will be so exhorbitant, that it will become absolutely essential to eliminate "net neutrality", in exchange for providing "Net Security" and -viola!- you will no longer have unresricted access to view or publish on the internet, at any price, probably.

But at the same time, spooks will have access to all of your private data/communications, at any time, for any reason. Or for NO DAMNED REASON AT ALL. Shits and grins.

1 / 5 (1) Sep 18, 2010
Which is essentially what Arkaleus was pointing out, above.

And it's not likely that corporations -in the interest of safeguarding our "rights"- are going to feel any compunction regarding using that same data in any way, and for any purpose, that they see fit -which we can loosely ascribe to the profit motive.

Sadly, the Board Members of corporate america don't give two dessicated, dead rats' asses about our Constitutionally guaranteed rights, especially the First one. Remember, whoso controls information controls Public Opinion, and being able to manipulate public opinion in order to keep us buying what they're selling("Corn Sugar", anyone?) is the Golden Goose of Corporocratic policy. This collusion of corporate and government cannot lead to anything but TYRANNY.

So, wake up! and push back NOW, and PUSH BACK HARD -or you can bid adieu to both the single most important FREEDOM left to us, as well as the "free market".
not rated yet Sep 18, 2010
Because of such cyber attacks, the US has acquired the most experience with electronic threats and hence the greatest electronic defense capabilities of all the earthls nations combined. An added note: Because of this experience, the US can, at any given moment, launch a surprise retaliatory attack on any nation with devastating results. Let us give thanks be to those hackers who constantly try to hack America. In the long run, all they are doing is adding immeasurably to our collective cyber war-machine.
5 / 5 (1) Sep 20, 2010
I don't get why people think they should be able to communicate over vast distances (internet) with perfect privacy. That's like me calling the cops on my neighbor because he was listening to a fight I had with my wife on our front lawn.

We can't expect an org that is required to break our enemies' codes to just ignore codes made by private firms. That's just silly. Private cyphers are poor cyphers. That is a fact; just look at DVDs and GSM. It's just not logical to have both good security and private keys or algorithms.

If you really want good privacy, use a proxy and VPN with triple DES. That's the best you'll ever have until quantum encryption. And I really don't care if you think the NSA won't "allow" that. Do it anyway.

I'm a pretty liberal guy, but I just don't get why so many people want our protectors to be weakened. CONT-
5 / 5 (1) Sep 20, 2010
I know it's not a sufficient reply to say "if you have nothing to hide, why do you care?" I get it; that's total BS and it's not what I'm getting at. But, what is the worry here? Some guy has an idea, some company finds out, and the govt helps them steal the idea? We are a selfish species. Don't like it? Run for Congress. Don't just let all the shady ambitious types run the world.
1 / 5 (1) Sep 20, 2010
I know it's not a sufficient reply to say "if you have nothing to hide, why do you care?" I get it; that's total BS [...] and the govt helps them steal the idea? We are a selfish species. Don't like it? Run for Congress. Don't just let all the shady ambitious types run the world.

I don't mean to say that there is no threat. It is wildly overblown, however.

The REAL danger here is that this(wildly overblown)security threat will be used as a premise to control, limit, gag, or seriously hamper access to information availability on the web, through the use of a fee structure, connection speeds, scheduled access limitations, et c., to decrease one's ability to obtain or distribute information on the web, in some way similar to what I outlined above.

I believe this to be a more than justifiable concern, especially in light of Google/Verizon's recent activities. I'm actually quite surprised that you don't seem to share this concern. Did I miss something?

not rated yet Sep 21, 2010
The REAL danger here is that this(wildly overblown)security threat will be used as a premise to control, limit, gag, or seriously hamper access ....
...I'm actually quite surprised that you don't seem to share this concern. Did I miss something?

I think it would be silly if Google's end goal is to limit liberty. I think they just want to make money and I don't see how limiting our communication helps them do that. Do you think the NSA is extorting them?--"Help us spy or we'll let China steal your tech?"

Yes, I don't want metered internet or competitor throttling, and I hope the FCC/Congress/courts do not allow those things. I think people are jumping to conclusions linking this NSA thing to that merely because of a timing coincidence.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.