Google, NSA Partnership Brings New Privacy Concerns

The balance between security and privacy is again being tested as Google has recently requested the help of the US National Security Agency (NSA) to better secure themselves, and their users’ data, from future cyberattacks.

The request comes on the heels of a recent discovery that two Chinese schools, Shanghai Jiao Tong University and the Lanxiang Vocational School, an academic institution in China’s Shandong Province with apparent ties to the country’s military, were discovered to be the source of recent attacks against Google and 20 other large corporations. The attacks against Google were aimed at the Gmail accounts of Chinese and Western human rights activists.

The NSA’s Involvement

While both the NSA and Google at first would not confirm their new partnership, as details were being worked out, an NSA spokesperson has claimed they are working on an “information assurance mission,” that involves a broad range of commercial partners and research associates. However, when the Washington Post looked into this partnership, reporters were assured that working with the NSA does not mean that the government agency will have access to users’ searches or e-mail communications and accounts. Google will not share proprietary data either.

The Nature of the Attack

While the NSA certainly has the ability to help Google, or any company, protect themselves against a cyberattack, it is odd that a corporation with some of the top engineers and most brilliant minds would fail to take the necessary measures to prevent the type of breach that would warrant bringing in the NSA to clean up.

Even with the help of the NSA, attacks like these are nearly impossible to stop. In the case of the Google attack, users at Google, and the other targeted companies, visited malicious sites, that exploited a zero-day vulnerability in the Internet Explorer browser. The exploit downloaded an array of malware to the victim’s computer automatically and transparently. These programs then unfurled themselves into the network using sophisticated encryption to prevent detection.

Reactions

Upon learning of the proposed partnership, Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center (EPIC), was quoted as stating that any relationship between the two would be “very problematic.”

“We would like to see Google develop stronger security standards and safeguards for protecting themselves,” he said. “But everyone knows the NSA has two missions: One is to ensure security, and the other is to enable surveillance.”

In a counter move, EPIC has filed a Freedom of Information Act request seeking NSA communications with Google regarding Google’s failure to encrypt Gmail and cloud computing services. The purpose of this, according to Rotenberg, is to find out what role the NSA has played in shaping privacy and security standards for Google’s services. This request was followed up by a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy.

In addition to concerns raised by EPIC and other privacy rights groups, the move calls into question Google’s promises made when joining the Global Network Initiative. As a member of the GNI, along with Microsoft and Yahoo!, Google has pledged to protect and advance freedom of expression and privacy despite increasing government pressure to comply with domestic laws and policies in ways that may conflict with these ideals.

Not all experts are concerned. James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), believes that it is unlikely this potential partnership will involve the sharing of personal data. Claiming that Google is more likely to only be interested in having the NSA take a look at its networks and help it identify potential weaknesses, “It has nothing to do with intelligence. That point appears to have been missed,” Lewis said, “I don’t have any direct knowledge, but that is my assumption in this case.”