1 Comment

Google, NSA Partnership Brings New Privacy Concerns

Feb 25, 2010
by

The balance between security and privacy is again being tested as Google has recently requested the help of the US National Security Agency (NSA) to better secure themselves, and their users’ data, from future cyberattacks.

The request comes on the heels of a recent discovery that two Chinese schools, Shanghai Jiao Tong University and the Lanxiang Vocational School, an academic institution in China’s Shandong Province with apparent ties to the country’s military, were discovered to be the source of recent attacks against Google and 20 other large corporations. The attacks against Google were aimed at the Gmail accounts of Chinese and Western human rights activists.

The NSA’s Involvement

While both the NSA and Google at first would not confirm their new partnership, as details were being worked out, an NSA spokesperson has claimed they are working on an “information assurance mission,” that involves a broad range of commercial partners and research associates. However, when the Washington Post looked into this partnership, reporters were assured that working with the NSA does not mean that the government agency will have access to users’ searches or e-mail communications and accounts. Google will not share proprietary data either.

The Nature of the Attack

While the NSA certainly has the ability to help Google, or any company, protect themselves against a cyberattack, it is odd that a corporation with some of the top engineers and most brilliant minds would fail to take the necessary measures to prevent the type of breach that would warrant bringing in the NSA to clean up.

Even with the help of the NSA, attacks like these are nearly impossible to stop. In the case of the Google attack, users at Google, and the other targeted companies, visited malicious sites, that exploited a zero-day vulnerability in the Internet Explorer browser. The exploit downloaded an array of malware to the victim’s computer automatically and transparently. These programs then unfurled themselves into the network using sophisticated encryption to prevent detection.

Reactions

Upon learning of the proposed partnership, Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center (EPIC), was quoted as stating that any relationship between the two would be “very problematic.”

“We would like to see Google develop stronger security standards and safeguards for protecting themselves,” he said. “But everyone knows the NSA has two missions: One is to ensure security, and the other is to enable surveillance.”

In a counter move, EPIC has filed a Freedom of Information Act request seeking NSA communications with Google regarding Google’s failure to encrypt Gmail and cloud computing services. The purpose of this, according to Rotenberg, is to find out what role the NSA has played in shaping privacy and security standards for Google’s services. This request was followed up by a lawsuit against the National Security Agency and the National Security Council, seeking a key document governing national cybersecurity policy.

In addition to concerns raised by EPIC and other privacy rights groups, the move calls into question Google’s promises made when joining the Global Network Initiative. As a member of the GNI, along with Microsoft and Yahoo!, Google has pledged to protect and advance freedom of expression and privacy despite increasing government pressure to comply with domestic laws and policies in ways that may conflict with these ideals.

Not all experts are concerned. James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), believes that it is unlikely this potential partnership will involve the sharing of personal data. Claiming that Google is more likely to only be interested in having the NSA take a look at its networks and help it identify potential weaknesses, “It has nothing to do with intelligence. That point appears to have been missed,” Lewis said, “I don’t have any direct knowledge, but that is my assumption in this case.”

About Jeff Orloff

Jeff Orloff is a freelance technology writer and consultant with Sequoia Media, Inc. (http://www.sequoiamediaservices.com). When he is not in front of a computer, he can be found coaching little league baseball.

You can find Jeff on Twitter: @jeorl.

Filed under: Adware, Spyware, Greynets, & Internet Fraud + Civic Responsibility + Legal Issues + Security Issues
  • Rwolf

     

    America Is On the Edge
    of Becoming a Corporate/Police Surveillance State. NSA effectively the U.S.
    Military, under Bush II spied on Americans’ private phone and email
    communications without—warrants. Now NSA wants a (Partnership) with U.S.
    Corporations—in order that both can share e.g., (threat Assessment information.
    Understandably because most Americans believe their government is corrupt, how
    will they prevent NSA from providing their partner-corporations Citizens’
    private information; including private information that concerns a
    corporation’s employees and job applicants, such as their associations, what
    protest demonstrations they attended; what political and other organizations
    they belong or support, even his or her medical information? Should NSA
    provides that kind of private information to their Partner (corporate
    employers) it will result in corporations turning down a job applicants, firing
    current employees: but can you imagine NSA not providing that kind of private
    information to a (partner corporation) considering their past domestic
    spying—no matter what privacy legislation is passed?

     

    Before Hitler had total power, during 1930’s Hitler’s private Gestapo
    worked with German Corporations and Government Police. Once Hitler came to
    power German Citizens that did not belong to the Nazi Party could not get a
    job. Soon perhaps, U.S. Corporations will require permission from their partner
    (NSA), before they can hire a job applicant or retain current employees based
    on NSA so-called threat assessments. After the arson burning
    of the German Parliament building, private corporations that supported Hitler helped
    Hitler get passed legislation that
    suspended provisions of the German Constitution that protected Citizens’
    freedoms and civil liberties. Corporations had the power; Citizens had no
    rights.

    If NSA provides U.S. Citizens’ private information to its corporate
    partners, it is necessary to consider NSA’s working relationship with Homeland
    Security. In mid-January 2012 Homeland Security announced the National
    Operations Center (NOC) received permission from Washington to monitor
    journalists and retain data on users of social media and online networking
    platforms. Homeland Security spying, tracking Americans will result in Citizens
    abstaining from visiting and posting comments on websites? Expect that millions
    of Americans under constant police/government surveillance will increasingly
    not speak out; not attend political meetings or protest demonstrations out of
    fear they might be arrested, lose their job; be put on a government NO Hire
    List, especially if they work for a government agency or contractor—that
    happened in Nazi Germany.

    If you are concerned NSA, The U.S. Military, Homeland
    Security may share your private information with Corporations and local
    neighborhood police, consider the Government’s recent creation of Fusion
    Centers: U.S. Government has laid the groundwork for the covert
    infiltration of Americans. Since 9/11 federal government has established across
    the nation more than 72 Fusion Centers. The Centers were originally established
    to improve the sharing of anti-terrorism intelligence among different state,
    local and federal law enforcement agencies. But since has expanded with
    encouragement of federal government to pursue all crimes and hazards. Fusion
    Centers now pursue for analysis not just criminal and terrorist information,
    but any information that can be derived from police, public records and private
    sector data about Americans. Fusion Centers increasingly involve components of
    the U.S. Military in addition to other government entities to spy on U.S.
    Citizens. Fusion centers heavily rely on local and neighborhood informants for
    information that is shared with Local, State, and Federal Police Agencies.
    Recently Homeland Security began sharing more classified Military information
    with local Fusion Centers, perhaps a mistake; historically local police have
    not kept secrets well. Some Fusion Centers take advantage of ambiguous lines of
    authority to manipulate differences in federal, state and local laws to
    maximize information collection. Increasingly (private security companies and
    their operatives) work so closely with law enforcement and Fusion
    Centers—providing and exchanging information about Americans, they appear
    merged with government/police. Fusion Centers exchange information with select
    U.S. private sector companies; that has enabled fusion centers to escape
    accountability and public oversight. Before Hitler’s Gestapo was
    consolidated with the German Government in 1934 his private Gestapo worked with
    corporation to arrest Citizens and confiscate their private property with no
    legal authority. In 1934 the Gestapo was placed under SS leader Heinrich
    Himmler Chief of German Police. In 1939 all German Police agencies were put
    under the control of the “Reich Main Security Office” the equivalent of
    U.S. Homeland Security.

     

    While the U.S. press
    has on occasion covered Fusion Centers invading the privacy of Citizens, media
    missed Fusion Centers’ involvement in criminal and civil asset forfeitures. It
    was problematic law enforcement and quasi private government contractors would
    gain wider access to Fusion Center data to secure evidence to arrest Americans
    and or civilly forfeit Americans’ homes, businesses and other assets under
    Title 18USC and other laws to keep part of the assets as a commission.