Google and N.S.A. secret agreement could impact privacy of millions

[Cees Binkhorst]

REPLY TO: D66 at nic.surfnet.nl

That's a suprise!

Groet / Cees

February 5, 2010
Google Asks Spy Agency for Help With Inquiry Into Cyberattacks
http://www.nytimes.com/2010/02/05/science/05google.html
By JOHN MARKOFF

Google has turned to the National Security Agency for technical
assistance to learn more about the computer network attackers who
breached the company’s cybersecurity defenses last year, a person with
direct knowledge of the agreement said Thursday.

The collaboration between Google, the world’s largest search engine
company, and the federal agency in charge of global electronic
surveillance raises both civil liberties issues and new questions about
how much Google knew about the electronic thefts it experienced when it
stated last month that it might end its business operations in China.
The agreement was first reported on Wednesday evening by The Washington
Post.

By turning to the N.S.A., which has no formal legal authority to
investigate domestic criminal acts, instead of the Department of
Homeland Security, which does have such authority, Google is clearly
seeking to avoid having its search engine, e-mail and other Web services
regulated as part of the nation’s “critical infrastructure.”

The United States government has become increasingly concerned about the
computer risks confronting energy and water distribution systems and
financial and communications networks. Systems designated as critical
infrastructure are increasingly being held to tighter regulatory standards.

On Jan. 12, Google announced a “new approach to China” on a company Web
site, stating that the attacks were “highly sophisticated” and that the
company believed they had originated in China. At the time, it gave few
details about the attack other than saying that a theft of its
intellectual property had occurred and that a primary goal of the
attackers had been to access the Gmail accounts of Chinese human rights
activists.

In reaching out to the N.S.A., which has extensive capabilities to
monitor global Internet traffic, the company may have been hoping to
gain more certainty about the identity of the attackers. A number of
computer security consultants, who worked with other companies that
experienced similar attacks to Google, have stated that the surveillance
system was controlled from a series of compromised server computers
based in Taiwan. It has not been made clear how Google determined that
the attacks originated in the China.

A Google spokeswoman said the company was declining to comment on the
case beyond what it published last month. The N.S.A. did not respond
immediately to a request for comment.

The agreement will not permit the agency to have access to information
belonging to Google users, but it still reopens long-standing questions
about the role of the agency.

“Google and N.S.A. are entering into a secret agreement that could
impact the privacy of millions of users of Google’s products and
services around the world,” said Marc Rotenberg, executive director of
the Electronic Privacy Information Center, a Washington-based policy
group. On Thursday, the organization filed a lawsuit against the N.S.A.
calling for the release of information about the agency’s role as it was
set out in National Security Presidential Directive 54, a classified
2008 order issued by former President Bush dealing with cybersecurity
and surveillance.

Concerns about the nation’s cybersecurity have greatly increased in the
past two years. On Tuesday, Dennis C. Blair, the director of the Office
of National Intelligence, began his annual threat testimony before
Congress by saying that the threat of a crippling attack on
telecommunications and other computer networks was growing, as an
increasingly sophisticated group of enemies had “severely threatened”
the sometimes fragile systems undergirding the country’s information
infrastructure.

“Malicious cyberactivity is occurring on an unprecedented scale with
extraordinary sophistication,” he told the committee.

His emphasis on the threat points up the growing concerns among American
intelligence officials about the potentially devastating results of a
coordinated attack on the nation’s technology apparatus, sometimes
called a “cyber-Pearl Harbor.”

He said that the surge in cyberattacks, including the penetration of
Google’s servers from China, was a “wake-up call” for those who
dismissed the threat of computer warfare. “Sensitive information is
stolen daily from both government and private-sector networks,
undermining confidence in our information systems, and in the very
information these systems were intended to convey,” Mr. Blair said.

The relationship that the N.S.A. has struck with Google is known as a
cooperative research and development agreement, according to a person
who has been briefed on the relationship. These were created as part of
the Federal Technology Transfer Act of 1986 and are essentially a
written agreement between a private company and a government agency to
work together on a specific project. They were intended to help
accelerate the commercialization of government-developed technology.

In addition to the N.S.A., Google has been working with the F.B.I. on
the attack inquiry, but the bureau has so far declined to comment
publicly or to share information about the intrusions with Congress.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********