The world’s largest Internet search company and the world’s most powerful electronic surveillance organization are teaming up in the name of cybersecurity.
Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.
Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.
If anyone believes this last sentence, I have a couple bridges in San Francisco that I’m willing to sell … cheap.
The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a “wake-up call.” Cyberspace cannot be protected, he said, without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”
But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that collaboration can lead to continuous government monitoring of private communications. Privacy advocates, concerned about a repeat of the NSA’s warrantless interception of Americans’ phone calls and e-mails after the Sept. 11, 2001, terrorist attacks, say information-sharing must be limited and closely overseen.
“The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?” said Ellen McCarthy, president of the Intelligence and National Security Alliance, an organization of current and former intelligence and national security officials that seeks ways to foster greater sharing of information between government and industry.
Now personally, I long ago gave up a big chunk of my sense of privacy from the government … that’s part and parcel of being a licensed securities representative. I had to have an FBI background check, my fingerprints are on file, and anyone can look up my entire employment history through our regulatory agencies. It sucks, but it comes with the territory.
That doesn’t meant that I want my entire life opened up for the the government to look at anytime they want to (not that I don’t think they can anyway, but why make it easy?).
The National Security Agency operates under the authority of Executive Order 12333, which states the NSA’s goal as “The United States intelligence effort shall provide the President, the National Security Council, and the Homeland Security Council with the necessary information on which to base decisions concerning the development and conduct of foreign, defense, and economic policies, and the protection of United States national interests from foreign security threats.”
The NSA’s goal, at least according to Executive Order 12333, is not to build a better defense of Google’s networks, or what the NSA’s technicians call “information assurance,” and quite frankly, I don’t think that the intelligence community should be getting into the business of consulting for private companies. As the ACLU notes, the NSA has been aggressively promoting themselves as the primary expert in the cybersecurity arena, even though the Department of Homeland Security was originally given the mandate.
If you agree, please let Google’s CEO Eric Schmidt know how you feel by signing this ACLU petition, and pay attention to how this story progresses … although, given comments Schmidt made in a recent CNBC profile, I wouldn’t expect much.
“If you have something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Timestamp 2:01 of the video below. Nice, huh?.