Reported Google-NSA alliance sets off privacy alarms
Update: Google, NSA may partner on cybersecurity, Washington Post says
Computerworld - In a development that is already causing alarm among privacy advocates, search engine giant Google Inc. is reported to be enlisting the help of the National Security Agency to investigate recent cyberattacks that Google says originated from China.
The Washington Post, quoting unnamed sources, today said that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against future attacks. Under the deal, the NSA would not get access to users' search information or e-mail accounts and Google would not share any proprietary data, the source claimed.
Google approached the NSA shortly after the cyberattacks, which it said were launched from China. However, the deal will take time to hammer out because of the sensitive privacy issues involved. If the deal goes through, it will be the first time that Google has entered into a formal information-sharing relationship with the NSA, the Post quoted its source as saying.
In response to a request for comment, a Google spokesman pointed to a blog post dated Jan. 12 and written by David Drummond, Google's senior vice president and chief legal officer. Titled "A new approach to China," it explains Google's concerns over the attacks, which it said also affected at least 20 other companies.
In the post, Drummond said that after the attacks, Google took the "unusual step" of sharing attack information with a "broad audience." This information, Drummond said, "goes to the heart of a much bigger global debate about freedom of speech." Drummond's post did not say with whom the company shared the attack information.
In an e-mailed statement, an NSA spokeswoman said the agency does not comment on specific relationships it may or may not have with U.S. companies. "We can say as a general matter, however, that as part of its longstanding Information Assurance (IA) Mission, NSA works with a broad range of commercial partners and research associates," on cybersecurity related issues, the statement said.
Even so, the prospect of the world's largest search engine company teaming up with the country's largest spy agency is already setting off alarms within the privacy community.
Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center, said any relationship between the two would be "very problematic."
"We would like to see Google develop stronger security standards and safeguards for protecting themselves," he said. "But everyone knows the NSA has two missions: One is to ensure security, and the other is to enable surveillance."
Whenever the NSA has entered the private security realm, there have been problems, Rotenberg said. In the 1990s, for instance, the NSA's role in network security resulted in weakened encryption standards all around. "We have had a long-running debate about the impact of NSA's role in the security realm," he said. A partnership with Google raises those questions all over again.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts