EPIC files FOIA request over reported Google, NSA partnership
In addition to the information request, privacy group also files lawsuit against NSA
Computerworld - Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues.
In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.
The Post reported that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against cyberattacks.
The report said Google approached the NSA shortly after the recent cyberattacks, which it said originated in China.
The deal does not involve the NSA gaining access to Google users' search information or e-mail accounts, and neither will Google be sharing any proprietary data, the Post said, quoting anonymous sources.
Neither Google nor the NSA confirmed the reporting about the partnership. But the Post quoted an NSA spokeswoman as saying the agency, as part of its "information assurance mission," has been working with a broad range of commercial partners and research associates.
News of the purported agreement is already stirring up a storm in the privacy community. In its FOIA request today, EPIC asked the NSA for all records concerning any agreement between Google and NSA whether in draft or final form.
EPIC also asked the NSA for any communications the agency might have had with Google on the issue of Google's not encrypting Gmail messages prior to the cyberattacks from China but then deciding to implement encryption immediately after the attacks.
"There is particular urgency for the public to obtain information about the relationship between the NSA and Google," EPIC said in its FOIA request. "As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google."
However, James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), cautioned against overstating the privacy concerns. Without all the details, it's hard to know what information exactly Google will share with the NSA, he said.
And he said it's highly unlikely that Google will share personal data with the NSA. All it wants is for the NSA to look at its networks and help them figure out how to protect it against similar attacks, he said. "It has nothing to do with intelligence. That point appears to have been missed," Lewis said.
Meanwhile, EPIC's lawsuit against NSA was filed today in U.S. District Court for the District of Columbia. It seeks the court's intervention in getting the NSA to divulge details on the authority it has been granted on domestic cybersecurity matters under National Security Presidential Directive 54 (NPSD54). The classified directive, which is also known as Homeland Security Presidential Directive 21, was issued during the Bush Administration.
The directive was used to set up a highly classified, multi-billion dollar cybersecurity program called the Comprehensive National Cybersecurity Initiative (CNCI), which is designed to bolster the ability of federal networks to detect and respond to cyber-intrusions.
Lawmakers, industry executives and privacy advocacy groups including EPIC have urged the government to release more information on CNCI and the NSA's role. EPIC has previously filed FOIA requests with the NSA asking for the information. Its lawsuit stems from what EPIC claims has been the NSA's failure to comply with statutory deadlines for providing the information.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Privacy in Computerworld's Privacy Topic Center.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Privacy White Papers | Webcasts