EPIC files FOIA request over reported Google, NSA partnership
In addition to the information request, privacy group also files lawsuit against NSA
Computerworld - Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues.
In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.
The Post reported that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against cyberattacks.
The report said Google approached the NSA shortly after the recent cyberattacks, which it said originated in China.
The deal does not involve the NSA gaining access to Google users' search information or e-mail accounts, and neither will Google be sharing any proprietary data, the Post said, quoting anonymous sources.
Neither Google nor the NSA confirmed the reporting about the partnership. But the Post quoted an NSA spokeswoman as saying the agency, as part of its "information assurance mission," has been working with a broad range of commercial partners and research associates.
News of the purported agreement is already stirring up a storm in the privacy community. In its FOIA request today, EPIC asked the NSA for all records concerning any agreement between Google and NSA whether in draft or final form.
EPIC also asked the NSA for any communications the agency might have had with Google on the issue of Google's not encrypting Gmail messages prior to the cyberattacks from China but then deciding to implement encryption immediately after the attacks.
"There is particular urgency for the public to obtain information about the relationship between the NSA and Google," EPIC said in its FOIA request. "As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google."
However, James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), cautioned against overstating the privacy concerns. Without all the details, it's hard to know what information exactly Google will share with the NSA, he said.
And he said it's highly unlikely that Google will share personal data with the NSA. All it wants is for the NSA to look at its networks and help them figure out how to protect it against similar attacks, he said. "It has nothing to do with intelligence. That point appears to have been missed," Lewis said.
Meanwhile, EPIC's lawsuit against NSA was filed today in U.S. District Court for the District of Columbia. It seeks the court's intervention in getting the NSA to divulge details on the authority it has been granted on domestic cybersecurity matters under National Security Presidential Directive 54 (NPSD54). The classified directive, which is also known as Homeland Security Presidential Directive 21, was issued during the Bush Administration.
The directive was used to set up a highly classified, multi-billion dollar cybersecurity program called the Comprehensive National Cybersecurity Initiative (CNCI), which is designed to bolster the ability of federal networks to detect and respond to cyber-intrusions.
Lawmakers, industry executives and privacy advocacy groups including EPIC have urged the government to release more information on CNCI and the NSA's role. EPIC has previously filed FOIA requests with the NSA asking for the information. Its lawsuit stems from what EPIC claims has been the NSA's failure to comply with statutory deadlines for providing the information.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts