EPIC files FOIA request over reported Google, NSA partnership
In addition to the information request, privacy group also files lawsuit against NSA
Computerworld - Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues.
In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.
The Post reported that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against cyberattacks.
The report said Google approached the NSA shortly after the recent cyberattacks, which it said originated in China.
The deal does not involve the NSA gaining access to Google users' search information or e-mail accounts, and neither will Google be sharing any proprietary data, the Post said, quoting anonymous sources.
Neither Google nor the NSA confirmed the reporting about the partnership. But the Post quoted an NSA spokeswoman as saying the agency, as part of its "information assurance mission," has been working with a broad range of commercial partners and research associates.
News of the purported agreement is already stirring up a storm in the privacy community. In its FOIA request today, EPIC asked the NSA for all records concerning any agreement between Google and NSA whether in draft or final form.
EPIC also asked the NSA for any communications the agency might have had with Google on the issue of Google's not encrypting Gmail messages prior to the cyberattacks from China but then deciding to implement encryption immediately after the attacks.
"There is particular urgency for the public to obtain information about the relationship between the NSA and Google," EPIC said in its FOIA request. "As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google."
However, James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), cautioned against overstating the privacy concerns. Without all the details, it's hard to know what information exactly Google will share with the NSA, he said.
And he said it's highly unlikely that Google will share personal data with the NSA. All it wants is for the NSA to look at its networks and help them figure out how to protect it against similar attacks, he said. "It has nothing to do with intelligence. That point appears to have been missed," Lewis said.
Meanwhile, EPIC's lawsuit against NSA was filed today in U.S. District Court for the District of Columbia. It seeks the court's intervention in getting the NSA to divulge details on the authority it has been granted on domestic cybersecurity matters under National Security Presidential Directive 54 (NPSD54). The classified directive, which is also known as Homeland Security Presidential Directive 21, was issued during the Bush Administration.
The directive was used to set up a highly classified, multi-billion dollar cybersecurity program called the Comprehensive National Cybersecurity Initiative (CNCI), which is designed to bolster the ability of federal networks to detect and respond to cyber-intrusions.
Lawmakers, industry executives and privacy advocacy groups including EPIC have urged the government to release more information on CNCI and the NSA's role. EPIC has previously filed FOIA requests with the NSA asking for the information. Its lawsuit stems from what EPIC claims has been the NSA's failure to comply with statutory deadlines for providing the information.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Privacy in Computerworld's Privacy Topic Center.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!