EPIC files FOIA request over reported Google, NSA partnership
In addition to the information request, privacy group also files lawsuit against NSA
Computerworld - Privacy advocacy group Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) request with the National Security Agency (NSA) asking for details on the agency's purported partnership with Google Inc. on cybersecurity issues.
In a separate action that was also taken today, EPIC filed a lawsuit against the NSA and the National Security Council, seeking more information on the NSA's authority over the security of U.S. computer networks.
The Post reported that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against cyberattacks.
The report said Google approached the NSA shortly after the recent cyberattacks, which it said originated in China.
The deal does not involve the NSA gaining access to Google users' search information or e-mail accounts, and neither will Google be sharing any proprietary data, the Post said, quoting anonymous sources.
Neither Google nor the NSA confirmed the reporting about the partnership. But the Post quoted an NSA spokeswoman as saying the agency, as part of its "information assurance mission," has been working with a broad range of commercial partners and research associates.
News of the purported agreement is already stirring up a storm in the privacy community. In its FOIA request today, EPIC asked the NSA for all records concerning any agreement between Google and NSA whether in draft or final form.
EPIC also asked the NSA for any communications the agency might have had with Google on the issue of Google's not encrypting Gmail messages prior to the cyberattacks from China but then deciding to implement encryption immediately after the attacks.
"There is particular urgency for the public to obtain information about the relationship between the NSA and Google," EPIC said in its FOIA request. "As of 2009, Gmail had roughly 146 million monthly users, all of whom would be affected by any relationship between the NSA and Google."
However, James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS), cautioned against overstating the privacy concerns. Without all the details, it's hard to know what information exactly Google will share with the NSA, he said.
And he said it's highly unlikely that Google will share personal data with the NSA. All it wants is for the NSA to look at its networks and help them figure out how to protect it against similar attacks, he said. "It has nothing to do with intelligence. That point appears to have been missed," Lewis said.
Meanwhile, EPIC's lawsuit against NSA was filed today in U.S. District Court for the District of Columbia. It seeks the court's intervention in getting the NSA to divulge details on the authority it has been granted on domestic cybersecurity matters under National Security Presidential Directive 54 (NPSD54). The classified directive, which is also known as Homeland Security Presidential Directive 21, was issued during the Bush Administration.
The directive was used to set up a highly classified, multi-billion dollar cybersecurity program called the Comprehensive National Cybersecurity Initiative (CNCI), which is designed to bolster the ability of federal networks to detect and respond to cyber-intrusions.
Lawmakers, industry executives and privacy advocacy groups including EPIC have urged the government to release more information on CNCI and the NSA's role. EPIC has previously filed FOIA requests with the NSA asking for the information. Its lawsuit stems from what EPIC claims has been the NSA's failure to comply with statutory deadlines for providing the information.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Privacy in Computerworld's Privacy Topic Center.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!