Google asks the NSA for help: Smart decision
Recently Sam Diaz and Tom Foremski became concerned with this story first published in the Washington Post, about an agreement between Google and the National Security Agency that would help identify what went wrong and how to potentially defend against future attacks that occurred in December at Google's facilities in China.
Sam wasn't shy on his concerns;
In part, this is troublesome because a dark cloud over the NSA was born under a different political climate, one where there was widespread distrust about the government's intrusion into private lives, with any sort of poaching of individual rights hiding under the "We're fighting a war against terror" argument.
Secondly, this bothers me because Google is turning to the government for help in protecting the infrastructure. I mean no disrespect to my country or my government but I have to ask: Is Washington really the best choice if you're looking for help with something as serious as cyber security. After all, I wouldn't exactly place any Washington agency at the cutting edge when it comes to fighting what was referred to as one of the most sophisticated cyber attacks experts had ever seen.
His points are valid. The NSA is one of the most secretive organizations in the world. The NSA is also an agency that does not strut when it has had successes but is always in the news when failures are pointed in their direction. Signals intelligence has a rich history that is steeped in technology and human creativity. The NSA's main function is to collect and analyze data. Sam's vision has the potential that screams conspiracy every nanosecond you leave your computer on. The NSA has come along way since the days of the Enigma.
Tom's post writes that the ACLU has serious concerns with NSA's involvement with Google with respects to concerns over privacy and access to information on U.S. citizens. Of course it has data on U.S. citizens, that's not in question. It's how they obtained the information that the ACLU has concerns about, which has consistently believed that no U.S. citizen abroad or at home should be spied upon by the NSA. The ACLU has also stated that there is no oversight of the NSA.
The NSA has more oversight than you can possibly imagine; it's simply not oversight that is always publicly available for download on C-SPAN. The Senate Select Intelligence Committees routinely have open and closed door sessions regarding intelligence information collected by the NSA. Since the committee is bipartisan, the likelihood of a major cover-up of abuse is low. As per section 3 of EO 12333:
General Provisions
3.1Congressional Oversight. The duties and responsibilities of the Director of Central Intelligence and the heads of other departments, agencies, and entities engaged in intelligence activities to cooperate with the Congress in the conduct of its responsibilities for oversight of intelligence activities shall be as provided in title 50, United States Code, section 413. The requirements of section 662 of the Foreign Assistance Act of 1961, as amended (22 U.S.C. 2422), and section 501 of the National Security Act of 1947, as amended (50 U.S.C. 413), shall apply to all special activities as defined in this Order.
The ACLU accuses the NSA of spying on American citizens. That's not illegal, providing it complies with U.S. Law. The most common occurrence is when U.S. Citizens are abroad or when a foreign citizen initiates a communications link from within the U.S. to a point established outside of its jurisdiction and linked to a U.S. citizen.
Executive Order 12333, 46 FR 59941, 3 CFR, 1981, has the following sections, ensuring compliance to Federal Law:
2.3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided by Part 1 of this Order. Those procedures shall permit collection, retention and dissemination of the following types of information: (a) Information that is publicly available or collected with the consent of the person concerned; (b) Information constituting foreign intelligence or counterintelligence, including such information concerning corporations or other commercial organizations. Collection within the United States of foreign intelligence not otherwise obtainable shall be undertaken by the FBI or, when significant foreign intelligence is sought, by other authorized agencies of the Intelligence Community, provided that no foreign intelligence collection by such agencies may be undertaken for the purpose of acquiring information concerning the domestic activities of United States persons; (c) Information obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation; (d) Information needed to protect the safety of any persons or organizations, including those who are targets, victims or hostages of international terrorist organizations; (e) Information needed to protect foreign intelligence or counterintelligence sources or methods from unauthorized disclosure. Collection within the United States shall be undertaken by the FBI except that other agencies of the Intelligence Community may also collect such information concerning present or former employees, present or former intelligence agency contractors or their present or former employees, or applicants for any such employment or contracting; (f) Information concerning persons who are reasonably believed to be potential sources or contacts for the purpose of determining their suitability or credibility; (g) Information arising out of a lawful personnel, physical or communications security investigation; (h) Information acquired by overhead reconnaissance not directed at specific United States persons; (i) Incidentally obtained information that may indicate involvement in activities that may violate federal, state, local or foreign laws; and (j) Information necessary for administrative purposes. In addition, agencies within the Intelligence Community may disseminate information, other than information derived from signals intelligence, to each appropriate agency within the Intelligence Community for purposes of allowing the recipient agency to determine whether the information is relevant to its responsibilities and can be retained by it.
Providing that the terms and conditions of the agreement between the NSA and Google are made public, I would suggest that this is the right management decision for Google and for its customers. Providing that the appropriate project and analysis tools are used, customers should rest easy knowing their privacy and data would not be violated. For the NSA, this is an opportunity to demonstrate transparency to the public.
Taking into consideration the complexity Google faces in its global operations, the volume of data it manages and warehouses, it's my belief that the only organization in the world that could even attempt to understand the complexities Google faces daily is, in fact, the NSA.
Other Resources:
China, why it is doing this and is it worth the risks.
Google asks the NSA for help: Smart decision
U.S. arms sale to Taiwan may throw Google negotiations in China out the window
Update: On Feb. 10th before a hearing before a Congressional Committee on Foreign Affairs EPIC testified that any agreement between the NSA and Google should be made public.