Google has allegedly requested help from the National Security Agency in tracking down hackers who attacked its infrastructure. The development has raised concerns among privacy advocates.
The Washington Post broke the story that Google had turned to the NSA on Thursday, citing anonymous sources.
Security experts and privacy advocates have questioned Google’s motives. Some have warned that this could constitute another attack on American citizens’ civil liberties. Others say the move is part of a scheme by Google to curry favor with the government as it seeks to get more government contracts.
The Electronic Privacy Information Center filed a Freedom of Information Act request and asked for expedited processing with the NSA Thursday. It seeks information on the agency’s arrangements with Google on cybersecurity. It is also looking for records regarding the NSA’s role in setting security standards for Gmail and other Web-based applications.
Google declined to discuss the issue. “We’re not going to comment beyond what we said in our original blog post,” spokesperson Jay Nancarrow told TechNewsWorld. “At the time, we said we are working with the relevant U.S. authorities.”
The blog post to which Nancarrow referred was written by David Drummond, Google’s chief legal officer, and originally posted Jan. 12. The hack attack described in the post was publicized last month and has severely strained relations between Google and the government of China, where the attack is believed to have originated. The attack also targeted at least 20 other large companies, and Google claimed there was evidence suggesting a primary goal of the attackers was to break into the accounts of Chinese human rights activists. The accounts of “dozens” of Gmail users in the United States, Europe and China who advocate human rights in China also appeared to have been “routinely accessed” by third parties, Drummond said.
The attacks on Google have triggered a diplomatic row between Washington and Beijing. However, they may not have come from hackers in China at all: Computer security consultants who worked with other companies that experienced attacks similar to those that hit Google pointed out that the surveillance system was controlled from compromised computers based in Taiwan, The New York Times has reported.
What Is Truth?
There is another possible explanation for Google’s alleged cozying up to the NSA: that it is looking to get more government contracts. The Internet search giant plans to create a dedicated cloud for government customers in the U.S. It has also launched Google Public Sector, a site with tools and tips for government officials.
Further, Google is penetrating local and state governments. The city of Los Angeles has put all of its 30,000 city workers on Gmail and Google’s productivity suite. Other cities in California are also interested, according to reports.
“It’s in Google’s best interest to get the NSA to investigate the hack, and it’s in NSA’s best interest to investigate this issue because some of the companies hacked may well be suppliers to NSA,” Randy Abrams, director of technical education at ESET, pointed out.
“When the company that makes your computers gets hacked, that raises security concerns, and in terms of global business, when another country gets an unfair advantage, that could be a bit of a national security concern,” Abrams told TechNewsWorld.
A great deal of public outcry was directed at the NSA four years ago, when it emerged that the agency was tapping domestic phone lines without warrants.
This time, though, not everyone is quite as perturbed as civil rights organizations like EPIC.
“A precedent was set back in 2006 when the telcos began spying on Americans’ domestic phone calls without legal backing,” ESET’s Abrams pointed out. “If those hackers who hit Google can compromise it, what makes you think the NSA couldn’t? There’s pretty much no privacy on the Internet anyway.”
Americans have to decide whether they prefer security or convenience, Stewart Baker, a distinguished visiting fellow at the center for Strategic and International Studies and a law partner at Steptoe & Johnson, told TechNewsWorld.
“Before we make additional interconnections, we have to recognize that there’s a cost, and we have to be prepared to live with that cost, either in terms of additional security or in terms of vulnerability to attacks,” he explained.
“Adding in the security is something you have to do when you decide we can’t live without the connectivity.”
CSIS provides strategic insights and policy solutions to decision makers in government, international institutions, the private sector and civil society. Baker was the principal author of a report on the dangers of cyberwar to critical infrastructure sponsored by McAfee.
The Ongoing Threat
Whether the attack came from China, Taiwan or elsewhere is less of an issue than what it points to — that cyberattackers are constantly targeting American institutions and corporations.
“Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems and in the very information these systems were intended to convey,” Dennis Blair, U.S. Director of National Intelligence, told the Senate Select Committee on Intelligence earlier this week.
Cyberterrorists and cybercriminals are becoming increasingly sophisticated, and we’re fighting a losing battle against them, Blair pointed out.
That terrifies Baker. “Some very sophisticated companies haven’t been able to prevent attacks by adversaries,” he said. “We’re living in a world where we can’t be sure we can build adequate security to keep people out of our networks, and that’s deeply troubling.”