Google-NSA collaboration draws alarm

February 5th, 2010

Wanted: Inside sales rep to hawk online services to U.S. spy agencies.

Perks: Employer has search monopoly — and warm leads at top spy organizations.

That’s one takeaway of reports that Google has asked the secretive National Security Agency to help track down the cyberattackers who recently breached its network. More on this below.

Reporter Ellen Nakashima’s front page story in the Washington Post yesterday, 04Feb2010, has rekindled simmering concerns about corporations collaborating in the shadows with the government’s top sleuth agency. Nakashima’s report used Deep Throat sources to flush out a substantive development in the finest tradition of Woodward and Bernstein.

You may recall how privacy and civil liberties activists raised a hew and cry in 2006 after an investigation, by USA TODAY’S ace telecom reporter Leslie Cauley, revealed how the NSA secretly analyzed phone records of tens of millions of Americans.

High potential for abuse

At the time, public backlash was directed mainly at telecom giants AT&T, Verizon and BellSouth for so readily giving up their customers’ private phone records to a government agency.

In a similar vein, Google, the world’s dominant search service, amasses data on the surfing habits of most Internet users, and stores vast amounts of sensitive data belonging to users of its popular Gmail and Google Apps online services, says Amrit Williams, CTO of security firm Big Fix.

Because the NSA is an “opaque intelligence organization . . .the potential for abuse of private information at the intelligence or government level is very high,” he says.

Google CEO Eric Schmidt did little to allay the fears of privacy and civil liberty advocates in this interview last December with CNBC financial reporter Maria Bartiromo. Schmidt says on camera:

The reality is that search engines, including Google, do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.

It’s understandable the Google and other corporations might covet the NSA’s expertise at quelling cyber attacks; the agency possess unsurpassed intelligence gathering technologies and know how, says Jody Westby, CEO of consulting firm Global Cyber Risk and a distinguished fellow at the Carnegie Mellon CyLab think tank.

Mysterious agenda

Yet the cyber attackers who breached Google’s network and some 30 other tech, financial and media corporations in late December and early January used conventional messaging trickery and infection methods. So much so that security firm McAfee with in a couple of days of Google’s crying foul went public with extensive analysis of the distinctive  attacks, dubbed “Operation Aurora.”

So why tap the NSA when top-notch forensics is readily available from dozens of tech security firms?

“Company’s don’t usually run and ask the government to get involve in their business,” says Westby. “The attacks may be more sophisticated than we think. I think they (Google) is really trying to preserve their brand.”

Gunter Ollman, head of research at security firm Damballa, says there is a “a high probability” that Chinese nationals were involved. Whether anyone can prove the Chinese government was behind the attacks is another matter. Attacks that trace back to China are “state sponsored, endorsed or, at the very least, ignored by the Chinese government,” observes Ollman.

Given that long-held conventional wisdom, Jeff Chester, executive director of the Center for Digital Democracy, wonders what a search company that collects and distributes public and private data for commercial reasons might gain by turning to a U.S. spy agency for help.

Selling to spy agencies

He points out that Google is actively seeking an experienced sales rep at its Washington D.C. offices whose job will be to sell to the intelligence community. According to Google’s job description, whoever gets the job selling its wares to spy agencies must:

  • Be responsible for the entire sales process from Prospecting to Close.
  • Lead Generation/outbound calling and warm lead follow up.
  • Understand Customer Needs and requirements.
  • Present and articulate advanced product features and benefits of Google Enterprise solutions.
  • Provide on-line demonstrations.
  • Close Sales and achieve sales quotas. Be able to sell and differentiate in a competitive environment.

“Another real problem is that Google is working to curry favor with the NSA, CIA, DoD and others in order to sell its services and make greater profits,” says Chester.

Big Fix CTO Williams offers this takeaway:

The NSA is also one of the nations most secretive and opaque intelligence organizations and creating a balance between the information and enablement they can provide to private sector companies, such as Google, and the impact this may have on personal privacy is the major concern. The potential for abuse of private information at the intelligence or government level is very high. Some may argue that national security is more important than personal privacy and that if you have nothing to hide you have nothing to fear, but imagine the impact on one’s willingness to speak frankly about life threatening medical or legal issues if one felt that the privacy, that we as US citizens are guaranteed and hold so dear, will be compromised for the sake of security.

The United States has always struggled with finding a balance between national security and civil liberties, the question that we need to pose today is are we ready to compromise our liberty for the perception of short-term safety, especially knowing that this relationship sets a very dangerous precedent for the future involvement of Government within evolving commercial technologies of the tomorrow?

A Google spokesperson pointed out the company’s Jan. 12 public statement about cyberattacks and censorhips in China and declined further comment.

By Byron Acohido