National Security Agency Pressed to Reveal Details on Google Deal
By John P. Mello Jr.
The Electronic Privacy Information Center is locking horns with the National Security Agency over a secret deal the agency cut with Google following an attack on Gmail by Chinese hackers in 2010.
The information center has filed a Freedom of Information Act request with the NSA to obtain information about the deal. That request was rejected by the agency. That rejection was upheld by a federal court. The hearing on the appeal of that decision is being held today in Washington, D.C.
In its Freedom of Information Act request [PDF], the information center is requesting:
All records concerning an agreement or similar basis for collaboration, final or draft, between the NSA and Google regarding cybersecurity
All records of communication between NSA and Google concerning Gmail, including but not limited to Google’s decision to fail to routinely encrypt Gmail messages prior to Jan. 13, 2010
All records of communications regarding NSA’s role in Google’s decision regarding the failure to routinely deploy encryption for cloud-based computing service, such as Google Docs.
In rejecting the Freedom of Information Act, the NSA declined to either confirm or deny the Google deal. Confirming or denying the Google deal, it argued, would reveal whether the agency had determined that vulnerabilities or cybersecurity issues pertaining to Google or certain of its commercial technologies could make U.S. government information systems susceptible to exploitation or attack.
In addition, it asserted that acknowledging a relationship between the NSA and Google could potentially alert adversaries to the NSA.
The Electronic Privacy Information Center counters that the NSA’s reasons for denying the FOIA are “vague and conclusory” and don’t meet the legal standards for refusal of such a request.
Federal District Court Judge Richard J. Leon sided with the NSA. In a decision [PDF] handed down in July 2011, the judge wrote that the agency properly explained the relevance of the requested information to the NSA’s “Information Assurance” mission to national security and the harm that could be caused by acknowledging the existence/nonexistence of the information.
He called the NSA’s response to the Freedom of Information Act “both logical and plausible” and said it satisfied the legal requirements for such matters.
In its appeal [PDF] of Leon’s decision, the information center argued that the admitting of a deal with Google doesn’t compromise national security.
“While the agency may choose to assert several statutory exemptions if it wishes to withhold records in its possession, acknowledging the existence of unsolicited third-party e-mails sent to the NSA does not reveal any information about the NSA’s functions and activities,” the center argued.
The 2010 Gmail attacks were controversial because they targeted U.S. government officials and because Google claimed the hackers behind the phishing sorties were sponsored by the Chinese government, an allegation that China denies.
One casualty of the attacks was Microsoft Windows, which Google employees began deserting following the incident.