Google’s facing a gaggle of questions over reports that it’s working with the National Security Agency. According to a story first published by The Washington Post on Thursday, Google’s enlisting the help of the NSA to better secure its electronic assets. The partnership is reportedly a response to the recent attack on Google’s networks — you know, the one that led to the whole “we’re leaving China” debacle.
I’ll leave those last two in your hands to decide. As for the rest, I spent some time sifting through the facts to find some answers.
Is the Google-NSA alliance really happening?
On the record, no one is saying much. The original story in The Post cites “sources with knowledge of the arrangement ” for its information. A follow-up story by The New York Times refers to details provided by “a person with direct knowledge of the agreement.”
An NSA spokesperson told me the following:
“NSA is not able to comment on specific relationships we may or may not have with U.S. companies. We can say as a general matter, however, that … [the] NSA works with a broad range of commercial partners and research associates.”
A Google spokesperson also declined to comment specifically on the claims, though he did point to the company’s original blog posting about the cyberattacks. The blog states that Google is “working with the relevant U.S. authorities.”
What would be the point of a Google-NSA partnership?
In theory, the NSA could help Google defend its systems (and thus your information) from future attacks. The newspapers’ reports describe the arrangement as providing a kind of “technical assistance” that’d allow Google to better understand who breached its network and how they managed to pull it off.
Would the government gain access to my personal information?
Thus far, most signs point to no. Sources from both The Post and The Times say Google would not share user search data or e-mail information as part of the NSA partnership.
Why would Google work with the NSA instead of the Department of Homeland Security?
This is an interesting point: The Department of Homeland Security apparently has the legal authority to investigate criminal acts in America, while the NSA does not. The report in The New York Times suggests this distinction shows Google is trying to “avoid having its search engine, e-mail and other Web services regulated as part of the nation’s ‘critical infrastructure.'”
Has the NSA worked with Google before?
According to the anonymous sources, this would mark the first time Google has teamed up with the NSA for any type of “formal information-sharing relationship.”
“The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans, most of whom aren’t suspected of any crime,” USA Today reported at the time. “The spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity.”
So is there cause for concern now?
Both sources who provided the Google-NSA information say this arrangement isn’t about sharing user data, but rather analyzing Google’s networks and the apparent weaknesses that were exploited. Google would more likely be sharing details about the attacks and the malicious code that was detected, the sources say.
“We would like to see Google develop stronger security standards and safeguards for protecting themselves,” EPIC Executive Director Marc Rotenberg told PCWorld sister publication Computerworld. “But everyone knows the NSA has two missions. One is to ensure security and the other is to enable surveillance.”
Where can I read more?
Since neither Google nor the NSA is formally acknowledging any partnership as of now, official information is tough to come by. You can, however, read Google’s original blog post about the attacks and its relationship with China. You can also check out the NSA’s Information Assurance Web site, which talks about the agency’s focus on protecting information systems.