Report: Google in talks with NSA to team up on defense partnership

Discuss

29 Responses to “Report: Google in talks with NSA to team up on defense partnership”

  1. Anonymous says:

    First this, then Skynet. The end.

  2. Flyne says:

    Read the article, people. This is not about Google helping the NSA catch terrorists / spy on you. This is about the NSA helping Google catch hackers.

    “Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.”

  3. sapere_aude says:

    This makes perfect sense. We often think of NSA as the U.S. government agency responsible for eavesdropping; which it is. But it’s actually more than that. It’s also the primary U.S. government agency responsible for cybersecurity, and protecting the U.S. information infrastructure against foreign cyberattacks. So it’s only natural that Google and NSA would want to cooperate to investigate Chinese cyberattacks against Google.

  4. Paul says:

    Remember that the NSA is not just a communications interception organisation, it is also partly responsible for US communications security (especially wrt government comms).

    That is why it was involved in the development of the AES encryption standard that most of us use every day without realising it.

    Also, in pretty much any circumstances, techies/math geeks from the NSA are the smartest people in the room. If you want to secure your systems, they are the people you want to help you.

    • jackie31337 says:

      “Remember that the NSA is not just a communications interception organisation, it is also partly responsible for US communications security (especially wrt government comms).

      That is why it was involved in the development of the AES encryption standard that most of us use every day without realising it.”

      And that dual mission (and the ensuing conflict of interest) are why the NSA has repeatedly argued in the past for encryption standards that are JUST adequate for the average threat profile, without being strong enough that they can’t break it themselves. One example (There are many, many other examples. Remember the clipper chip?) is the DES encryption algorithm: the NSA pushed for a weaker implementation with reduced key length. The NSA did improve the implementation with stronger S-boxes that made differential cryptanalysis more difficult (which was not public knowledge at the time) but they pushed for reduction of the key length from 128 bits to 48 bits. Eventually the NSA settled for the 56 bits with 8 bits of parity that we know today due to complaints from the original developers.

      It is also common policy within the US government to classify private sector and academic security research and development that is believed to be too strong should it get into the public’s hands. The RSA algorithm is one of the most famous examples of technology that slipped through and created a huge ruckus (IIRC, I read this in The Code Book by Simon Singh). Rivest, Shamir and Adleman wrote the algorithm itself in one night, but spent about a week writing the patent application in such a way that it would have a chance of slipping through the NSA’s scrutiny (as the NSA has the ability to classify any patented or copyrighted work that falls under any of their fields of interest). When the patent was applied for, the algorithm was specifically described as an algorithm for financial transactions. This caused it to be waved through instead of being reviewed by the NSA as a potential national security issue. In fact, while many of the publication and export restrictions have now been lifted, it is still required to go through an approval process with the Bureau of Industry and Security, which forwards all applications to the NSA for their approval before any computer security or encryption technology can be released to the public.

      In summary, the NSA has both an offensive mission (gathering intelligence about potential threats) and a defensive mission (developing or guiding development of security technologies to protect against those threats). Those two things just can’t coexist peacefully, and historically the offensive mission has been given priority.

  5. holtt says:

    Honestly what makes me shudder is the thought of places like Google being hacked. The idea of an internet 9/11 isn’t so far fetched.

  6. lolargh says:

    “…allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications…”

    Uhmm… and what about online communicatons of non-Americans?
    Just asking.

  7. Flyne says:

    @Anon 19:
    >”A company that we trust to be private has no business dealing with an organization who’s job is to undermine it.”
    Sure it does. No one cries foul when Walmart hands over security tapes to police investigating shoplifting, do they? As I read it that’s exactly what is happening here.

    @Anon 20:
    For some things, Google is your best bet for open-source software off the Google grid. Build your own Chromium. In practice, though, if “they” were after you they’d go through the telcos anyway.

  8. EH says:

    This is just the NSA paying Google for access to the newly-uncensored Google results. The spooks want to see what the…Chinese…are curious about, what they search for when they can finally get unhindered results.

  9. freeyourcrt says:

    NSA scratches Googles back and Google returns the favor.

    @1 The state inevitably moving toward tyranny is always a good bet, but it doesn’t put a grin on my face.

  10. davegroff says:

    I for one welcome our new military industrial overlords. Oh wait…

  11. Anonymous says:

    >This is not about Google helping the NSA catch terrorists / spy on you. This is about the NSA helping Google catch hackers.

    The cry of every authoritarian state everywhere – you have nothing to fear unless you are a terrorist.

    A company that we trust to be private has no business dealing with an organization who’s job is to undermine it.

    Google may not be evil but it is dancing with the devil.

    • jackie31337 says:

      “The cry of every authoritarian state everywhere – you have nothing to fear unless you are a terrorist.”

      How does the saying go? The 8 scariest words you can ever hear are “I’m from the government. I’m here to help.”

  12. Anonymous says:

    Can’t shake the devil’s hand and say you’re only kidding.

    My question is: what’s our alternative to unplugging from google? their technology is quite useful, so what simple, user-friendly open-source options are there for those of us who want to live off the google grid but aren’t tech geeks?

  13. Jaotsu says:

    http://www.theregister.co.uk/2010/01/14/cyber_assault_followup/

    Quoted from article, “Hackers who breached the defenses of Google, Adobe Systems and at least 32 other companies used a potent vulnerability in all versions of Internet Explorer to carry out at least some of the attacks, researchers from McAfee said Thursday. The previously unknown flaw in the IE browser was probably just one of the vectors used in the attacks, McAfee CTO George Kurtz wrote in a blog post. Using a sophisticated spear-phishing campaign, the perpetrators included malicious links exploiting the bug in emails and instant messages sent to employees from at least three of the targeted companies. Contrary to previous speculation, there was no evidence vulnerabilities in Adobe’s Reader or Acrobat applications were used in any of the attacks, Kurtz said. In its own statement, adobe concurred, saying researchers “have not been able to obtain any evidence to indicate that Adobe Reader or other Adobe echnologies were used as the attack vector in this incident.” Kurtz said his findings were based on malware samples taken from “three to five” of the targeted companies and he stressed that other zero days or exploits could have been used against other victims.”

    Most likely Adobe Flash…

  14. jphilby says:

    “The 8 scariest words you can ever hear are” “Well, I’m Ronald Reagan. I’m here to help.”

  15. Thorzdad says:

    I think the crowd who have long claimed Google was funded by US intelligence agencies in the first place, are going to be walking around with a smug little grin today.

  16. Cactaur says:

    Looks like we’re now officially Scroogled.

  17. nanuq says:

    I gather that “Don’t be evil” has been renegotiated.

  18. Anonymous says:

    UH-oh.

  19. Anonymous says:

    If I didn’t know that U.S. intelligence agencies were too incompetent to fake the Chinese attack on Google, then I would think they had done it to provoke exactly this sort of reaction. If Google is worried about what they might catch from sleeping with the Chinese government they had better double up on the condoms if they plan to get in bed with the NSA.

  20. zikman says:

    I am literally shuddering at the thought

  21. Talia says:

    From the post: “The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data. ”

    So why are you (commenters, at least) freaking out about this?

    • Lobster says:

      Talia’s right, we shouldn’t be freaking out about this article. We should be freaking out because the NSA does that anyway and would never tell us about it (as that would breach national security somehow).

    • Anonymous says:

      Because the NSA isn’t exactly a beacon of honesty. And how will we ever know what they’re really looking at?

  22. Manny says:

    No one is evil in his own story. “Don’t DO evil” is much stronger.

    And we all knew this was coming, right?

    • jackie31337 says:

      If it weren’t for the fact that Google approached the NSA and not the other way around (assuming it’s true), I would have to wonder if the attacks against Google were staged specifically as a pretext to form this partnership. /tinfoil hatter

  23. Anonymous says:

    Reading that someone believes the NSA to be “the world’s most powerful electronic surveillance organization” is going to have me chuckling all day.

  24. Anonymous says:

    Steve Jobs last week: Google’s ‘Don’t Be Evil’ Mantra is ‘Bullshit.’

    http://www.wired.com/epicenter/2010/01/googles-dont-be-evil-mantra-is-bullshit-adobe-is-lazy-apples-steve-jobs/

Leave a Reply