The revelation that Google Inc. is partnering with the National Security Agency to probe a widespread cyber attack has quickened the pulse of privacy advocates.
The Washington Post broke the story last night, citing sources with knowledge of the arrangement and cyber experts. The newspaper said the NSA will help the Mountain View Internet giant analyze sophisticated digital espionage efforts that targeted Google and more than 30 other large companies, and are believed to have originated in China.
The sources said the organizations will share data to aid the investigation, but stressed that the NSA will not view the search or e-mail information of Google customers.
Private sector partnerships with the NSA have proven a particularly touchy topic since the warrantless wiretapping controversy following the 9/11 terrorist attacks, in which phone companies allowed the agency to access the content of certain calls.
Against this backdrop, Consumer Watchdog said Google and the NSA must provide clear explanations of their plans. Advocate John Simpson said in a blog post:
Undoubtedly Googlers can learn something from NSA’s master-spy eavesdroppers, but how much of consumers’ data will Google share with the spy agency?
So far Google and NSA aren’t commenting on the details of what’s under consideration.
It’s incumbent on both parties to be completely transparent about what kind of information is being shared. Sadly, NSA has already demonstrated a willingness to flout the law. If Google wants to maintain any shred of trust from consumers it needs to do more that pledge, "privacy is important" and fall back on the "Don’t be evil" mantra. Tell us exactly what you’re doing with NSA’s cyber spies.
In a similar vein, Scott Cleland of the Precursor blog and Googlemonitor.com said the must be subject to oversight.
My big question… is who and what process in the U.S. Government will keep watch over this pending unprecedented and unparalleled watcher collaboration process, in order to protect Americans privacy?
(The collaboration) opens a Pandorra’s Box (sic) of privacy issues given that Google’s aggressive … business model, policies and practices have shown little respect for people’s privacy in practice over the last decade.
Alan Paller, director of research at the SANS Institute, told Information Week the privacy fears are overblown.
He said Google turned to the agency because of its expertise in cyber-security. Any suggestion it will simply hand over its user data is "completely unrealistic," he told the technology publication.
A Google spokesperson today said: "We care about both the security and privacy of our users and have a long track record of working to safeguard both."
But the company declined to comment on the NSA collaboration beyond pointing to its initial blog post following the attacks last month, in which it said it was working with U.S. authorities.
Google said at the time that e-mail addresses of advocates of human rights in China had been successfully infiltrated. As a result of the surveillance, the company said it had decided to stop filtering search results in China, even if it meant it was forced to shutter its site there.