Court: Any Partnership Between Google and NSA Can Remain Secret
LINK

A federal appeals court in Washington today said any communication about cybersecurity and encryption between Google Inc. and the National Security Agency can remain secret.

The U.S. Court of Appeals for the D.C. Circuit upheld the dismissal of a public records suit that an advocate for online privacy rights, the Electronic Privacy Information Center, filed in Washington's federal trial court. EPIC was exploring any partnership between Google and the NSA following a cyber attack against Google in 2010.

Writing for a unanimous three-judge panel, Judge Janice Rogers Brown rejected the argument that any partnership between Google and the NSA should be officially disclosed through a records request because the company and the agency's connection was earlier revealed in news articles.

“The fact that limited information regarding a clandestine activity has been released does not mean that all such information must be released,” said Brown, on the appellate panel with Judge Brett Kavanaugh and Senior Judge Douglas Ginsburg.

The appeals court said the NSA has never officially acknowledged a collaboration with Google and “the national media are not capable of waiving NSA’s statutory authority to protect information related to its functions and activities.”

The Justice Department’s Catherine Hancock, representing the NSA in the D.C. Circuit, argued disclosing any communication between Google and the spy agency would reveal a protected function or activity of the NSA.

Hancock said the requested records, including all records of any partnership agreement between Google and the NSA, are exempt from public disclosure. The D.C. Circuit agreed. Brown also took a bigger-picture stance.

“[I]f private entities knew that any of their attempts to reach out to NSA could be made public through a FOIA request, they might hesitate or decline to contact the agency, thereby hindering its Information Assurance mission,” Brown wrote.

The D.C. Circuit said any response to EPIC’s records request “might reveal whether NSA did or did not consider a particular cybersecurity incident, or the security settings in particular commercial technologies, to be a potential threat to U.S. Government information systems.”

EPIC executive director Marc Rotenberg, who argued for the privacy group in the D.C. Circuit, argued among other things that unsolicited communication from Google to the NSA is not exempt. Any records the NSA has that pertain only to Google, and not the agency’s mission, should not remain secret, Rotenberg said.

In a statement today, Rotenberg said “the NSA arrangement with Google was widely reported in the national media and even former NSA director Mike McConnell said that such a collaboration was ‘inevitable.’”

Rotenberg said as Congress considers cybersecurity proposals, “the decision in EPIC v. NSA is a powerful reminder of the price that will be paid in government accountability.”

“If the NSA is unwilling to acknowledge its ties with the Internet’s largest firm, even after it is widely reported in the national media, then there is little reason to believe that Congress or the public will have any ability to assess the effectiveness of the agency in this critical area.”

DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA

The Justice Department is defending the government's refusal to discuss—or even acknowledge the existence of—any cooperative research and development agreement between Google and the National Security Agency.

The Washington based advocacy group Electronic Privacy Information Center sued in federal district court here to obtain documents about any such agreement between the Internet search giant and the security agency.

The NSA responded to the suit with a so-called “Glomar” response in which the agency said it could neither confirm nor deny whether any responsive records exist. U.S. District Judge Richard Leon in Washington sided with the government last July.

A three-judge panel of the U.S. Court of Appeals for the D.C. Circuit is scheduled to hear the dispute March 20.

EPIC filed a Freedom of Information Act request in early 2010, noting media reports at the time that the NSA and Google had agreed to a partnership following the cyber attacks in China that year against Google.

EPIC asked for, among other things, communication between the NSA and Google about Gmail and Google’s “decision to fail to routinely encrypt” messages before Jan. 13, 2010.

The NSA’s response to the request for records noted that the agency “works with a broad range of commercial partners and research associations” to ensure the availability of secure information systems. The agency, however, refused to confirm or deny any partnership with Google.

The security agency said it routinely monitors vulnerabilities in commercial technology and cryptographic products because the government relies heavily on private companies for word processing systems and e-mail software.

“If NSA determines that certain security vulnerabilities or malicious attacks pose a threat to U.S. government information systems, NSA may take action,” DOJ Civil Division lawyers Catherine Hancock and Douglas Letter said in a brief in the D.C. Circuit in January.

DOJ’s legal team said that acknowledging whether NSA and Google formed a partnership from a cyber attack would illuminate whether the government “considered the alleged attack to be of consequence for critical U.S. government information systems.”

NSA said it cannot provide documents—or confirm their existence—because the information would alert adversaries about the security agency’s priorities, threat assessments and countermeasures.

DOJ said media reports about the alleged Google partnership with NSA do not constitute official acknowledgement.

The Washington Post and The New York Times both reported that Google contacted the NSA after the Jan. 2010 cyber attack, which the company said was rooted in China and targeted access to accounts of Chinese human rights activists. The Wall Street Journal said NSA’s general counsel worked out a cooperative research and development agreement with Google.

EPIC’s attorneys, including Marc Rotenberg, the group’s president, said in court papers that the document request includes records that are not relevant to the NSA’s information assurance mission.

“The NSA mischaracterizes EPIC’s FOIA Request by stating that responsive documents would reveal ‘information about a potential Google-NSA relationship,’” Rotenberg said.

The crux of the records request, Rotenberg said, is Google’s switch to application encryption by default for Gmail accounts soon after the cyber attack. Google in 2008 began allowing users to encrypt mail passing through the company servers, EPIC said in its brief, but encryption was not provided by default.

EPIC’s brief said the failure of the NSA to conduct a search for records “deprives the court of the ability to meaningfully assess the propriety” of the agency’s response that it can neither confirm nor deny the existence of responsive records.

“Without first conducting the search, not even the agency can know whether there is a factual basis for its legal position,” Rotenberg said.

EPIC said its records request does not seek documents about NSA’s role to secure government computer networks. “Google provides cloud-based services to consumers, not critical infrastructure services to the government,” Rotenberg said.

As the NSA tries to cover up its ties with Google, in a potential spying scandal, DARPA Director Regina Dugan is leaving the Pentagon to take a post at Google.
In the midst of what looks like it will turn out to be a massive spying scandal between the NSA and Google, like that of the NSA’s partnership with AT&T to spy on all phone calls placed within the U.S., we learn today that the Director of the Pentagon’s Premiere Research Lab, DARPA, is stepping down to take a “senior executive position” at Google.

Just three days ago, news hit the wire that the Department of Justice asked U.S. Federal courts to keep any partnerships between the Google and the NSA secret.

The request for state secrecy comes from EPIC filing a Freedom of Information request act attempting to discover why Google had not enabled encryption in Gmail by default which led to user’s email accounts being hacked and other security vulnerabilities.

EPIC apparently hit a sore spot within the government, as the NSA responded by saying they could not confirm nor deny any relationships with Google because doing so would compromise National Security.

As the story of Google’s true relationship with the NSA continues to unfold the Director of DARPA, Regina Dugan, is currently in the middle of her own scandal in which she is being investigated for contracts she has given out during her tenure.

The National Law Journal reports on the secrecy over the NSA ties to Google.

DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA
LINK

The Justice Department is defending the government’s refusal to discuss—or even acknowledge the existence of—any cooperative research and development agreement between Google and the National Security Agency.

The Washington based advocacy group Electronic Privacy Information Center sued in federal district court here to obtain documents about any such agreement between the Internet search giant and the security agency.

The NSA responded to the suit with a so-called “Glomar” response in which the agency said it could neither confirm nor deny whether any responsive records exist. U.S. District Judge Richard Leon in Washington sided with the government last July.

EPIC filed a Freedom of Information Act request in early 2010, noting media reports at the time that the NSA and Google had agreed to a partnership following the cyber attacks in China that year against Google.

EPIC asked for, among other things, communication between the NSA and Google about Gmail and Google’s “decision to fail to routinely encrypt” messages before Jan. 13, 2010.

The NSA’s response to the request for records noted that the agency “works with a broad range of commercial partners and research associations” to ensure the availability of secure information systems. The agency, however, refused to confirm or deny any partnership with Google.

The NSA said it cannot provide documents—or confirm their existence—because the information would alert adversaries about the security agency’s priorities, threat assessments and countermeasures.

DOJ said media reports about the alleged Google partnership with NSA do not constitute official acknowledgement.

The Washington Post and The New York Times both reported that Google contacted the NSA after the Jan. 2010 cyber attack, which the company said was rooted in China and targeted access to accounts of Chinese human rights activists. The Wall Street Journal said NSA’s general counsel worked out a cooperative research and development agreement with Google.

“The NSA mischaracterizes EPIC’s FOIA Request by stating that responsive documents would reveal ‘information about a potential Google-NSA relationship,’” Rotenberg said.

The crux of the records request, Rotenberg said, is Google’s switch to application encryption by default for Gmail accounts soon after the cyber attack. Google in 2008 began allowing users to encrypt mail passing through the company servers, EPIC said in its brief, but encryption was not provided by default.

Source: The National Law Journal