Google teaming up with the NSA: should you be worried?

Google/NSA partnership raising privacy concerns, but could be an important step in cloud security

Google is getting serious about cyber security in the wake of an attack that targeted its own computer networks and resulted in the theft of intellectual property.

The Washington Post reported yesterday that Google is teaming up with the National Security Agency to help analyze the attack and hopefully devise better defenses against future ones.

The agreement has sparked some controversy, and not unreasonably so. The NSA is a federal agency whose broad powers to spy on Americans has been challenged by the ACLU. Google is the world’s largest search company and its internal records, if accessed by a savvy computer hacker, could reveal a lot about your personal Web surfing habits and mine (excuse me while I delete some digital pictures from my hard drive).

The combination of Google and the NSA is a potentially frightening one, but attacks against our country’s computer infrastructure are frightening too. So I can’t say I fault Google for teaming with the NSA, even if we’re unlikely to learn all the juicy details of the partnership.

The Washington Post story is somewhat reassuring on this topic.

“Google and the NSA declined to comment on the partnership,” the Post reported. “But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data.”

Later in the Post story, Ellen McCarthy, president of the Intelligence and National Security Alliance, is quoted as saying “The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?”

The other question is: will the public even be told how much information Google is sharing with the NSA? A Computerworld story by Jaikumar Vijayan digs into the issue but neither Google nor the NSA would comment on the specifics of the partnership.

Google has many reasons to be concerned about security, and Google’s ability to defend itself from attack will to some extent determine the safety of cloud computing in general.

Google last month revealed it suffered an attack, apparently originating from China.

“Without directly accusing the Chinese government, Google said that in mid-December it became aware that sophisticated attacks from China had resulted in theft of intellectual property,” Network World’s Ellen Messmer wrote. “Attackers also tried to access the Gmail accounts of Chinese human rights activists, with limited success, Google revealed.”

Google and some cloud computing advocates argued that the attack does not call into question the security of the cloud, but since Google is one of the most important players in the cloud market it’s hard to ignore the connection others made between Google’s troubles and cloud security.

Google provides cloud computing services to businesses and universities through its Google Apps service, and is developing new cloud services specifically for government agencies. The federal government has issued a long list of requirements cloud services must meet in order to win government contracts, and Google is trying to meet the administration’s strict security demands, as I reported in an earlier blog post.

We should all root for Google to fix the problems that allowed its network to be compromised, but let’s hope the company does so without violating the privacy rights of users.

Follow me on Twitter: www.twitter.com/jbrodkin

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT