Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday.
Skip to next paragraph RSS Feed #articleInline ul { margin: .5em 0 1.2em 0; } #articleInline ul li { margin-bottom: .5em; padding: 0; background-image: none; font-size: 81.5%; font-family: Arial, Helvetica, sans-serif; line-height: 1.4em; } #articleInline li a { padding: .2em 0 .2em 4.5em; background: transparent url(http://graphics8.nytimes.com/images/global/icons/rss.gif) no-repeat 0 0; } Get Science News From The New York Times »
The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China. The agreement was first reported on Wednesday evening by The Washington Post.
By turning to the N.S.A., which has no formal legal authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.”
The United States government has become increasingly concerned about the computer risks confronting energy and water distribution systems and financial and communications networks. Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards.
On Jan. 12, Google announced a “new approach to China” on a company Web site, stating that the attacks were “highly sophisticated” and that the company believed they had originated in China. At the time, it gave few details about the attack other than saying that a theft of its intellectual property had occurred and that a primary goal of the attackers had been to access the Gmail accounts of Chinese human rights activists.
In reaching out to the N.S.A., which has extensive capabilities to monitor global Internet traffic, the company may have been hoping to gain more certainty about the identity of the attackers. A number of computer security consultants, who worked with other companies that experienced similar attacks to Google, have stated that the surveillance system was controlled from a series of compromised server computers based in Taiwan. It has not been made clear how Google determined that the attacks originated in the China.
A Google spokeswoman said the company was declining to comment on the case beyond what it published last month. The N.S.A. did not respond immediately to a request for comment.
The agreement will not permit the agency to have access to information belonging to Google users, but it still reopens long-standing questions about the role of the agency No teletrak payday loan.
“Google and N.S.A. are entering into a secret agreement that could impact the privacy of millions of users of Google’s products and services around the world,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a Washington-based policy group. On Thursday, the organization filed a lawsuit against the N.S.A. calling for the release of information about the agency’s role as it was set out in National Security Presidential Directive 54, a classified 2008 order issued by former President Bush dealing with cybersecurity and surveillance.
Concerns about the nation’s cybersecurity have greatly increased in the past two years. On Tuesday, Dennis C. Blair, the director of the Office of National Intelligence, began his annual threat testimony before Congress by saying that the threat of a crippling attack on telecommunications and other computer networks was growing, as an increasingly sophisticated group of enemies had “severely threatened” the sometimes fragile systems undergirding the country’s information infrastructure.
“Malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication,” he told the committee.
His emphasis on the threat points up the growing concerns among American intelligence officials about the potentially devastating results of a coordinated attack on the nation’s technology apparatus, sometimes called a “cyber-Pearl Harbor.”
He said that the surge in cyberattacks, including the penetration of Google’s servers from China, was a “wake-up call” for those who dismissed the threat of computer warfare. “Sensitive information is stolen daily from both government and private-sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey,” Mr. Blair said.
The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, according to a person who has been briefed on the relationship. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project. They were intended to help accelerate the commercialization of government-developed technology.
In addition to the N.S.A., Google has been working with the F.B.I. on the attack inquiry, but the bureau has so far declined to comment publicly or to share information about the intrusions with Congress.
Google Asks Spy Agency for Help With Inquiry Into Cyberattacks
No comments:
Post a Comment