[governance] DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA

Riaz K Tayob riaz.tayob at gmail.com
Wed Mar 14 07:30:26 EDT 2012

    March 09, 2012

      DOJ Asks Court To Keep Secret Any Partnership Between Google, NSA

The Justice Department is defending the government's refusal to 
discuss---or even acknowledge the existence of---any cooperative 
research and development agreement between Google and the National 
Security Agency.

The Washington based advocacy group Electronic Privacy Information 
Center sued in federal district court here to obtain documents about any 
such agreement between the Internet search giant and the security agency.

The NSA responded to the suit with a so-called "Glomar" response in 
which the agency said it could neither confirm nor deny whether any 
responsive records exist. U.S. District Judge Richard Leon in Washington 
sided with the government 
last July.

A three-judge panel of the U.S. Court of Appeals for the D.C. Circuit is 
scheduled to hear the dispute March 20.

EPIC filed a Freedom of Information Act request in early 2010, noting 
media reports at the time that the NSA and Google had agreed to a 
partnership following the cyber attacks in China that year against Google.

EPIC asked for, among other things, communication between the NSA and 
Google about Gmail and Google's "decision to fail to routinely encrypt" 
messages before Jan. 13, 2010.

The NSA's response to the request for records noted that the agency 
"works with a broad range of commercial partners and research 
associations" to ensure the availability of secure information systems. 
The agency, however, refused to confirm or deny any partnership with Google.

The security agency said it routinely monitors vulnerabilities in 
commercial technology and cryptographic products because the government 
relies heavily on private companies for word processing systems and 
e-mail software.

"If NSA determines that certain security vulnerabilities or malicious 
attacks pose a threat to U.S. government information systems, NSA may 
take action," DOJ Civil Division lawyers Catherine Hancock and Douglas 
Letter said in a brief in the D.C. Circuit in January.

DOJ's legal team said that acknowledging whether NSA and Google formed a 
partnership from a cyber attack would illuminate whether the government 
"considered the alleged attack to be of consequence for critical U.S. 
government information systems."

NSA said it cannot provide documents---or confirm their 
existence---because the information would alert adversaries about the 
security agency's priorities, threat assessments and countermeasures.

DOJ said media reports about the alleged Google partnership with NSA do 
not constitute official acknowledgement.

/The Washington Post/ and /The New York Times/ both reported that Google 
contacted the NSA after the Jan. 2010 cyber attack, which the company 
said was rooted in China and targeted access to accounts of Chinese 
human rights activists. /The Wall Street Journal/ said NSA's general 
counsel worked out a cooperative research and development agreement with 

EPIC's attorneys, including Marc Rotenberg, the group's president, said 
in court papers that the document request includes records that are not 
relevant to the NSA's information assurance mission.

"The NSA mischaracterizes EPIC's FOIA Request by stating that responsive 
documents would reveal 'information about a potential Google-NSA 
relationship,'" Rotenberg said.

The crux of the records request, Rotenberg said, is Google's switch to 
application encryption by default for Gmail accounts soon after the 
cyber attack. Google in 2008 began allowing users to encrypt mail 
passing through the company servers, EPIC said in its brief, but 
encryption was not provided by default.

EPIC's brief said the failure of the NSA to conduct a search for records 
"deprives the court of the ability to meaningfully assess the propriety" 
of the agency's response that it can neither confirm nor deny the 
existence of responsive records.

"Without first conducting the search, not even the agency can know 
whether there is a factual basis for its legal position," Rotenberg said.

EPIC said its records request does not seek documents about NSA's role 
to secure government computer networks. "Google provides cloud-based 
services to consumers, not critical infrastructure services to the 
government," Rotenberg said.

Posted by Mike Scarcella <http://profile.typepad.com/1218477827s15125> 
on March 09, 2012 at 12:29 PM in Balancing Act 
<http://legaltimes.typepad.com/blt/balancing_act/>, Crime and Punishment 
<http://legaltimes.typepad.com/blt/crime_and_punishment/>, Current 
Affairs <http://legaltimes.typepad.com/blt/current_affairs/>, Justice 
Department <http://legaltimes.typepad.com/blt/justice_department/>, 
Legal Business <http://legaltimes.typepad.com/blt/legal_business_1/>, 
Lobbying <http://legaltimes.typepad.com/blt/lobbying/>, Politics and 
Government <http://legaltimes.typepad.com/blt/politics-and-government/>, 
Travel <http://legaltimes.typepad.com/blt/travel/>, Web/Tech 
<http://legaltimes.typepad.com/blt/webtech/> | Permalink 

Digg This 
| Save to del.icio.us <http://del.icio.us/post>


TrackBack URL for this entry:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120314/19561278/attachment.htm>
-------------- next part --------------
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:

For all other list information and functions, see:
To edit your profile and to find the IGC's charter, see:

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list