The kickoff of 2010 for Google has been an interesting one. The January attack on the search giant and about 30 other companies ended in the theft of intellectual property – likely source code, say many experts. Named Operation Aurora, the sophisticated coordinated attack originating from China also sought out the Gmail accounts of human rights activists.Google and other companies, like Adobe, have been lauded by information security experts because of their openness about the attack. The general feeling among these professionals is that the embrace of transparency by large companies like Google ultimately helps others keep up-to-date on attack types, where they themselves may have holes, and what layers of their own security mechanisms they must bolster – a good thing.
But, on the not so good side is Google's recently announced additional step to partner with the National Security Agency (NSA) to help it prevent future attacks of this nature. The deal, which, at the time of publication still had yet to be finalized, reportedly would see Google sharing various bits of critical information with the NSA. However, the company claims such disclosure would neither violate its customer policies on privacy or the laws that protect personal users' rights.
Really? I mean, come on, it's the NSA we're talking about here – the sovereign of warrantless wiretaps and internet data collection. Even as recently as 2009, we all heard that the NSA's eavesdropping on American citizens was far more widespread than originally stated. There also have been reports that the NSA will begin building a one million square foot storage facility in Utah later this year to house all the personal data on American citizens the agency amasses – from phone calls and email to internet searches and more. NSA's public disclosure of the storage facility in 2008 noted the undertaking as a means to bolster cybersecurity awareness and incident response efforts across the federal government, but further details about it and wider national cybersecurity policies regarding the public remain secret.
It's not as if this agency doesn't reek of controversy already. Sure, we work with people who work there, some of whom have kindly participated in our live events. They understand cybersecurity and rightly are concerned about terrorist threats and protecting our critical infrastructure – again, more good things for which most of us would voice support.
But, a balance between basic civil rights and national security must be struck. The trampling of hard-won civil freedoms has been the norm. The fact that the agency publicly disclosed its plans for the Utah-based facility doesn't make this or other actions it takes regarding people's data any less concerning for privacy and civil rights advocates or American citizens like me.
I suppose that's why the Electronic Privacy Information Center (EPIC) reportedly has filed a Freedom of Information Act request to learn more, lots more, about its partnership with Google. Also pending is a lawsuit launched by EPIC against the NSA to make public national cybersecurity policies. These, too, are absolutely good things.
Illena Armstrong is editor-in-chief of SC Magazine.