The Washington Post reports that Google is joining up with the U.S. National Security Agency for cybersecurity. This news comes a few weeks after Google revealed, in a posting on its official blog, that recent security and privacy events may cause Google to pull out of China altogether. Soon after, U.S. Secretary of State Hillary Clinton made a speech calling for global Internet freedom, linking it with other basic freedoms (worship, assembly, expression), and urging China to investigate the attacks on Google.
Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cyber experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.
Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.
The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis G. Blair called the Google attacks, which the company acknowledged in January, a “wake-up call.” Cyberspace cannot be protected, he said, without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”
But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that the government might intrude on private networks. Privacy advocates say that there must be oversight of information-sharing between the government and the private sector to prevent a repeat of controversies over domestic surveillance programs such as the NSA’s warrantless interception of Americans’ phone calls and e-mails after the Sept. 11, 2001, terrorist attacks. […]
On Jan. 12, Google took the rare step of announcing publicly that its systems had been hacked in a series of intrusions beginning in December. […]
Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.
Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks — doing so is a nearly impossible task after the fact — but building a better defense of Google’s networks, or what its technicians call “information assurance.”