Internet search giant Google has tapped government agencies to help the company find the person or people responsible for a recent cyberattack. But privacy advocates are not happy with the backdoor partnership between Google and government authorities.
Google is working with the National Security Administration (NSA), according to published reports. While the company admits it's working with relevant U.S. authorities on the cyberattack, Google would not disclose which agencies are involved.
"Quite frankly, most in the business of mining and its related area would be surprised to learn Google had not been cooperating with NSA all along," said Jart Armin, a security expert with Host Exploit.
Boosting the Home Team
If the two are working together, they are sharing without breaking any U.S. laws or Google policies, according to reports. While it may only be for defensive purposes, privacy advocates object to Google working with an agency that conducts surveillance. Privacy advocates also worry that users' privacy will be under the microscope of the same agency created to protect Americans' security.
What they will probably find is that the attack was commercially inspired to rattle Google and gain competitive advantage via industrial espionage, Armin suggested.
"With this perception and now public confirmation, many should not be surprised China -- and several other countries for that matter, including Russia -- would rather have their homegrown search engines in prevalence, such as Baidu," Armin said. "Baidu has 60 percent-plus of the China market and obviously is culturally more appealing than Google for most Chinese."
Privacy advocates also say these kind of practices, currently being done in secret, should be done in public.
Seeking NSA Document
"This raises substantial concern about the adequacy of privacy standards," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a public-interest group focused on civil liberties, protecting privacy, and enforcing the First Amendment. "NSA enables surveillance and protects security, and these measures come in conflict."
The NSA may have to reveal whether it is the agency working Google on its cyberattack case, thanks to EPIC.
The Washington, D.C.-based EPIC has filed suit against the NSA and the National Security Council to gain a key document governing national cybersecurity policy. That document, National Security Presidential Directive 54, grants the NSA broad authority over the security of American computer networks.
Rotenberg said the agencies violated the Freedom of Information Act by failing to make public the directive and related records after EPIC requested them.
'A Very Risky Strategy'
What does EPIC expect to gain from its legal action?
"The main goal is to make U.S. cybersecurity policy more accountable and more public," he said. "We think it is a very risky strategy for the U.S. to go forward with this broad policy plan and to go forward with Google. This is particularly important for millions of users of Google services, both in the U.S. and around the world."
Google said it's only working with authorities for defensive purposes and for the benefit of its users.
"The security and privacy of our users is of the utmost importance to us and we have a long track record of working to safeguard both," said Jill Hazelbaker, a Google spokesperson.