Goggle and the GUMMINT
Results 1 to 3 of 3

Thread: Goggle and the GUMMINT

  1. #1
    Join Date
    Jan 2008
    Location
    Florida Panhandle
    Posts
    3,098

    Exclamation Goggle and the GUMMINT

    Google to enlist NSA to help it ward off cyberattacks
    Google to enlist NSA to help it ward off cyberattacks
    By Ellen Nakashima
    Thursday, February 4, 2010; A01

    The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

    Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

    Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data.

    The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a "wake-up call." Cyberspace cannot be protected, he said, without a "collaborative effort that incorporates both the U.S. private sector and our international partners."

    But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that collaboration can lead to continuous government monitoring of private communications. Privacy advocates, concerned about a repeat of the NSA's warrantless interception of Americans' phone calls and e-mails after the Sept. 11, 2001, terrorist attacks, say information-sharing must be limited and closely overseen.

    "The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?" said Ellen McCarthy, president of the Intelligence and National Security Alliance, an organization of current and former intelligence and national security officials that seeks ways to foster greater sharing of information between government and industry.

    On Jan. 12, Google took the rare step of announcing publicly that its systems had been hacked in a series of intrusions beginning in December.

    The intrusions, industry experts said, targeted Google source code -- the programming language underlying Google applications -- and extended to more than 30 other large tech, defense, energy, financial and media companies. The Gmail accounts of human rights activists in Europe, China and the United States were also compromised.

    So significant was the attack that Google threatened to shutter its business operation in China if the government did not agree to let the firm operate an uncensored search engine there. That issue is still unresolved.

    Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.

    Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks -- doing so is a nearly impossible task after the fact -- but building a better defense of Google's networks, or what its technicians call "information assurance."

    One senior defense official, while not confirming or denying any agreement the NSA might have with any firm, said: "If a company came to the table and asked for help, I would ask them . . . 'What do you know about what transpired in your system? What deficiencies do you think they took advantage of? Tell me a little bit about what it was they did.' " Sources said the NSA is reaching out to other government agencies that play key roles in the U.S. effort to defend cyberspace and might be able to help in the Google investigation.

    These agencies include the FBI and the Department of Homeland Security.

    Over the past decade, other Silicon Valley companies have quietly turned to the NSA for guidance in protecting their networks.

    "As a general matter," NSA spokeswoman Judi Emmel said, "as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers."

    Despite such precedent, Matthew Aid, an expert on the NSA, said Google's global reach makes it unique.

    "When you rise to the level of Google . . . you're looking at a company that has taken great pride in its independence," said Aid, author of "The Secret Sentry," a history of the NSA. "I'm a little uncomfortable with Google cooperating this closely with the nation's largest intelligence agency, even if it's strictly for defensive purposes."

    The pact would be aimed at allowing the NSA help Google understand whether it is putting in place the right defenses by evaluating vulnerabilities in hardware and software and to calibrate how sophisticated the adversary is. The agency's expertise is based in part on its analysis of cyber-"signatures" that have been documented in previous attacks and can be used to block future intrusions.

    The NSA would also be able to help the firm understand what methods are being used to penetrate its system, the sources said. Google, for its part, may share information on the types of malicious code seen in the attacks -- without disclosing proprietary data about what was taken, which would concern shareholders, sources said.

    Greg Nojeim, senior counsel for the Center for Democracy & Technology, a privacy advocacy group, said companies have statutory authority to share information with the government to protect their rights and property.
    FESTUS
    IN OMNIA PARATUS

  2.   
  3. #2
    Join Date
    Jan 2008
    Location
    Florida Panhandle
    Posts
    3,098

    Exclamation Police want backdoor to Web users' private data

    Police want backdoor to Web users' private data
    by Declan McCullagh
    Police want backdoor to Web users' private data | Politics and Law - CNET News

    Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

    But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

    CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network." (See one excerpt and another.)

    The survey, according to two people with knowledge of the situation, is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Other components include renewed calls for laws requiring Internet companies to store data about their users for up to five years and increased pressure on companies to respond to police inquiries in hours instead of days.

    But the most controversial element is probably the private Web interface, which raises novel security and privacy concerns, especially in the wake of a recent inspector general's report (PDF) from the Justice Department. The 289-page report detailed how the FBI obtained Americans' telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.

    Some companies already have police-only Web interfaces. Sprint Nextel operates what it calls the L-Site, also known as the "legal compliance secure Web portal." The company even has offered a course that "will teach you how to create and track legal demands through L-site. Learn to navigate and securely download requested records." Cox Communications makes its price list for complying with police requests public; a 30-day wiretap is $3,500.

    The police survey is not exactly unbiased: its author is Frank Kardasz, who is scheduled to present it at a meeting (PDF) of the Online Safety and Technology Working Group, organized by the U.S. Department of Commerce. Kardasz, a sergeant in the Phoenix police department and a project director of Arizona's Internet Crimes Against Children task force, said in an e-mail exchange on Tuesday that he is still revising the document and was unable to discuss it.

    In an incendiary October 2009 essay, however, Kardasz wrote that Internet service providers that do not keep records long enough "are the unwitting facilitators of Internet crimes against children" and called for new laws to "mandate data preservation and reporting." He predicts that those companies will begin to face civil lawsuits because of their "lethargic investigative process."

    "It sounds very dangerous," says Lee Tien, an attorney with the Electronic Frontier Foundation, referring to the police-only Web interface. "Let's assume you set this sort of thing up. What does that mean in terms of what the law enforcement officer be able to do? Would they be able to fish through transactional information for anyone? I don't understand how you create a system like this without it."

    What police see in ISPs
    Kardasz's survey, based on questionnaires completed by 100 police investigators, says that 61 percent of them had their investigations harmed "because data was not retained" and only 40 percent were satisfied with the timeliness of responses from Internet providers.

    "You can be very supportive of law enforcement investigations and at the same time be very cognizant and supportive of the privacy rights of our users."
    --Hemanshu Nigam, chief security officer, MySpace

    It also says: "89 percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data."

    Some of the responses to other questions: "AT&T is very prompt." "Cox Communications seems to be the worst." "Places like Yahoo can take a month for basic subscriber info which is also a problem." "AT&T Mobility does not keep a log at all." "MySpace give (sic) me the quickest response and they have been very pro-police."

    Hemanshu (Hemu) Nigam, MySpace's chief security officer, said in an interview with CNET on Tuesday that: "You can be very supportive of law enforcement investigations and at the same time be very cognizant and supportive of the privacy rights of our users. Every time a legal process comes in, whether it's a subpoena or a search order, we do a legal review to make sure it's appropriate."

    Nigam said that MySpace accepts law enforcement requests through e-mail, fax, and postal mail, and that it has a 24-hour operations center that tries to respond to requests soon after they've been reviewed to make sure state and federal laws are being followed. MySpace does not have a police-only Web interface, he said.

    Creating a national police-only network would be problematic, Nigam said. "I wish I knew the number of local police agencies in the country, or even police officers in the country," he said. "Right there that would tell you how difficult it would be to implement, even though ideally it would be a good thing."

    Another obstacle to creating a nation-wide Web interface for cops--one wag has dubbed it "DragNet," and another "Porknet"--is that some of its thousands of users could be infected by viruses and other malware. Once an infected computer is hooked up to the national network, it could leak confidential information about ongoing investigations.

    Jim Harper, a policy analyst at the free-market Cato Institute, says that he welcomes the idea of a police-only Web interface as long as it's designed carefully. "A system like this should have strong logins, should require that the request be documented fully, and should produce statistical information so there can be strong oversight," he says. "I think that's a good thing to have."
    FESTUS
    IN OMNIA PARATUS

  4. #3
    Join Date
    Aug 2008
    Location
    Nevada
    Posts
    1,322
    Quote Originally Posted by festus View Post
    Google to enlist NSA to help it ward off cyberattacks
    Google to enlist NSA to help it ward off cyberattacks
    By Ellen Nakashima
    Thursday, February 4, 2010; A01

    The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

    Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack. ...
    I was hit by this in my gmail account. Letters were sent to all 500 some odd contacts in my book. Even the no-reply contacts! lol Sux!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Quantcast