{"id":42585,"date":"2014-05-12T12:00:08","date_gmt":"2014-05-12T11:00:08","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=42585"},"modified":"2015-05-05T21:35:01","modified_gmt":"2015-05-05T20:35:01","slug":"exclusive-emails-reveal-close-google-relationship-with-nsa","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2014\/05\/exclusive-emails-reveal-close-google-relationship-with-nsa\/","title":{"rendered":"Exclusive: Emails Reveal Close Google Relationship with NSA"},"content":{"rendered":"

National Security Agency head and Internet giant\u2019s executives have coordinated through high-level policy discussions.<\/em><\/p>\n

6 May 2014 – <\/em>Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government<\/a> than was implied by Silicon Valley brass after last year\u2019s revelations about NSA spying.<\/p>\n

Disclosures by former NSA contractor Edward Snowden about the agency\u2019s vast capability for spying on Americans\u2019 electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.<\/p>\n

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.<\/p>\n

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long \u201cclassified threat briefing\u201d on Aug. 8 at a \u201csecure facility in proximity to the San Jose, CA airport.\u201d<\/p>\n

\u201cThe meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security<\/a>,\u201d Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.<\/p>\n

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and \u201ca small group of CEOs\u201d later that summer because the government needed Silicon Valley\u2019s help.<\/p>\n

\u201cAbout six months ago, we began focusing on the security of mobility devices,\u201d Alexander wrote. \u201cA group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead \u2026 Google\u2019s participation in refinement, engineering and deployment of the solutions will be essential.\u201d<\/p>\n

Jennifer Granick, director of civil liberties at Stanford Law School\u2019s Center for Internet and Society, said she believes information sharing between industry and the government is \u201cabsolutely essential\u201d but \u201cat the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.\u201d<\/p>\n

The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show \u201chow informal information sharing has been happening within this vacuum where there hasn\u2019t been a known, transparent, concrete, established methodology for getting security information into the right hands.\u201d<\/p>\n

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.<\/p>\n

Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and \u201c18 US CEOs\u201d launched the ESF in 2009 to \u201ccoordinate government\/industry actions on important (generally classified) security issues that couldn\u2019t be solved by individual actors alone.\u201d<\/p>\n

\u201cFor example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.\u201d<\/p>\n

\u201cBIOS\u201d is an acronym for \u201cbasic input\/output system,\u201d the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a \u201cBIOS plot\u201d<\/a> by a \u201cnation-state,\u201d identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. \u201c60 Minutes,\u201d which broke the story, reported that the NSA worked with unnamed \u201ccomputer manufacturers\u201d to address the BIOS software vulnerability.<\/p>\n

But some cybersecurity experts questioned the scenario<\/a> outlined by Plunkett.<\/p>\n

\u201cThere is probably some real event behind this, but it\u2019s hard to tell, because we don\u2019t have any details,\u201d wrote\u00a0Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. \u201cIt\u201ds completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.\u201d<\/p>\n

And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency\u2019s efforts to breach them for surveillance purposes.<\/p>\n

\u201cI think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,\u201d said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation\u2019s digital civil liberties team.<\/p>\n

He doesn\u2019t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was \u201clooking for weaknesses in the exact same products they\u2019re trying to secure.\u201d<\/p>\n

The NSA \u201chas no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,\u201d Cardozo said. \u201cThe fact that it\u2019s the same agency doing both of those things is in obvious contradiction and ridiculous.\u201d He recommended dividing offensive and defensive functions between two agencies.<\/p>\n

Two weeks after the \u201c60 Minutes\u201d broadcast, the German magazine Der Spiegel, citing documents obtained\u00a0by Snowden, reported that the NSA inserted back doors into BIOS<\/a>, doing exactly what Plunkett accused a nation-state of doing during her interview.<\/p>\n

Google\u2019s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.<\/p>\n

\u201cGeneral Keith.. so great to see you.. !\u201d\u00a0Schmidt wrote. \u201cI\u2019m unlikely to be in California that week so I\u2019m sorry I can\u2019t attend (will be on the east coast). Would love to see you another time. Thank you !\u201d Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal<\/a>.<\/p>\n

Army\u00a0Gen.\u00a0Martin\u00a0E.\u00a0Dempsey,\u00a0chairman\u00a0of the\u00a0Joint Chiefs of Staff,\u00a0did attend that briefing. Foreign Policy reported a month later\u00a0that Dempsey and other government officials<\/a>\u00a0\u2014 no mention of Alexander \u2014\u00a0were in Silicon Valley \u201cpicking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.\u201d Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.<\/p>\n

A week after the gathering, Dempsey said during a Pentagon press briefing, \u201cI was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders \u2026 They agreed \u2014\u00a0we all agreed on the need to share threat information at network speed.\u201d<\/p>\n

Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander\u2019s email, he also could not attend the Aug. 8 briefing in San Jose, and it\u2019s unknown if someone else from Google was sent.<\/p>\n

A few months earlier, Alexander had emailed Brin to thank him for Google\u2019s participation in the ESF.<\/p>\n

\u201cI see ESF\u2019s work as critical to the nation\u2019s progress against the threat in cyberspace and really appreciate Vint Cerf [Google\u2019s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig\u2019s [lead engineer for Android security] contributions to these efforts during the past year,\u201d Alexander wrote in a Jan. 13, 2012, email.<\/p>\n

\u201cYou recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF\u2019s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats \u2026 Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF\u2019s efforts have measurable impact.\u201d<\/p>\n

A Google representative declined to answer specific questions about Brin\u2019s and Schmidt\u2019s relationship with Alexander or about Google\u2019s work with the government.<\/p>\n

\u201cWe work really hard to protect our users from cyberattacks, and we always talk to experts \u2014 including in the U.S. government \u2014 so we stay ahead of the game,\u201d the representative said in a statement to Al Jazeera. \u201cIt\u2019s why\u00a0Sergey\u00a0attended this\u00a0NSA\u00a0conference.\u201d<\/p>\n

Brin responded to Alexander the following day even though the head of the NSA didn\u2019t use the appropriate email address when contacting the co-chairman.<\/p>\n

\u201cHi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],\u201d Brin wrote. \u201cThe one your email went to \u2014 sergey.brin@google.com \u2014 I don\u2019t really check.\u201d<\/p>\n

Go to Original \u2013aljazeera.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

6 May 2014 – Email exchanges between NSA Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship than was implied by Silicon Valley brass after last year\u2019s revelations about NSA spying.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-42585","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/42585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=42585"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/42585\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=42585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=42585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=42585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}