So there was this recent ‘bombshell’ about how the NSA has hacked Google and Yahoo, giving it an (allegedly) unauthorized ‘back door’ to these companies’ customer data to supplement the FISA-warranted front door they have via PRISM. Does this tell us anything new about the NSA, that is, anything that damns the NSA any more than it already is? No, not really. We know they want all our data and we know they do not feel particularly constrained by any law or agreement in pursuit of same. So they’ve gone after it by yet another route.
But there’s that nagging, eternally open question of corporate complicity again. So hey Google, what’s up???
In a statement, Google’s chief legal officer, David Drummond, said the company has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems.
“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.
Yeah, of course you’re gonna say that, lawyers. What else ya got?
Well, as The Washington Post notes, there are these ‘two engineers with close ties to Google’ who, ‘exploded in profanity’ when they saw among the Snowden documents a “drawing [noting] that encryption is “added and removed here!” to which “The artist [added] a smiley face, a cheeky celebration of victory over Google security.”
“I hope you publish this,” one of them said.
Now that’s something I could certainly go for, if I were, say, the kind of infantilized rube that is uncritically eating up the simplistic and, purely-by-coincidence, quite profitable, Davey vs The Surveillance State narrative the Leak Keepers keep feeding me. For the rube, plucky Google engineers giving the NSA hell are a nicely cinematic addition to the gatecrashers who are toppling the surveillance state and saving journalism at the same damn time. More please! says the rube.
Well, says Google, it just so happens that two of our engineers have written Plus posts about this. Now, we haven’t authorized what they’ve written. We have simply relied upon paid publicists and the usual army of dipshits who voluntarily worship cool companies, to propagate links to their posts all over social networks, in a way that is just totally, but purely by happy coincidence, in sync with those two adorably irate engineers mentioned in the WaPo story. Mind you, these are not official Google spokespeople and they’re kinda sweary.
Here’s Network Security Engineer Brandon Downey, who posted on Oct. 30, the same day the WaPo story came out:
Fuck these guys.
I’ve spent the last ten years of my life trying to keep Google’s users safe and secure from the many diverse threats Google faces.
I’ve seen armies of machines DOS-ing Google. I’ve seen worms DOS’ing Google to find vulnerabilities in other people’s software. I’ve seen criminal gangs…
I’ve even seen oppressive governments use state sponsored hacking to target dissidents.
But even though we suspected this was happening, it still makes me terribly sad. It makes me sad because I believe in America…
But after spending all that time helping in my tiny way to protect Google — one of the greatest things to arise from the internet — seeing this, well, it’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.
And here’s Google Security Engineer Mike Hearn, who posted six days later:
I now join [Brandon Downey] in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it’s no different – GCHQ turns out to be even worse than the NSA.
We designed this system to keep criminals out . There’s no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we’ve got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason .
You gotta really love that last paragraph in the Hearn excerpt, marking the crucial difference between a FISA rubber stamp and stealing the data outright. ‘The warrant system with skeptical judges, paths for appeal, and rules of evidence’, ha ha. That’s some funny shit, for anyone who knows how the FISA authorizations actually work.
But the funniest thing is that this is all being taken at face value by people who should know better. I don’t really doubt that Hearn’s and Downey’s outrage is sincere, which along with their obvious dedication to their work, makes them the perfect proxies for Google executives. The ‘unofficial’ aspect, encapsulated by Downey’s ‘They are my own thoughts, and not those of my employer’ and ‘Fuck these guys’ just makes it ring all the more true. But, of course, Hearn and Downey are not in any position to know in detail what arrangements Google executives have made with the NSA, nor the ways in which other engineers elsewhere in the company may have exposed Google’s systems to snooping, so both their outrage and their dedication are absolutely meaningless. It’s pure, deceptive PR, whether Hearn and Downey intended it that way or not.
But it seems to have worked, at least with some. Check out this from Jacob Appelbaum, Wikileaks insider, alleged bane of the security establishment and sometime co-author of Snowden stories with Leak Keeper Laura Poitras:
This seems a tad weirdly premature, but perhaps Appelbaum means the news about Google has been so damning lately, they have no choice but to completely reverse their current NSA policy of capitulation cum collaboration. Still, if that’s going to happen, I don’t see how pep talks on Google’s behalf like Appelbaum’s– based on pure speculation — help with the necessary pressure.
Nor does it help anyone but Google when neither the Washington Post nor the Guardian story on the same topic mention a 2010 agreement between the NSA and Google that flatly contradicts Drummond’s claim that the company “has not provided the government with access to its systems.”
In 2010, The Washington Post reported that Google invited the NSA to investigate a breach by Chinese hackers and to assist the company with shoring up its network against further attacks. As Wired wrote at the time:
The agreement between Google and the NSA, still being finalized, would allow Google to share critical information with the NSA about the attacks and its network — such as the malicious code that was used and its network configurations — without violating Google’s policies or laws that protect the privacy of users’ communications, the sources say.
Privacy advocates were justifiably alarmed. From the same Wired article:
The Electronic Privacy Information Center filed a Freedom of Information Act request on Thursday, shortly after the agreement was made public, seeking more information about the arrangement (.pdf).
Executive Director Marc Rotenberg believes the agreement covers much more than the Google hack and that the search giant and intelligence agency were in talks prior to Google discovering that it had been hacked.
“What they’ve told you is that this is about an investigation of a hack involving China,” he told Threat Level in a phone interview. “I think and have good reason to believe that there’s a lot more going on.”
[Update 11/10/13] The NSA denied EPIC’s FOIA request on the grounds that confirming or denying any relationship with Google could make “U.S. government information systems vulnerable to attack”, even though the agreement had been widely reported at the time. A federal district court judge sided with the NSA in 2011, and in 2012, a three-judge panel of the U.S. Court of Appeals for D. C. upheld the ruling. (source: USA Today)
On the same day Wired reported on the agreement, the site’s Noah Schachtman wrote an opinion piece condemning it:
The company pinkie-swears that its agreement with the NSA won’t violate the company’s privacy policies or compromise user data. Those promises are a little hard to believe, given the NSA’s track record of getting private enterprises to cooperate, and Google’s willingness to take this first step.
This would all seem amazingly prescient if Schachtman hadn’t simply been stating the obvious. No doubt Google was telling the truth when they pinkie-swore not to hand over user data. They simply handed over their network configurations. What could possibly go wrong?
If anyone with any journalistic muscle has weighed in on this, I’ve missed it in the hoopla over ‘Fuck These Guys’ and the shockingly deceptive portrait it is painting of Google as both victim of the NSA and trustworthy ally in the fight against it. This is particularly puzzling considering that the story of the 2010 NSA/Google agreement broke in Gellman’s Washington Post and that Spencer Ackerman, who co-authored the Guardian piece, was working at Wired when it reported on, and opined against, the agreement.
For Boss Leak Keeper Greenwald, it seems Google is still just that thing to which you snidely refer nosy people when they catch you lying. He’s made no mention of the Google/NSA agreement, though two days ago he did helpfully tweet a link to a Money article that reads like a Google press release. I guess that’s that “adversarial position to political and corporate power” he talks about, eleven dimensional chess style.
eBay Journalism Fellow and relentless dumb-downer Glenn ‘Free Speech for Corporations’ Greenwald continues to misleadingly darken the line between the evil government and Silicon Valley, this time tweeting an extremely simplistic WaPo article about how much the two differ from the standpoint of their privacy-violated subjects. There has always been a whole lot wrong with this distinction but it’s now in the realm of egregiously stupid — to put it charitably — as we learn more details of the truck the NSA has backed up to the major providers, seemingly without much, if any, resistance. A WaPo commenter spells this out nicely, and recommends this article which offers a more nuanced view of the problem.