Disclosed emails reveal assiduous collaboration between Google and NSA

Al Jazeera obtained the emails exchanged between Google executives and former NSA director Alexander which suggest that Google is very close to NSA.

The IT Giants Apple, Google and Microsoft always denied any involvement in the surveillance program despite Edward Snowden as produced different documents attesting to the inconvenient truth. Now a new event is shocking the public opinion, leaked emails show that the Google company is supporting NSA for his activities.

The broadcaster Al Jazeera published the emails exchanged between Google executives Sergey Brin, the executive chairman of Google Eric Schmidt and former NSA director Gen. Keith Alexander, obtained through the Freedom of Information Act, suggest that principal IT companies was supporting the NSA for a long period.

“Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.” reports Al Jazeera.

The news is alarming and raises new concerns for user’s privacy and security, considering that companies like Google have access to an impressive amount of user’s data.

Al Jazeera obtained two distinct collections of email exchanges, one between NSA Gen. Alexander and Google chairman Eric Schmidt, and the other between former NSA Director and Google co-founder Sergey Brin.

The emails demonstrates an assiduous collaboration of Google with the Agency, they demonstrate the participation of the company to “classified threat briefing” for the analysis of current threat landscape. The information sharing between Government Entities and private industry is essential to prevent and mitigate cyber threats, but at the same time the methods adopted by the NSA agency raise many risks to user privacy and security.

“Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.”“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.” continues the post published by Al Jazeera.

Google has already clarified its position, remarking that the company has always operated in a transparent way, but according the emails, Google involvement in highly confidential discussions with the agency was a consolidated practice.

Al Jazeera confirmed that former NSA Director Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”

“The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identity of some participant tech firms and the threats they discussed.” reports the broadcaster.

“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”

The NSA cyberdefense chief Debora Plunkett last December disclosed that the NSA had thwarted a “BIOS plot”, according the Agency a foreign government identified as China was working to brick U.S. computers.

“That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.” said Plunkett.

In a similar context, it is clear that information sharing and support of private companies are essential components to mitigate cyber threats, but the foundations for the protection of civil rights of citizens have different positions.

“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.

Let’s wait to read the additional emails between Google execs and the NSA, they have been already announced.

Pierluigi Paganini

(Security Affairs – APT, certificates, malware)