X

Emails give glimpse of Google's work with NSA on security

Freedom of Information Act request reveals notes between then-NSA head and Google bigwigs. But don't expect a smoking gun.

CNET News staff
3 min read

481221057.jpg
"General Keith" Alexander gets a hand from the chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, during a retirement ceremony for Alexander this past March. Brendan Smialowski/AFP/Getty Images

Google Executive Chairman Eric Schmidt apparently had a friendly nickname for Keith Alexander, the recently retired director of the NSA: "General Keith."

The chummy moniker surfaced in a June 2012 email published Tuesday by Al Jazeera, which reported that the National Security Agency plans to turn over "dozens of communications between the NSA chief and Silicon Valley executives" under a Freedom of Information Act request filed by the news outlet.

The first batch of those documents is made up of a couple of emails between Alexander and two top Google personalities: Schmidt and Google co-founder Sergey Brin. But if you're looking for a smoking gun regarding Google handing the shadowy surveillance agency the keys to its customers' data, you won't find it here.

Google, of course, was among the companies named in a top secret NSA document leaked last summer by former agency contractor Edward Snowden that concerned a surveillance program involving the agency's Prism system. Initial reports had it that the intelligence agency enjoyed "direct access" to company servers. And though that claim was later called into question, Google and other tech firms have been trying to shake the perception of shady -- or at least too-chummy -- dealings with the NSA ever since.

These first email exchanges published by Al Jazeera involve meetings related to two government cybersecurity efforts: the Enduring Security Framework and the Defense Industrial Base program, both of which involve the Department of Homeland Security and the Defense Department.

NPR has described ESF thusly: "The initiative brings chief executives from top technology and defense companies to Washington, DC, two or three times a year for classified briefings. The purpose is to share information about the latest developments in cyberwarfare capabilities, highlighting the cyberweapons that could be used against the executives' own companies."

The DIB effort also involves sharing information about cyberthreats.

The first exchange published today, from June 2012, has Alexander mentioning ESF participation by tech companies Apple, AMD, Dell, Google, Hewlett-Packard, and Intel; inviting Schmidt to attend an upcoming classified briefing in San Jose, Calif., "on the security of mobile devices;" and telling Schmidt it "was good seeing you" after an earlier meeting. Schmidt replies the same day, "General Keith, so great to see you!" explains he'll be unavailable for the briefing, and says he "would love to see you another time!"

In the second exchange, from December 2011 and January 2012, Alexander thanks Brin and his team -- including Google Chief Internet Evangelist and "father of the Net" Vint Cerf -- for their participation in ESF. He then follows up on an invite to Brin to attend a meeting of the ESF Executive Steering Group. "Your insights, as a key member of the Defense Industrial Base, are valuable to ensure that ESF's efforts have a measurable impact," Alexander writes.

Brin responds, "looking forward to seeing you next week."

In a statement to various media outlets today, Google said, "We work really hard to protect our users from cyberattacks, and we talk to outside experts, including occasionally in the US government, to ensure we stay ahead of the game."

And in its own statement, the NSA told The Washington Post's Switch blog, "We continue to work with, as appropriate, federal organizations, academia, and the private sector to enhance cybersecurity for the good of the nation. No one organization has the resources to do the job alone."

Critics of the agency, however, have said that its dual role as a protector of US networks and an attacker of foreign systems is a dangerous conflict of interest. The agency could improperly use information it gets from companies about vulnerabilities, these critics say, and use it for questionable purposes or to further weaken systems in the name of spying.

Though they were originally somewhat quiet about the NSA-Snowden uproar -- apart from denials about the claim of "direct access" to servers -- Google and other tech companies started making more noise at the end of October, when it was reported that the NSA had secretly tapped into the private fiber-optic networks that connect Google's and Yahoo's worldwide data centers, allowing it to suck up "at will" metadata and content belonging to users of the companies' services.