Google turns to the spooks

I know that cloud computing is wonderful, etc. but have you noticed this development?

Just the thought is enough to send an involuntary little shiver up your spine: Google — keeper of a vast repository of data on our activities, interests and connections — working hand-in-hand with the National Security Agency — the top-secret electronic surveillance specialists who have been known to go rogue from time to time. But according to sources who spoke to the Washington Post, there are delicate talks now going on to form such a partnership with the goal of fortifying Google’s defenses against the kind of espionage-oriented hacking attacks launched from China against it and dozens of other U.S. companies in December.

Google reportedly approached the NSA shortly after the attacks, but in an indication of the sensitivity of such arrangement, the talks have been going on for weeks. Reports the Post: “Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.” What the agency would be do, as it has with other corporations, is help Google evaluate hardware and software vulnerabilities and gauge the sophistication of its attackers.

At face value, it all sounds reasonable, especially given the suspicions of state support for the Chinese hacking, but of the many things the NSA can tap, a deep reservoir of public trust is not one.


The FT’s Gideon rachman spent the morning at the International Institute for Strategic Studies’s briefing on their annual survey of the ‘Military Balance’. He reports that

The briefing offered by the IISS experts ranged fascinatingly over a variety of topics from the Iranian nuclear programme, to Russia’s new military doctrine and the links (or lack of them) between al-Qaeda and Iran.

But the thing I found most interesting was the confirmation that cyber-security is the hot issue of the day. John Chipman, the head of the IISS, says the institute is about to launch a special study of cyber-security which raises all sorts of fascinating issues about hard power, about the responsibilities of states and about international law. What if a country’s infrastructure could be destroyed as effectively by a cyber-attack, as by an invasion of tanks? How do you defend against that? How do you identify the culprits? And what does international law have to say about the issue – might we have to revise our definitions of what constitutes an act of war? Chipman argues, plausibly, that we are now at an equivalent period to the early 1950s. Just as strategists had to devise whole new doctrines to cope with the nuclear age, so they willl have to come up with new ideas to cope with the information age.

And over at the Guardian Charles Arthur has an exhaustive (or should that be exhausting?) analysis of whether the UEA Climate Research Unit’s emails were hacked. His conclusion:

After the July incident, perhaps CRU failed to batten down the hatches, either through technical failings or because someone inside was subverting the efforts. So what happened in November?

Rotter blogged his theory last year. “In the past I have worked at organisations where the computer network grew organically in a disorganised fashion. Security policies often fail as users take advantage of shortcuts … one of these is to share files using an ftp server … This can lead to unintentional sharing with the rest of the internet.”

He added that files were perhaps put “in an ftp directory which was on the same central processing unit as the external webserver, or even worse, was on a shared driver somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available”.

If this hypothesis turns out to be true, UEA may end up looking foolish. For there will be no one to arrest.

In other words, the cock-up theory of history rules ok.