NSA and Google Can Keep Relationship Secret

The National Security Agency does not have to disclose its relationship with Google amid press reports that the two partnered up after hackers in China launched a cyber attack on the U.S. government, an appeals court ruled. In February 2010, the Electronic Privacy Information Center requested a number of communications between the NSA and Google regarding cyber security. Following an alleged Chinese hacker attack, media outlets had reported that NSA teamed up with the web giant for an investigation. The center, which calls itself a public-interest group dedicated to civil liberties issues, requested records "concerning an agreement or similar basis for collaboration" and "Google's decision to fail to routinely encrypt" Gmail messages and Google Docs. The NSA denied the Freedom of Information Act request for the documents. "While it acknowledged working 'with a broad range of commercial partners and research associates,' the Agency refused to 'confirm [or] deny' whether it even had a relationship with Google," the court's order said. This type of answer is known as a Glomar response after the Hughes Glomar Explorer, a ship used in a classified CIA project to raise a sunken Soviet submarine from the Pacific Ocean. U.S. District Judge Richard Leon agreed with the NSA that the requested documents were protected, relying on a declaration by Diane Janosek, NSA deputy associate director for policy and records. "[A]ny acknowledgement by NSA of the existence or nonexistence of a relationship or agreement with Google... would reveal whether or not NSA considered the alleged attack to be of consequence for critical U.S. government information systems," Janosek said in her declaration. The Electronic Privacy Information Center appealed the decision, and the D.C. Circuit Court of Appeals upheld the judgment in favor of the NSA in an opinion Friday. Judge Janice Brown found that the declaration by Janosek was sufficient to justify the withholding of the requested information. "Because the Government is 'largely dependent on commercial technology for its information systems,' NSA also monitors commercial technologies purchased by the government for security vulnerabilities," the judge wrote, quoting Janosek's declaration. "If NSA concludes that vulnerabilities in those commercial technologies pose a threat to U.S. Government information systems, NSA may take action against the threat," she continued. Because the government neither confirmed nor denied the existence of the requested documents, the judge found it would be futile to conduct a search analysis.