Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Google security team drops F-bombs on NSA for internal Google cloud data surveillance

Darlene Storm | Nov. 7, 2013
The two Google security team members were reacting to a leaked NSA presentation by The Washington Post.

NSA Serendipity slide, NSA spying on Google's internal networks 
Click on image to enlarge. 

Then, the Washington Post showed new evidence and leaked slides showing how the NSA had access to internal Google cloud data, including "Serendipity New Protocols" slides specifically pertaining to Google. An "expert" told the Post, "This is not traffic you would encounter outside of Google's internal network." In fact, "the slide shows data in a format that is 'only used on and between Google machines. And, also as far as I know, Google doesn't publish their binary RPC [remote procedure call] protocol, which is what this resembles'."

NSA leaked Serendipity slide showing how it spies on Google
Click on image to enlarge.

Google security team member Mike Hearn also exploded with profanity, joining his colleague "in issuing a giant F**k You to the people who made these slides."

Hearn explained, "The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login as part of this system."

We designed this system to keep criminals out. There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason.

Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined. 


Even Eric Schmidt, former CEO of Google, said if it's true that the NSA is spying on Google data centers then it's "outrageous" and "perhaps illegal." Schmidt told the Wall Street Journal, "The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people's privacy, it's not OK." Then he added, "There clearly are cases where evil people exist, but you don't have to violate the privacy of every single citizen of America to find them."

I'm not saying Google is perfect, but at this point, I'm sick to death of NSA's word games and insulting head games; I'm not interested in quoting NSA officials other than to note it's all about denials, or claiming to use legal channels.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.