The emails pertain to a program called Enduring Security Framework (ESF). A program which facilitates communication between major tech vendors and the NSA to secure computer resources against threats the NSA chooses to share.
The story covers the work the NSA should be doing. The misleading headline implied the emails implicate Google and the NSA in something nefarious. At least in the context of other NSA misdeeds.
The article casts doubt on whether the "Enduring Security Framework" is effective. Some people in the security industry think it's a put-on:
But some cybersecurity experts questioned the scenario outlined by Plunkett.
“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”
And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.
“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.
He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”
The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.
Two weeks after the "60 Minutes" broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA had inserted backdoors into BIOS, doing exactly what Plunkett accused a “nation state” of doing during her interview.
Two weeks after the "60 Minutes" broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA had inserted backdoors into BIOS, doing exactly what Plunkett accused a “nation state” of doing during her interview.
But how is this related to the article at hand? Unless the NSA is somehow able to introduce malicious code into Google's systems view email and meetings, what problem is this article trying to address? That Google should avoid any contact with the NSA/government?
That actually sounds a lot like what CISPA was trying to do. And I remember Google supported CISPA.
And I don't know if we know enough details to conclude that it's only stuff NSA shared with Google and others, and not the other way around. Why would securing mobile devices be such a priority for NSA, unless they were the ones trying to get into them, and getting Google, Microsoft and Apple to help them with that?
Posts like this one make me wish there was a downvote button on them. While the headline is technically correct, it's (intentionally) misleading and will draw several comments about how people "suspected this all along" from people who haven't even read the article. Mods, please rename.
The story covers the work the NSA should be doing. The misleading headline implied the emails implicate Google and the NSA in something nefarious. At least in the context of other NSA misdeeds.