

Emails reveal close Google relationship with NSA - chmars
http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html

======
campbellsoup
The article is dated "May 6, 2014 5:00AM ET", hardly news...

To me it seems more like the NSA wanted to make the Web giants aware of new or
unmitigated threats. Here's a quote from Gen. Alexander:

“About six months ago, we began focusing on the security of mobility devices,”
Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently
came to agreement on a set of core security principles. When we reach this
point in our projects we schedule a classified briefing for the CEOs of key
companies to provide them a brief on the specific threats we believe can be
mitigated and to seek their commitment for their organization to move ahead …
Google’s participation in refinement, engineering and deployment of the
solutions will be essential.”

~~~
madaxe_again
"It seems"

Yes it does. A year ago "it seemed" that the internet wasn't 100% insecure,
however.

Therefore, this was more likely than not a cover.

I mean, we already know from Snowden that the bios bit is a lie. They didn't
fix a vulnerability, they introduced one.

Edit: Not entirely sure why I'm being downvoted for this - see
[http://www.tomsitpro.com/articles/dell-nsa-ant-
deitybounce-s...](http://www.tomsitpro.com/articles/dell-nsa-ant-deitybounce-
snowden,1-1524.html) and [http://leaksource.files.wordpress.com/2013/12/nsa-
ant-deityb...](http://leaksource.files.wordpress.com/2013/12/nsa-ant-
deitybounce.jpg?w=1208&h=1562)

~~~
SeanDav
* "Edit: Not entirely sure why I'm being downvoted for this" *

You are implying something negative about Google. There are a lot of Google
employees and Google fanboys active on HN that will happily downvote anything
negative on Google whether it has merit or not.

That is not to say that everyone who works at Google or who likes Google
products cannot accept criticism but a number will downvote you regardless.
The same applies to Apple, Microsoft and other cliques. If you make a negative
post about them, be prepared for downvotes.

In addition you are not presenting any proof and even though your point may be
perfectly valid and correct it does smack of a conspiracy theory which tends
to attract downvotes as well. Who knows what the real truth is, just don't use
Google products if you are concerned, there are alternatives out there.

------
XzetaU8
[https://news.ycombinator.com/item?id=7706423](https://news.ycombinator.com/item?id=7706423)

~~~
chmars
Sorry for that, I had only stumbled on the article today, and HN did not catch
it as a double post.

------
Sanddancer
This just exemplifies the NSA's role of being the crack dealer of information
security. There's always a free sample, and it's always addictive enough to
get you coming back for more, at their costs. Google et al got info on actual
threats, so when the NSA came back later to ask for "favors", a lot of
critical analysis of what the actions really entailed that should have been
done was left by the wayside.

Then again, the NSA has a pretty long history of doing this. Look at the work
the NSA did on DES, for example. They strengthened the S-boxes against
differential cryptanalysis at the cost of ensuring that they'd be able to
brute force things secured with the algorithm years before anyone else could.

~~~
pilsetnieks
Not to be an apologist but I've only ever heard the first part - that they
strengthened the S-boxes against differential cryptanalysis at a time when
everyone else was still 10 years away from discovering it.

If you mean with the second part that the key was shortened from 64 to 56 bits
then that made it easier for _everyone_ to brute force it, provided you had
the resources.

~~~
Sanddancer
Yes, it made it easier for everyone, however, because the NSA had a lot more
money to throw at the problem, they could do such years ahead of anyone else.
Also, the NSA originally was trying to get IBM to use a 48-bit key; 56 bits
was a compromise.

~~~
csandreasen
The Technical Director of the NSA Information Assurance Directorate gave a
less sinister explanation for this in a keynote talk[1]. It was dropped from
64 bits to 56 bits for two reasons: 1) they wanted to add 8 parity bits to
make it more robust for tactical military use, and 2) they decided that 56
bits would be an acceptable key length to _only_ last for a couple decades
before it would have to be replaced. They had no way of knowing in 1976 what
advances in cryptanalysis would be made over the next several decades, and
wanted to make sure that the public wouldn't be tempted to rely on any one
particular algorithm longer than was necessary.

This might seem counter-intuitive at first, but remember that the biggest
threat to NSA cryptography was from Soviet cryptanalytic work, not from the
public sector. Public researchers would publish any advances they made. If the
Soviets cracked DES there wouldn't be any public notification - they'd just
siphon off sensitive data for years until they were caught.

[1] [http://vimeo.com/97891042](http://vimeo.com/97891042) (the whole talk is
interesting, but jump to 22:50 for the DES part)

------
qwerta
One day all NSA data will leak and appear on Internet as gigantic zetabyte
torrent....

------
erikb
I don't understand much about IT security and privacy matters, but does it
really say anything about Google giving data access to the NSA?

~~~
ejr
As far as I can decipher - because like most news posts, it contains a lot of
words without a matching volume of content - the core of the content can be
boiled down to:

    
    
      * Silicon Valley CEOs and the government had meetings on protecting infastructure
      * A BIOS infiltration plot was derailed, but details on it were technobabble, 
        according to expert : https://news.yahoo.com/60-minutes-bios-plot-may-214330769.html
      * Alleged backdoor in BIOS. Linked article on Spiegel is about routers : 
        http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html)
      * Government continues to enlist company help in thwarting attacks.
        Specifically targeting mobile devices. Again, details are sparse.
    

There's no direct evidence, and it's unlikely you'll ever find any, that
Google or indeed most other companies are directly giving the government
access to private data. The biggest issue is the obvious conflict of interest
as noted by observers where the NSA is trying to protect infrastructure while
having a means to weaken it benefits them as well.

~~~
nezza-_-
The Spiegel article is not only about routers, it specifically mentions
"malicious code in so-called BIOS" too.

------
abritishguy
I see nothing in this article that concerns me.

------
darvy
I want to know why Sergey doesn't use capital letters in his email! Is there a
reason for this?

~~~
amatera
Yes, he did wrote this from his iPhone. ;-)

~~~
abritishguy
iPhone would have automatically capitalised several of those words.

~~~
amatera
This was a joke. I guess he use a Nexus anyway.

