90.9 WBUR - Boston's NPR news station
Top Stories:
PLEDGE NOW
Cyber Threats, Google and the NSA

Computer users are seen at the reception area of Google's China headquarters in Beijing on Jan. 18, 2010. (AP)

Post your comments below

News last week that two of the most powerful players in the Internet universe will team up to fight an onslaught of cyber invasions. Google and the NSA — the National Security Agency — will collaborate on cyber security.

Word of the alliance comes just weeks after Google accused China of hacking into its source code and the digital jewels of dozens of other American companies.

And at a time when top intelligence officials warn critical American infrastructure is “severely threatened” by cyber attack.

But what about privacy?

This hour, On Point: Google, the NSA and the age of cyber insecurity.

Guests:

Joining us from Washington is Ellen Nakashima, reporter for The Washington Post. She broke the story on the NSA partnership with Google.

Joining us from Vancouver is Fred Cate, director at the Center for Applied Cybersecurity Research at Indiana University, where he is also a professor of law at the Maurer School of Law.

Joining us from Washington is Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security, from 2005 to 2009, where he worked on international data protection rules. He’s founder of Red Branch Law & Consulting.

Please follow our community rules when engaging in comment discussion on this site.
  • Brian

    Tom, wonder what your guests think of this:

    According to the Markoff in the NYT, there’s also a rather good reason that Google choose the NSA out of all the government agencies around:

    “By turning to the N.S.A., which has no formal legal authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.”

  • Brian

    Markoff story link http://nyti.ms/aqWALg

  • Yar

    It seems that routers should be able to detect when a certain packet signature starts popping up in huge quantities. They should be programed to ignore addresses with those signatures. Sort of a counter attack on the bots. Any attempt to use an infected PC (MAC address) on the web would be redirected to pages that tells the user that the PC is infected and is excluded. Think of it as white blood cells in the fiber.
    Security can be also be multi modal. With cooperation between companies, when you scan your credit card your cell phone is pinged by your cell company. If your cell is not in the same location as the scan then extra security procedures are implemented.
    There are a lot of things we can do, but we must work together.

    I recommend building virtual networks, from the outside to a hacker look like an entire network. It would actually be a program on a single machine(that looks like a router). It could watch how the hacker is attempting to navigate in. Think of it as computerized chess of sorts.

    A hacker is like a vandal with a screwdriver, they can do plenty of damage but that doesn’t mean they can build anything useful.

  • Kash Hoffa

    Here’s a simple solution – get out of China and off their network infrastructure. They’re not necessarily happy to have Google there, just Google’s money (in the form of jobs and services paid for by Google).

    ResPeK

  • http://blogs.alternet.org/bigleyjoshua/ Joshua bigley

    As a group, the Fortune 500 have overlooked or come to terms with the lack of political freedom [in China]. After all, General Motors and KFC are in the business of selling stuff, not principles. And they have to be in China because that’s where the action is. “If you don’t come to the Chinese markets, other countries will,” said Zheng Zeguang,” a mouthpiece for the totalitarian regime.

    The Fortune Five hundred is in the business of selling stuff—not principles? We should remember that big business is of the people and by the people—it draws from the earth that sustains us and the communities that nourish us. After all, people make corporations work. Principles and business should be inseparable and inalienable.

    I don’t want to decouple the economy. I don’t want to completely stop business and trade with China. I just think that China should behave responsibly in the business world, in the consumer world, and with humanity in general, Chinese citizens and world citizens alike. I think that America and other countries should behave in equally responsible ways. And above all, I think all commercial and non-commercial industries need to practice humanistic business ethics—including policies that are open to and support principles of self-determination and free information. So, I’d like to coin a new phrase, a new proverb. Be like Google.

    http://blogs.alternet.org/bigleyjoshua/

  • http://www.nsa.gov/research/selinux/index.shtml Kevin

    The NSA has, as part of its mission, responsibility for strengthening the electronic infrastructure of the United States.

    One of the major efforts in this direction, which is well known to Google, is the open source (and very extensively peer reviewed–paranoid Internet privacy wonks have been over it with a fine tooth’d comb) SELinux project. This involved collaboration with several well known technology providers.

    Tools from SELinux, as well as comparable products such as AppArmor, are available in all major Linux distributions, as well as having migrated into both commercial (e.g. Trusted Solaris) and open source (BSD) UNIX.

    Some distributions routine make use of SELinux by default, and it (and AppArmor, another open source security platform) is fairly easy to manage.

    Similarly, NSA had quite a hand in selection of the standards for AES, which remains the workhorse of military and civilian high-grade encryption.

    In this case, NSA has the technological expertise and the mission to help companies like Google project Americans and the Internet which we rely for our core societal functions.

    On the other hand, the continued use of Microsoft Windows (as well as Outlook and Internet Explorer) remain the single greatest threat from terrorist and foreign espionage. While it is possible to secure a MS Windows server–I believe it requires removing the hard drives, epoxy filled USB ports and unplugging it from the network! :) — this is not something that can be done by the vast majority of Windows system administrators.

  • Alan Pollard

    Any government that actively suppresses public opinion and political thought, like the Chinese government does, should not be trusted. This action on the part of Google confirms that China is engaged in serious cyber infringements.

    Our country needs to pay attention to this threat and do something about it beyond just talking. If Google needs to work with NSA to address the threat, then they need to do it NOW.

    We should be congnizant about privacy concerns, but not be paralyzed to complacent inaction by it. Good for Google. Good for US. Its about time.

    Thank you.

  • Tom from Boston

    The fact that Google’s systems were penetrated in China makes me wonder if the same has happened here in the U.S. (I doubt Google would admit if it were true). Are my Google docs and gmail safe from hackers? Frankly, there needs to be some type of investigation of this. Unfortunately, the press and the government does not scrutinize Google nearly enough. Google is a corporation, the same as Microsoft, Apple and IBM. They are out to make profits. It’s time to look at them with a degree of skepticism that their size and power demands.

  • http://www.dnsstuff.com Rich

    The vector for these attacks is the domain name system (DNS), which connects all web sites throughout the world. There is very little knowledge and expertise about just how vulnerable DNS is.

  • John

    Cyber attackers collaborate and share, this approach of sharing info to defeat or counter the attacks is not exercised in the industry.

    Sharing information to become more offensive is the key, cyber attackers will always share ways to beat the system, why cant the system do the same to defeat attacks, quit worrying about exposing risks, attacks will happen regardless

  • http://10domains.blogspot.com Javed Ikbal

    I do information security for a living and have more than a little professional interest in this.

    First, Google isnt the lily-white entity it paints itself to be. It was fine with Chinese censorship until it got hacked

    next, there are claims and speculation from recognized experts (Bruce Schiner for one) that the Chinese hackers broke into a surveillance system used by law enforcement

    it is likely that US law enforcement or intelligence agencies were using the same system, and the attackers could have found out who was being monitored/surveiled upon by uncle Sam

    That would exain why the secretary of state spoke unusually sternly about that, and why Google is working with NSA

  • ai

    1. China initiates the attacks from China, attacking computers in the US and other countries.
    2. If China attempted to occupy our country physically, or any US registered ship, that would be an act of war. Cyber attacks are just as devastating, if not more so. They must be regarded an act of war too.
    3. Packet filtering to exclude computers located in China will do nothing for security. Google “Tor”,server bots, ddos.
    4. China makes all our electronics including computers and cellphones. Nothing to prevent them from creating hardware/firmware hacks that record keystrokes and periodically “phone home.”

    Fun times await.

  • jack

    I was told by an expert in internet security that the truth is that the US has launched much more cyber attacks to other countries than others do to us. is that true?

  • todd

    What are the chances of a cyber, ‘false flag’ attack being perpetrated.

    The US has a history of this dating back to the Spanish American War. This new attack could be a way for the Fed Gov’t. to spy on citizens and companies without restriction.
    Hmmmmmmmmm.

  • Josh

    Hey Tom,

    I’m wondering if any of the experts you have on today could comment on the danger represented by privately controlled botnets and the likelihood of those botnets being rented or sold to private/public organizations in order to carry out attacks on private or public secure networks/data. Thanks.

  • Todd

    Two wolves forming a cooperative partnership to guard the chicken coop. “Don’t be evil”…bullsh*t.

  • Brett

    In listening to this program, I was wondering how a “Tea Party” person/knee-jerk, armchair libertarian would view this story…would there be a “this is just another example of that Socialist Obama trying to have our government take over our lives by monitoring our computers!” mentality? Or a “I want my Internet freedom back!” sentiment? And would he/she carry around signs at “Tea Party” rallies that say, “Just say NO! to Obama-net!” And would he/she want no NSA involvement and would suggest leaving this to only the private sector to solve, that the NSA will just create bureaucracy and waste and stifle innovation while stealing more of our tax dollars! “I don’t want a bureaucrat to come between me and my Internet search engine!”

    Even more opportunistic might be a John Boehner response: “the Bush administration spent eight years protecting our freedoms and keeping us safe from cyber attacks by terrorist groups when they removed unwarranted constraints and restrictions on wire taps; Obama has shown he is soft on cyber attacks by terrorists by ignoring potential threats and allowing them to proliferate while he has been out playing golf and vacationing in Hawaii! Google has shown great pro-active strength in wanting to protect the American people by building partnerships with the NSA in fighting terrorism in cyber space, and this will in turn protect our military, business interests and personal lives!”

    Or Dick Cheney: “our national security is at risk, and I for one am glad to see the private sector–which I might add have been instrumental in securing the necessary presence in Iraq and Afghanistan that this administration has failed to provide–work in concert with intelligence agencies to strengthen our defenses against terrorist cyber attacks, all while the President dithers!”

    Or Mitch McConnell, “the Democrats are trying to ram socialized medicine down the throats of the American people while our country becomes weakened to defend itself against cyber attacks!”

    Or how about a Sarah Palin, “we don’t need a slick, Harvard-educated teleprompter reader! …We need a leader who is gong to be tough on [as she looks down at notes scribbled on her hand that say, "cyber attacks"] cyber attacks!” “You betcha!” As a “Tea Party” crowd goes wild…

  • Bruce

    The panelists were impressive. They did a good job outlining the quandary presented by this new form of warfare. A state-sponsored physical attack on major civilian or business targets would surely be considered an act of war, but we haven’t quite figured out what to call (or how to react to) a cyber attack that could ultimately lead to very similar damage. Or what to do with the perpetrators should we apprehend any of them.

    Couple this new form of warfare with the growth of non-state sponsored warfare (terrorism, failure to follow Geneva rules) and we have a very messy situation. War is hell, but this is a different kind of hell. Law and policy tend to be created in a reactive fashion. It is a messy process. Making sausage.

  • ageofaquarius

    I can’t believe people praise Google about protecting people’s privacy. And why do they put Google Earth on Internet, so everyone can zoom in to see where you live from a bird eye, and the person is looking at it lives thousands of miles away. It’s creepy!

    Google contradicts themselves on their business practice, they stand up only for their own good, not for users not for principals. Their business practice intertwined with government agencies, do you really believe the story told the news press? I’m open for speculation.

  • ageofaquarius

    To some American, please wake up! Our government agencies is the most tricky one in the world. Our government will attack others preemptively, and come back to point fingers at others. This is the greatest example of killing a small fish to lure a bigger fish.

    American conducts the most bully and hypocritical foreign policy in this whole world, but always comes back to play an innocent little lamb being eaten by a big bad wolf – CHINA. Who are you fooling? Maybe some very one-side minded people, who can’t distinguish right or wrong as long as your country is protecting you at the cost of others.

  • ageofaquarius

    ****I’m open for speculation.**** should’ve been “I’m open for skepticism”. Sorry.

  • justanother

    Brett,

    You did a pretty good job on projecting the past, present, and the future of the “NOPE” party. :-)

  • Brett

    Well, they may say “NO!” But their eyes say…”NO!” ;-)

  • ray

    Tom,

    None of your guests commented on the article by Bruce Schneier, one of the top computer security experts in the world, entitled “U.S. enabled Chinese hacking of Google.”

    “In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.”

    http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html

    Google archives every search done on its system, along with the ip address of the searcher. If Google really cared about the privacy of their users, they would not keep this data.

    Cyber attacks on critical systems such as power grids could easily be prevented by not connecting computers used by the grids to the Internet.

    Please do another program on this subject, and get some other guests on, perhaps from the Electronic Frontier Foundation (EFF) or the Electronic Privacy Information Center (EPIC)

  • Pingback: How Orwellian…

ONPOINT
TODAY
Aug 27, 2014
Russian President Vladimir Putin, left, shakes hands with Ukrainian President Petro Poroshenko, right, as Kazakh President Nursultan Nazarbayev, center, looks at them, prior to their talks after after posing for a photo in Minsk, Belarus, Tuesday, Aug. 26, 2014. (AP)

Vladimir Putin and Ukraine’s leader meet. We’ll look at Russia and the high voltage chess game over Ukraine. Plus, we look at potential US military strikes in Syria and Iraq.

Aug 27, 2014
The cast of the new ABC comedy, "Black-ish." (Courtesy ABC)

This week the Emmys celebrate the best in television. We’ll look at what’s ahead for the Fall TV season.

RECENT
SHOWS
Aug 26, 2014
Matthew Triska, 13, center, helps Alex Fester, 10, to build code using an iPad at a youth workshop at the Apple store on Wednesday, Dec. 11, 2013, in Stanford, Calif.  (AP)

Educational apps are all over these days. How are they working for the education of our children? Plus: why our kids need more sleep.

 
Aug 26, 2014
Federal Reserve Chair Janet Yellen, right, speaks with Ady Barkan of the Center for Popular Democracy as she arrives for a dinner during the Jackson Hole Economic Policy Symposium at the Jackson Lake Lodge in Grand Teton National Park near Jackson, Wyo. Thursday, Aug. 21, 2014.  (AP)

Multi-millionaire Nick Hanauer says he and his fellow super-rich are killing the goose–the American middle class — that lays the golden eggs.

On Point Blog
On Point Blog
Poutine Whoppers? Why Burger King Is Bailing Out For Canada
Tuesday, Aug 26, 2014

Why is Burger King buying a Canadian coffee and doughnut chain? (We’ll give you a hint: tax rates).

More »
1 Comment
 
Why Facebook And Twitter Had Different Priorities This Week
Friday, Aug 22, 2014

There’s no hidden agenda to the difference between most people’s Facebook and Twitter feeds this week. Just a hidden type of emotional content and case use. Digiday’s John McDermott explains.

More »
Comment
 
Our Week In The Web: August 22, 2014
Friday, Aug 22, 2014

On mixed media messaging, Spotify serendipity and a view of Earth from the International Space Station.

More »
Comment