Google’s alleged secret relationship with the US intelligence community (IC) was divulged by an IT contractor and confirmed by US intelligence authorities familiar with the matter during the OSS.Net IOP conference near Washington, DC. The contractor, who spoke on a not-for-attribution basis, said that at least one US intelligence agency he declined to identify is working to “leverage Google’s [user] data monitoring” capability as part of an effort by the IC to glean from this data information of “national security intelligence interest” in the war on terror.
The intelligence sources, also speaking on a not-for-attribution basis, would not say under what authority the IC had obtained Google’s cooperation, or which intelligence agency is involved. One of the sources did say, however, that the CIA’s Office of Research and Development “has been giving them additional money and guidance and requirements.”
Last November, the CIA – through In-Q-Tel (the venture capital firm set up by the CIA to "identify and invest in companies developing cutting-edge information technologies that serve United States national security interests”) – issued notices to sell $2.2 million worth of Google stock.
Robert David Steele, intelligence veteran and CEO of OSS.Net, Inc. which sponsored last week’s event, told HSToday.us Tuesday evening that "Google is being actively hypocritical and deceptive in playing up its refusal to help the Department of Justice when all along it has been taking money and direction for elements of the US Intelligence Community, including the Office of Research and Development at the Central Intelligence Agency, In-Q-Tel, and in all probability, both the National Security Agency (NSA) and the Army’s Intelligence and Security Command."
Steele added, “I have no doubt that Google, in its arrogance, decided it could make a deal with the devil and not get caught.
“In my view, Google is a public resource and must remain purer than Ceasar’s wife. I am sympathetic to Google’s rolling over for China and agreeing to curtail some content – that can be reversed later. However, I am very unsympathetic and critical of Google for violating its ‘do no harm’ rule. In my view, a secret financial and secret information sharing relationship with the US Intelligence Community – or any other intelligence community – violates everything about Google that should be sacred, and suggests that we can no longer trust them to live up to their original ethos.”
Steven Aftergood, director of the Federation of American Scientists’ Project on Government Secrecy, said, “it would bedisappointing if, after taking a principled stand against indiscriminate government intrusion [in the matter of the DoJ subpoena], Google bent over for the NSA. It also underscores the need for a public conversation on the new boundaries of personal privacy and the need for new protections.”
Former IC officials, including one who worked for the National Security Agency, told HSToday.us this week that NSA is the agency most likely to have access to Google’s user data for the purpose that was described at the OSS.Net conference. But, the former NSA official quipped, “if the government thinks Google’s got the greatest info capturing ability, what has NSA been doing all these years?”
NSA routinely monitors regular Internet traffic and has been intercepting targeted domestic Internet-based communications as part of a surveillance effort authorized by President Bush to conduct warrantless interception of domestic electronic communications in the hunt for terrorists. A hunt veteran counterterrorists have told HSToday.us is necessary and successful, though such successes are rarely if ever discussed or acknowledged publicly.
Using his executive authority, Bush gave NSA permission to carry out the warrantless surveillance, an action whose legality has been questioned and is soon to be subject to congressional hearings. For its part, the administration in recent weeks has put forth a forceful argument for the legality of its domestic surveillance activities.
The IT contractor who initially disclosed that Google has a secret relationship with the IC said in a follow-up e-mail Sunday evening to HSToday.us that he knows under what authority Google is cooperating with the IC, as well as the details of the cooperation, but declined to elaborate because of the nature of his work for clients. The source had said in an e-mail on Saturday that “Google proactively cooperates” with the IC, and added, “I am not sure the White House knows this.”
Pursuant to provisions of the PATRIOT Act, the government has the power to demand information in secrecy from any business if it deems the information is in the interests of national security. Such information, though, is required by the PATRIOT Act to be requested by the FBI, whose field supervisors are authorized to issue National Security Letters (NSLs) without court authorization to obtain records from “electronic communication service providers.”
Despite repeated efforts, comment from Google was unavailable. Don Weber, NSA spokesperson, told HSToday.us, "the terrorist surveillance program remains highly classified, therefore, it would be irresponsible for us to discuss actual or alleged operational issues."
Google, DoJ and Google’s stance on privacy
The DoJ subpoena demands that Google turn over records on millions of users’ search queries as part of a government prosecution of pornographers. On Jan. 18 DoJ filed a motion to compel Google to comply.
In its communications to DoJ, Google expressed its intent to keep its user data out of prying eyes. "Google’s acceding to [DoJ’s] request would suggest that it is willing to reveal information about those who use its services," wrote US Google attorney Ashok Ramani in an Oct. 10 letter to DoJ attorney Joel McElvain. "And one can envision scenarios where queries alone could reveal identifying information about a specific Google user, which is another outcome that Google cannot accept," the letter continued.
Google co-founder Larry Page did tell ABC News last Friday with regard to the DoJ’s subpoena that "our company relies on having the trust of our users. That’s a very strong motivation for us … I think instead we should have laws that protect the privacy of data, for example, from government requests and other kinds of requests."
Saturday, Google said it will vigorously defend itself against the government’s demands that it turn over the information about the searches DoJ is demanding.
Nicole Wong, associate general counsel for Google, told Newsday the government’s demand goes too far. "We had lengthy discussions with them to try to resolve this, but were not able to, and we intend to resist their motion vigorously.”
But these positions are contradicted by the claims of intelligence officials and the IC contractor at the conference last week.
“Google has chosen to refuse to comply with the subpoena” since it was first issued last August, even as three of its competitors agreed to provide information, according to DoJ’s “Motion to Compel” documents.
Google’s response to the Justice Department’s subpoena was that it is "unduly burdensome, vague … intended to harass," and would jeopardize its trade secrets and could expose identifying information about its users.
DoJ wants the information as part of its effort to enforce the Child Online Protection Act, a 1998 federal law that is supposed to ban Internet sites from displaying content that the government deems "harmful to minors." The Supreme Court ruled the law can’t be enforced, though, unless the government shows less intrusive measures such as Internet filtering are inadequate. DoJ wants the data it is seeking from Google to show that Internet pornography is so pervasive that only a federal law can protect children from it.
"We’re not asking for the identity of Americans. We simply want to have some subject matter information with respect to these communications. This is important for the Department of Justice and we will pursue this matter," Attorney General Alberto Gonzales told reporters.
Google in turn argued the government could obtain the same information from other public sources and that acceding to the request "would suggest that it is willing to reveal information about those who use its service.”
Google’s intelligence cooperation
According to the sources attending last week’s conference of intelligence professionals, Google is working with a US intelligence agency to provide much more detailed information on its search engine users than that being requested by the Justice Department. The contractor said three employees of an intelligence agency he declined to identify are in Mountain View, Calif. where Google is based, working with the company to leverage the search engine company’s user data monitoring capability in the interests of national security.
The contractor explained to conference attendees that Google’s user data is the “single greatest repository of [Internet] user [click stream] data” that there is, and that it has “tremendous value” to the IC. According to the source, an unidentified intelligence agency has established a working relationship with Google to make use of this information in an unspecified, analyzed form, but presumably utilizing Google’s sophisticated user tracking software.
"Click streams" are the paths visitors take through a web site. Analyzing click stream data can help uncover navigation patterns and common paths. In short: User browsing habits, from which a great deal can be gleaned.
Traditional click stream analysis reports provide information on every visitor that enters a web site. These reports show which search engines and keywords people use to find a web site and how well they convert a web site’s visitors into buyers and sales leads.
“The spies in Washington would love to have access to Google’s user data,” Daniel Brandt has said. Brandt is an information specialist who directs Public Information Research Inc., which runs GoogleWatch.org and Scroogle, a service to anonymously search the Web through Google.
A stern critic of Google’s use of still mysterious cookies with expiration dates in 2038, Brandt said “the purpose of [Google’s] unique ID is to record your search terms for present or future profiling.”
Brandt asks on his GoogleWatch.org website: What “if Google builds a database of keywords associated with [its Gmail] addresses? The potential for abuse is staggering. Google could grow a database that spits out the email addresses of those who used those keywords. How about words such as ‘box cutters’ in the same email as ‘airline schedules?’ Can you think of anyone who might be interested in obtaining a list of email addresses for that particular combination?”
“Intelligence agencies would love to play with this information,” Brandt said. “Diagrams that show social networks of people who are inclined toward certain thoughts could be generated. This is one form of ‘data mining,’ which is very lucrative now for high-tech firms, such as Google, that contract with federal agencies. Email addresses tied to keywords would be perfect for this. The fact that Google offers so much storage turns Gmail into something that is uniquely dangerous and creepy.”
Philipp Stark, Ph.D, a Professor of Statistics at the University of California, Berkeley who filed a “Declaration of Support” for the Justice Department’s subpoena of Google, says “reviewing user queries to search engines” can help to “understand the search behavior of current web users …”
"This is the camel’s nose under the tent for using search engines and all kinds of data aggregators as surveillance tools," Jim Harper of the libertarian Cato Institute who also runs Privacilla.org, an Internet privacy database, told Reuters Friday about Justice’s move to have a judge compel Google to turn over the information it’s seeking.
Robert Steele, who has long advocated the use of open source information in the intelligence collection process, said late last year that “the private sector, under the leadership of Google, IBM, CISCO, and L-3 communications, will devise generic open source intelligence solutions that are so inexpensive and sensible as to seriously challenge the existing practice of selling clearances,bodies, and single-point technology solutions that do not answer the mission need for actionable intelligence.”
The IT authority who initiallydisclosed Google’s relationship with the IC at last week’s conference said that Google has the capability to read information at a speed of around 583 megabytes a second and responds to more than 1 billion queries per 24 hours.
The contractor had previously written that “Google has a supercomputer that delivers applications. Some of these applications are free for the user; for example, search. Other applications are for Google’s 4,000 employees; for example, the programmers who craft applications for the Googleplex and employees who use the formidable number-crunching capabilities of the Googleplex to figure out what users are doing.”
But more important than that, the authority said last week, is Google’s user data monitoring applications.
The authority explained that Google’s virtual software, which allows the user to perform a task on any device as long as an Internet connection is available without the hassle of software installation, also “can do fuzzy [user] monitoring” with the information provided by Google’s session cookies, which he said are “persistent cookies that expire at a future time;” “aggregate users’ actions into one pool;” and “cluster to defuzzify data.”
“With user permission,” an application can provide “fine-grained monitoring” of user by identifiers; apply analytic processors to a user or users with similar behaviors; and cross-tab the fine-grained data with the fuzzy data.
The contractor added that “users don’t know what [sorts of applications are] running where,” and “system administrators don’t know what Google captures and monitors … a major drawback for organizations is that [Google’s] virtual applications may have a copy of data and fine-grained data about what users did what on the system.”
A Google spokesman previously said user data is not currently correlated with each user’s search query, but conceded that Google’s technology and privacy policies would allow the company to do so.
Sources did not say whether the IC is working with Google to use the company’s Google Analytics service, which Google describes as “tell[ing] you everything you want to know about how your visitors found you and how they interact with your site.”
Google and intelligence
Civil liberties and privacy rights authorities applauded Google’s decision not to comply with the DoJ’s subpoena, which has sparked a debate on the volumes of personal data Google collects on its users, but they have been relatively silent on the firm’s quasi-open relationships with the Intelligence Community.
In June 1999, the then up-start Google received a $25 million round of equity funding led by Sequoia Capital and Kleiner Perkins Caufield & Byers, the latter of which the CIA’s In-Q-Tel had developed a close relationship with to advance “priority” technologies of value to the IC. A number of Sequoia-bankrolled start-ups have contracted with the Department of Defense, especially after 9/11 when Sequoia’s Mark Kvamme met with Defense Secretary Donald Rumsfeld to discuss the application of emerging technologies to warfighting and intelligence collection.
In the fall of 2004, Google acquired Keyhole Inc., a start-up business launched with seed capital from the CIA’s In-Q-Tel in February 2003. Keyhole was In-Q-Tel’s first nurturing of a company on behalf of the National Imagery and Mapping Agency, now the National Geospatial-Intelligence Agency.
In 2003, Keyhole’s CEO, John Hanke, was quoted in an In-Q-Tel press release stating, "Keyhole’s strategic relationship with In-Q-Tel means that the Intelligence Community can now benefit from the massive scalability and high performance of the Keyhole enterprise solution."
Google also is using CIA-funded Basis Technology’s Rosette Platform, a suite of interoperable software components which enable document handling systems to identify, classify, and search unstructured text in the languages of East Asia, Europe, and the Middle East. The platform provides advanced linguistic capabilities including normalization; morphological analysis; and named-entity extraction. Yahoo also is using the technology.
Former IC software engineers are known to have worked for Google, and Google technical job announcements have noted applicants seeking to work on the Google Search Appliance “must have current government top security clearance” at the TS/SI level. "SI," or special intelligence, is a euphemism for communications intelligence, or COMINT.
Google also has had contracts to provide specially tweaked high-end search software for the IC, Army and other US government departments. In 2003, for example, under a special contract with the CIA, Google customized its high performance Google Search Appliance for the Intelink Management Office, which oversees top-secret, secret and sensitive but unclassified intranets for CIA and other IC agencies.
That same year, the CIA quietly began funding a series of research projects through the National Science Foundation to create "new capabilities to combat terrorism through advanced technology." One of the funded programs was for development of “a system to be deployed in the background of any chat room as a silent listener for eavesdropping … The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention."
The IC, especially the CIA and NSA, already works with other high-tech businesses like VentureGov Group to deliver innovative solutions that fulfill strategic needs in the federal marketplace.
VentureGov has established sales channels with many major system integrators that have IT contracts with the Department of Defense, CIA, NSA, Department of Homeland Security and DoJ.
Meanwhile, “the Justice Department’s dispute with Google comes as the government is moving aggressively on several fronts to obtain data on Internet activity to achieve its law enforcement goals, from domestic security to the prosecution of online crime,” the New York Times reported, adding, “under the antiterrorism law known as the USA Patriot Act, for example, the Justice Department has demanded records on library patrons’ Internet use.”
Click here for the main Kimery Report page.