Back in 2010, following the Chinese Aurora attack against Google, rumors emerged that the internet giant had turned to the NSA. The implications for Google’s global users inherent in any secret relationship with the US National Security Agency are huge. Although the PATRIOT Act already means that Google could be forced to release any personal data it has on any user of any nationality, a secret and private relationship could mean an existing and steady flow of information. It might also mean that Google’s privacy stance is influenced by NSA preferences.
On 4 February 2010, the Washington Post reported, “Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA.” EPIC rapidly submitted a Freedom of Information request to the NSA requesting any documents pertaining to this NSA/Google relationship. The NSA’s response was Glomar – a refusal to confirm or deny that any records exist.
EPIC took the matter to the courts. But in July 2011 US District Judge Richard Leon decided in favor of the NSA and against EPIC. Now, in a hearing set for next week, EPIC is returning to court. It wants the summary judgement delivered by Judge Leon overruled, and judgement instead for its own FOI request. It will argue that the NSA neglected to search for the requested documents, and that without knowing whether the documents exist there is no basis for a Glomar response.
In a 12 March written statement to Senators Patrick J. Leahy, Chairman, and Chuck Grassley, Ranking Member of the Committee on the Judiciary, EPIC explains the relevance of its stance. “The NSA’s claims,” it writes, “would allow the agency to exercise unfettered discretion to dismiss any Freedom of Information request brought before it. For this reason, EPIC will be arguing before the DC Circuit next week in support of the public’s right to know about the cyber security decisions that may determine, for example, whether a federal agency believes individual users should routinely encrypt their email.”