Google admitted that it contacted the NSA about the incident because China was implicated in the attack that targeted the Gmail accounts of Chinese human rights activists.
In response, EPIC sought records about the conversations between NSA and Google over the Aurora attack. NSA responded that it could neither confirm nor deny the existence of such records, known as the Glomar response. EPIC sued NSA, but a lower court ruled in favor of NSA. EPIC then appealed, and lost the appeal.
“It is apparent that any response to EPIC’s FOIA request might reveal whether NSA did or did not
consider a particular cybersecurity incident, or the security settings in particular commercial technologies, to be a potential threat to U.S. Government information systems. Any such threat assessment, as well as any ensuing action or inaction, implicates an undisputed NSA “function”—its Information Assurance mission—and thus falls within the broad ambit of Section 6 of the National Security Agency Act”, the appeals court ruled.
In case you are wondering where Glomar comes from, the National Security Archive has provided an informative explanation.
“The term comes from a very large ship named the Glomar Explorer built by the CIA with help from Howard Hughes. In 1968 it was used in ‘Operation Jennifer,’ an attempt to recover a sunken Soviet submarine. Seymour Hersh, of the New York Times sniffed a story, but the CIA successfully convinced The Times to suppress publication. A year later a journalist, Ann Phillippi, filed a FOIA request for documents about the Glomar Explorer and the CIA’s attempts to censor press coverage. The CIA, citing FOIA law, claimed it could ‘neither confirm nor deny’ that documents about either the ship or the censorship existed. The name stuck.”