Two sets of emails obtained by Al Jazeera America under a Freedom of Information Act request suggest that Google's cooperation with the NSA (National Security Agency) may have been less coerced than the company has let on.
The emails date back to June 2012 and chronicle communications between NSA director General Keith Alexander and Google executives Eric Schmidt and Sergey Brin.
[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
In one email, Alexander refers to a previous meeting between NSA and Google officials and then invites Schmidt to a four-hour "topic-specific" and "decision-oriented" classified briefing on mobile threats and security.
"Google's participation in refinement, engineering and deployment of the solutions will be essential," Alexander said in the missive.
In response, Schmidt professes his delight at meeting Alexander recently while noting his inability to attend the meeting because of a prior engagement. "Would love to see you another time," Schmidt says in an email.
Alexander's email refers to a government/industry information sharing initiative called the ESF (Enduring Security Framework), which was launched in 2009 by the Department of Homeland Security, U.S. Department of Defense, and the CEOs of 18 technology companies.
Alexander notes in the email that under the ESF initiative, the NSA worked with several top tech companies, including Intel, AMD, Dell, HP and Microsoft, to address a security threat in the BIOS of several enterprise systems.
In an interview on the television news program 60 Minutes last December, NSA cyber defense director Debora Plunkett outlined details of the BIOS threat referred to in the letter. Plunkett said a state-sponsored group in China created a BIOS plot to "brick", or destroy, systems in the U.S. and the NSA joined with top tech firms to address the threat.
In the email to Schmidt, Alexander also sought Google's help in addressing mobile security threats. "A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security practices," Alexander wrote.
The classified meeting was to provide the CEOs of these companies with information on how they could mitigate specific threats to their mobile technologies, he said.
In an email addressed to Brin, Alexander expresses his appreciation for the contributions to the ESF effort made by several top Google technologists, including Vint Cerf, vice president and Chief Internet Evangelist, and Eric Grosse, vice president of security engineering. "You insights as a key member of the Defense Industrial Base are valuable to ensure that ESF's efforts have a measurable impact," Alexander aid.
A Google spokeswoman today said the company worked with a range of experts, including those from the government, to protect users from cyberattacks. "We work really hard to protect our users from cyberattacks and we talk to outside experts, including occasionally in the US government, to ensure we stay ahead of the game."