How the Chinese Exploited the Shady Relationship Between US Spymasters and Google
Silicon Valley is now ground zero of the biggest espionage struggles facing the United States since the height of the Cold War. The glitzy suburbs between San Francisco and San Jose are filled with agents playing a cat-and-mouse game over stealing high-tech secrets after the Chinese accomplished what the Soviets only dreamed of.
In 2009, China hacked into Google to see which of its spies were known to the FBI by tracing secret FBI data requests. Two years later, China hacked into RSA, a company hired by defense contractors to encrypt their computers and stole detailed plans for major U.S. weapons systems including new fighter planes, worth trillions, and critical domestic infrastructure including gas pipelines.
The military hardware thefts have been called the largest transfer of intellectual property "in history" by top national security officials and arguably are a bigger intelligence failure than al-Qaeda's attacks on September 11, 2001.
They are now front-page news as President Obama plans to meet China’s president on Friday. The White House's press briefings say cybersecurity will be discussed, but do not mention the military secrets thefts. Instead, the briefings make it sound as if the only issue is stealing the newest consumer products. They do not mention what Obama will say in response.
With this information gap in the news, it's inevitable that in San Francisco, where the best and brightest techies board chartered buses to commute to the Valley, there is gossip about big data, big government, spying and counter-espionage. Silicon Valley has long been home to companies that have done clandestine work for Washington's intelligence agencies, so the rumors about what's being done to stop Chinese spying are more than intriguing—they're worth investigating.
The most eyebrow-raising talk concerns Google and its newest innovation, the Glass project. These stylish eyeglasses are a new voice-activated computing platform that replaces typing and can do almost everything that smart phones now do. A small rectangular box sits atop one lens and contains next-generation processors, as well as a video and still camera and microphone. The screen is in the corner of one eye. Sound vibrates through the glass frame, not ear buds.
The gossip about Glass goes far beyond the significant list of privacy concerns that arise because anything within eyesight or earshot can seen, heard, recorded and uploaded for data mining. According to one beta-tester with a military-intelligence background, Glass’ 1,500 or so testers are unknowing eyes and ears of a bold anti-espionage strategy. He claimed that an army of Glass-wearing geeks in the Bay Area's high-tech nooks and crannies was allowing U.S. spy agencies to find and follow Chinese agents in real time.
That assertion is built on other premises that were explained. Google and the government have ties that neither want to disclose, such as spy agency access to all of Google’s data. Glass’ facial recognition capacities may not be ready for public use just yet—just as Facebook got beat up when it announced a similar feature last year. But they are there and have prompted Congress' bipartisan Privacy Caucus to voice concerns about Glass.
“There’s an extraordinary amount of meta data associated with each of those images that you don’t think about, because you think I’m just taking a picture of my friends in a bar,” said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center, which has criticized Glass for possible creepy uses, from stalkers following women to cops identifying protesters. “That’s why the government is so interested in it. They want access to that data.”
Rotenberg had not heard about Glass’ possible use for tracing high-tech spies. But EPIC has gone further than any other public-interest group in tracing Google’s relationship to the National Security Agency, the nation's largest spy agancy. It sued under the federal Freedom of Information Act to obtain copies of security cooperation agreements that Google made with the NSA after the Chinse hack of FBI records. That lawsuit was shut down by a federal judge last year.
“Everyone is writing about this as if it is a ‘Dear Beth’ column: what do I do if my date is wearing Google Glass?” he said. “That’s kind of an interesting dilemma. But I think that misses the larger question of what do we do when the world’s largest Internet hub and user team is collecting the images and sounds that people obtain in physical space?”
Is Google Glass spyware?
The questions about the Chinese hacks and Google's role in combatting cyber intrusions arise because of the way that electronic information is created and stored in 2013—literally in computer-filled warehouses where every transaction never goes away.
AlterNet investigated what was known about the Chinese hacking, as well as the assertion about Glass’ use for domestic spying and Google's ties to the NSA. Google, as expected, would not comment. AlterNet found a far more nuanced and disturbing story than the sexy claim that Glass was a new set of eyes and ears for Washington spymasters.
Staring wit Google, there’s no doubt that it is the latest in a long line of tech giants partnering with the government at the highest levels of national security. There’s also no doubt that the NSA and CIA has recently expanded operations and contacts in Silicon Valley. Moreover, there’s no shortage of retired cold warriors working at tech firms.
But the claim about using Glass for tracing Chinese spies seems to be grounded in tactics from spying on the Soviets a generation ago, where there was a greater dependence on agents on the ground, according to another former spy now on the computer faculty at Stanford University. That’s because the Chinese thefts—of those that are known—were via back-end electronic hacks.
“Glass looks sexy, but that’s not where I would start,” said the professor who did not want his name used. “I would start at the backend as if I’m plugged into those servers."
Two decades ago, federal police and intelligence agencies asked Silicon Valley to build trap doors that they could access in any new electronic device and the industry complied. After the 2001 attacks by al-Qaeda, telecom firms gave the National Security Agency access to key nodes so it could capture all Internet traffic. The Bush administration's installation of those taps on AT&T's network became known as the 'warrantless wiretap' scandal.
"Think about this," the Stanford professor said. "In 2001, if you had the entire Internet data stream, from the master piering points, you had all the data. Now, if you add Google’s queries and Google’s data stream, you have all the data—regardless of device. I would first ask the question of what is the interconnection, and is there one, between Google and NSA?”
That is what EPIC’s lawsuit against the NSA tried to find out. After the Chinese hack of the FBI searches, Google allowed the NSA to access its data under secret agreements. The former NSA director, Michael McConnell, wrote in the Washington Post in February 2010 that a collaboration between NSA and Google was “inevitable.” Another Post report said the NSA-Google collaboration would “allow the two organizations to share critical information.”
It's not surprising that veterans from the 'black world' of spying on the Soviets would see a see technology like Glass as a tool they wish they had in their day in the field. But what the Chinese did to US military contractors is of an entirely different magnitude. It did not come from sneaking into Silicon Valley developer meetings with hidden recording devices, the Stanford professor said.
“The biggest thing that people haven’t smacked their heads about was what the Chinese did four years ago," he said. "They hacked RSA, which had all the backdoors to all the defense contractors. And they stole the weapons system data for trillions of dollars worth of stuff… I mean, literally, they can shut down the engines of our newest fighter in the middle of the air, plus reverse-engineer anything.”
Since then, he said the US military and its contactors have been reprogramming everything as fast as possible.
Big Data, Big Government and The Valley
It's anybody's guess what Obama will say to the Chinese president when they meet later this week, But, if history is a guide, the US will keep developing new technology that will be used by the military and intelligence agencies—hoping to outpace the Chinese.
There is a gray zone in Silicon Valley where technology companies and the secret arms of the government and military blur. Until the Vietnam War, much of the Engineering Department budget at Stanford came from the Pentagon. After anti-war protests, money for military and intelligence projects was channeled through private industry, usually via people who worked on Cold War spycraft.
Today, the public-private partnerships fall into a few categories. First are companies whose technology is developed for commercial use but is quickly appropriated by the government. Palantir is a start-up whose big data analyses are now used by law enforcement and the Pentagon. Then there are firms working directly for the government, such as National Semiconductor building a NSA data center in Virginia to crack Soviet cryptography in thr 1970s, or AT&T putting electronic taps for the NSA on its network after 9/11.
And then there are companies that are hired by spy agencies for analytical work or even to spy on Americans, just so intelligence agencies can tell Congress that they are not spying on citizens.
“In the ‘60s and ‘70s, when Congress would talk to the CIA and ask, ‘Are you spying on Americans?’ that they would swear to God that they were not spying on Americans,” the Stanford professor said. “What they never asked and the CIA never volunteered was, ‘No, we outsourced that to the British who were spying on the Americans. And we just got the data. So if you don’t ask the right question, you don’t get the right answer.”
Where Google fits into the spy-versus-spy world of espionage today is not entirely clear. But several things are known. The NSA has installed electronic interceptors on Google’s backend, as the Washington Post reported. What data it can use, and how it can use it—the subject of EPIC's lawsuit—will not be revealed. As important, Google is known for building its own servers, computers, data warehouses and doing that in the US, unlike many high-tech companies.
The NSA is now building its biggest data complex ever in Bluffdale, Utah. The project is the realization of the “total information awareness" program that was proposed by the Bush administration after 9/11—and supposedly killed by Congress at that time. But, like the NSA’s AT&T wiretaps, it hasn’t gone away. The agency came to Silicon Valley in 2006 seeking advice on how to build that data center. That wasn’t the first time the NSA did that.
“If you had to design a perfect data center to mine all this information, whose would you want to look like?” the ex-intelligence officer turned Stanford scientist asked, implying the answer was Google. “And if you were designing the ultimate surveillance activity, what would tap into?” There, however, he implied that the answer was not a front-end device like Glass, but looking where all the data streams converge. “My point is that the Glass datastream is just one of many datastreams.”
Perhaps the right question is not, 'Is Google Glass new frontline spyware in the battle against Chinese hackers?' There’s no doubt it could be useful for real-time surveillance, compared to stationary cameras or even domestic drones. But China's theft of military secrets occured in cyberspace's backend data vaults—not via cameras and microphones in plain sight.
The more pressing question concerning Obama's meeting with China's new president is what can he say to the Chinese—who have stolen thousands upon thousands of hours of work by America's top scientists and engineers? And what leverage does the US have in curtailing the spread of that military technology?