A federal appeals court in Washington today said any communication about cybersecurity and encryption between Google Inc. and the National Security Agency can remain secret.
The U.S. Court of Appeals for the D.C. Circuit upheld the dismissal of a public records suit that an advocate for online privacy rights, the Electronic Privacy Information Center, filed in Washington's federal trial court. EPIC was exploring any partnership between Google and the NSA following a cyber attack against Google in 2010.
Writing for a unanimous three-judge panel, Judge Janice Rogers Brown rejected the argument that any partnership between Google and the NSA should be officially disclosed through a records request because the company and the agency's connection was earlier revealed in news articles.
“The fact that limited information regarding a clandestine activity has been released does not mean that all such information must be released,” said Brown, on the appellate panel with Judge Brett Kavanaugh and Senior Judge Douglas Ginsburg.
The appeals court said the NSA has never officially acknowledged a collaboration with Google and “the national media are not capable of waiving NSA’s statutory authority to protect information related to its functions and activities.”
The Justice Department’s Catherine Hancock, representing the NSA in the D.C. Circuit, argued disclosing any communication between Google and the spy agency would reveal a protected function or activity of the NSA.
Hancock said the requested records, including all records of any partnership agreement between Google and the NSA, are exempt from public disclosure. The D.C. Circuit agreed. Brown also took a bigger-picture stance.
“[I]f private entities knew that any of their attempts to reach out to NSA could be made public through a FOIA request, they might hesitate or decline to contact the agency, thereby hindering its Information Assurance mission,” Brown wrote.
The D.C. Circuit said any response to EPIC’s records request “might reveal whether NSA did or did not consider a particular cybersecurity incident, or the security settings in particular commercial technologies, to be a potential threat to U.S. Government information systems.”
EPIC executive director Marc Rotenberg, who argued for the privacy group in the D.C. Circuit, argued among other things that unsolicited communication from Google to the NSA is not exempt. Any records the NSA has that pertain only to Google, and not the agency’s mission, should not remain secret, Rotenberg said.
In a statement today, Rotenberg said “the NSA arrangement with Google was widely reported in the national media and even former NSA director Mike McConnell said that such a collaboration was ‘inevitable.’”
Rotenberg said as Congress considers cybersecurity proposals, “the decision in EPIC v. NSA is a powerful reminder of the price that will be paid in government accountability.”
“If the NSA is unwilling to acknowledge its ties with the Internet’s largest firm, even after it is widely reported in the national media, then there is little reason to believe that Congress or the public will have any ability to assess the effectiveness of the agency in this critical area.”