Story highlights

Federal appeals court affirms protection of communications between Google and NSA

NSA said disclosure would threaten government information systems

Cyberattack is serious threat says former chairman of Joint Chiefs of Staff

Washington CNN  — 

U.S. authorities are not required to release any internal National Security Agency communications it had with Internet giant Google Inc. after a 2010 cyber attack in China, a federal appeals court ruled Friday.

At issue was a Freedom of Information Act request from a private group over the suspected collaborative relationship between the public and private entities. The NSA said disclosure of any communications – even with outside companies – would threaten government information systems.

The agency had given the Electronic Privacy Information Center a so-called “Glomar” response, in which the government refuses to confirm or deny the existence of any requested records. EPIC, a privacy and civil liberties group, made the FOIA submission weeks after the January 2010 cyberattack on Gmail accounts, primarily targeting Chinese human rights activists.

Google quickly changed its server encryption protocols following the digital attacks, and a top company official publicly stated its engineers were “also working with the relevant U.S. authorities.”

A federal judge eventually sided with the NSA and Google, and the three-judge federal panel has now affirmed.

“The existence of a relationship or communications between the NSA and any private company certainly constitutes an ‘activity’ of the agency subject to protection” from public disclosure, said Judge Janice Rogers Brown. “Moreover, if private entities knew that any of their attempts to reach out to NSA could be made public through a FOIA request, they might hesitate or decline to contact the agency, thereby hindering its Information Assurance mission.”

Brown was backed by Judges Brett Kavanaugh and Douglas Ginsburg, all named to the bench by Republican presidents. The court noted past precedent giving the government leeway in deciding which information it wishes to share with the public.

“In reviewing an agency’s Glomar response, this court exercises caution when the information requested implicates national security, a uniquely executive purview,” said Brown. “NSA need not make a specific showing of potential harm to national security in order to justify withholding information.”

The Glomar precedent refers to a 1970s incident, where the CIA refused to discuss a ship under its control, allegedly used to secretly salvage a Soviet submarine which had sunk.

EPIC now has the option of asking the Supreme Court to hear its free-speech appeal. The group says despite Friday’s legal setback, it has several other similar, pending lawsuits against the agency.

Lawyers from EPIC had argued the collaboration between Google and the federal agency – which conducts global electronic surveillance – was widely reported in the national media. The private group said the agency thus had a responsibility to locate records that could be disclosed.”

The military’s top officer warned last year of the “substantial” and complex threat to the U.S. from foreign cyberattack.

“We’ve got to come to a place where those threats are diminished, if not eliminated,” then-Joint Chiefs Chairman Adm. Mike Mullen said in January 2011. “I would never go in, certainly in any area of warfare, into details on threats except to say they are substantial. We are focused on them.”

Mullen, who retired last fall, said that cyberspace is a lawless terrain. “The threat from China is significant,” Mullen said. “There are other threats out there that we see routinely. … It is an enormously complex and critical area that all of us need to understand a lot better and do a lot more about.”

The case is EPIC v. NSA (11-5233).