Step 1: Get a list of NSA employees, including contractors like Booz Allen. This information isn’t classified, and should be easy for anyone with Google-scale resources.
Step 2: Pick out people in mission-critical roles, like sysadmins, programmers, cybersecurity, etc. Also pick anyone very capable or high-ranking.
Step 3: Look up their addresses online.
Step 4: Mail them all job offers. No interviews, no brain teasers, just a ready-to-sign employment contract.
Step 5: When they join, have them secure Google’s systems against NSA (and other) attacks. After all, they’re the experts.
Step 6: Sit back. Watch the fireworks.
This is completely legal, and the NSA can’t really do much about it.
Spy on Google? They already do that.
Hire new people? Few good programmers will take the NSA’s starting salary of $42,000.
More contractors? Snowden illustrated the problems with this. In fact, the NSA will have to greatly tighten security clearance requirements.
Get more money? Google already spends more every quarter than the NSA’s entire annual budget. Today’s Congress isn’t going to pass big new appropriations bills.
Business people are subject to so many laws that most U.S. business executives have probably committed crimes for which they could go to prison. Without even having to plant false evidence, the NSA could probably find something that would destroy the life of any given top Google executive. The fireworks could easily be Larry Page going to prison.
OK, so you try to arrest Larry Page on some made-up charge ala Joseph Nacchio. What happens next?
– Larry Page doesn’t actually go to prison for quite a while. Federal cases take forever to build. Nacchio was only indicted over four years after he rebuffed the NSA. Then you wait for the trial. Then it gets sent to the appellate court. Then it probably gets sent to the Supreme Court. Then you hope they don’t strike you down. The case against Exxon for the Valdez oil spill was only settled *twenty years* after the spill happened. Meanwhile, Google keeps going on as it has been.
– Whichever party is in power becomes massively, *massively* unpopular overnight. The Aaron Swartz case was national news, even though Swartz was someone with no money, no power and a one-page Wikipedia article. GMail alone has half a billion active users, over 10% of the world’s adult population. Think about how many voters that is. Think about all the other companies that will inevitably side with Google.
– Page has infinite money, a large portion of which suddenly goes into lobbying. Google is now pushing very hard, not only for Larry, but for *everything* Google wants (including things like defunding the NSA). Page’s personal wealth, never mind Google’s corporate assets, could easily fund the campaign of every congressman, senator and presidential candidate for several election cycles.
– The government has no leg to stand on. When the DoJ went after Bill Gates, a lot of people applauded it because, yeah, he was kind of a jerk. The government wants you to support arresting Page because of his fiendish plan to… hire good programmers? Good programmers with skills he obviously needs, after the extensive evidence showing the NSA hacking into Google’s servers? Even if they genuinely believe the NSA are good guys protecting us from terrorism, is Congress going to support that? Are all the congressional aides and agency heads and other people whose support you need?
– You can’t just automatically “destroy someone’s life”, even with a big hunt to dig up dirt on them. Barack Obama had a team of hundreds of well-paid professionals doing their damndest to find anything even slightly questionable about him, and in the end it didn’t matter much. Obama was a *Chicago politician*. Page was… a grad student in computer science.
– If Google wants to play dirty – which shouldn’t even be necessary – they have plenty of information of their own. Who has everyone’s emails? Everyone’s search history? Calendars? Phones? Videos? Documents? Voicemail? Browser data? Purchasing habits? Even without Google doing anything, it’s likely the Wikileaks “insurance” files, full Snowden files, etc. etc. will all get published. Oops.
The government’s attack on Megaupload – pretty obviously a pirate site, with no friends of importance, and one tenth of one percent Google’s size – and courts keep ruling against them (eg. http://www.3news.co.nz/Govt-appeals-illegal-Dotcom-warrant-ruling/tabid/423/articleID/323129/Default.aspx#.UpabccTXSHs). The case has degenerated into an embarrassing mess.
Bottom line, the government loses much and gains nothing.
What the NSA *can* do is serve Google with secret FISA court orders saying “Give us your data and don’t tell anyone, or you’re going to jail.”
Sure, but they already do that, it wouldn’t change anything.
“Step 5: When they join, have them secure Google’s systems against NSA (and other) attacks. After all, they’re the experts.”
It’s most likely that Google’s systems are secure already. That’s not the problem.
There was a pretty good rundown on how PRISM is likely to work in Steve Gibson’s “Security Now” podcast (transcript here : https://www.grc.com/sn/sn-408.htm ).
The hypothesis proposed there is that data going to and from Google (and others) is being intercepted and stored at the ISP level (even Google has ISPs). There’s nothing really Google can do about it, short of unplugging themselves from the internet.
I’m afraid the answer here is not technical but political. Google can’t stop the NSA. US Voters can.
If traffic is properly encrypted, even the NSA can’t read it. The NSA was tapping into unencrypted private cables between Google’s data centers; now that this is known Google has started encrypting those too.
This seems like an awful idea.
First, recruiting some random (and probably low-level) NSA engineers who are no doubt under the world’s most stringent gag-orders doesn’t seem to add anything to Google’s knowledge base. They already know where the NSA is tapping them; any more operational, practical knowledge they could possibly glean from low-level NSA people would probably be both trivial and highly illegal to divulge *and* to use.
Second, you say “This is completely legal, and the NSA can’t really do much about it.” How do you know? The legality of this is quite untested, and the assertion that the NSA, or government, couldn’t respond in ways that would hurt Google (and Google’s employees) is clearly false. You’re mad because the NSA has been throwing its weight around and engaging in illegal wiretapping (among other things). Why assume the NSA would break character and stick to legal *and* civil responses if Google tried to basically declare war?
Third, one of the biggest things Google has going for it here is it’s in a very sympathetic position. It’s easy to see who the good guy is, and who the bad guy is. Fighting fire with fire by engaging in a poaching cold war with a government agency would destroy this advantage.
In short, if Google tried to pull a stunt like this, it would invite an irreparably damaging response, cede the moral high ground, and gain nothing.
To be a bit balanced about this, the NSA have been caught with their proverbial fingers in the cookie jar here (though they might claim that they’re only doing it to save us from the few rogue cookies that are out to harm us all), but really they’re not the ones we should worry most about.
When I tried opening a secure FTP port on my home server a few weeks ago I found that within hours, I was getting strangers trying to log in from foreign IP addresses. Thereafter i was getting dozens of hacking attempts per day till I locked it down. When I checked the IP addresses, they were nearly all from China (including Chinese government offices!), a couple from Russia, one 1 from Iran (bless their cotton socks). NSA not there at all.
Arguably the NSA have other methods, but at least they didn’t have the cheek to try and hack my own computer.