I just got a very interesting letter from the Central Intelligence Agency.

It came in response to a FOIA request I put in regarding a decade-old business transaction between the CIA and Google. Not only did the CIA deny my request, but it refused to admit or not admit that records pertaining to this transaction even existed — all in the name of national security.

Let me explain…

As Pando readers might recall, I'm currently writing a book on "Surveillance Valley" -- how tech giants are building the biggest private surveillance network the world has ever known. In the course of investigating the book, I've been digging deeper into Google's relationship with US military industrial complex.

I'm trying to pinpoint as best I can the moment when Google began transitioning from being a consumer-oriented Internet search company into the hybrid military-intelligence contractor that it is today.

One of the first big milestones in this transformation took place in November 2004 when Google acquired a tiny and little-known 3-D mapping startup called Keyhole Inc. Google paid an undisclosed sum for the company, immediately absorbed it, and began turning its tech into what we now know as Google Earth. The acquisition would have gone unnoticed, had it not been for one not-so-tiny detail: Keyhole Inc was part-owned by the CIA and the "National Geospatial-Intelligence Agency" (NGA), a sister agency to the NSA. Keyhole Inc also had one major client base: US military and intelligence agencies.

In-Q-Tel, a venture capital fund run by the CIA on behalf of the military and intelligence community, made a “strategic investment” in Keyhole in February 2003, a month before the US launched Operation Iraqi Freedom.

In a press release announcing the investment a few months later, In-Q-Tel discussed Keyhole’s close collaboration with military and intelligence partners and explained that Keyhole technology was already being successfully deployed by active military forces in Iraq.

Immediately demonstrating the value of Keyhole's technology to the national security community, NIMA used the technology to support United States troops in Iraq. "Within two weeks of In-Q-Tel's engagement with Keyhole, we implemented the technology to support our mission within the Pentagon," said Rob Zitz, Director of NIMA's InnoVision directorate. [NIMA is now known as NGA, the NSA's sister agency. —YL] “Introducing technologies like Keyhole is part of NIMA's effort to transform the intelligence business, and the way we serve our customers.”

This kind of active public boasting pretty much stopped after Google bought Keyhole. But, post-acquisition, the search giant continued selling Keyhole's underlying tech to the Pentagon and assorted US intelligence services.

For instance: In 2010, Google clinched a no-bid contract to supply the NGA with “geospatial visualization services.” The NGA argued that it couldn’t open up the contract to competitors like Microsoft because it had no choice: The US government had invested so much effort and resources into Google’s mapping and geospatial technology, tailoring it to its specific needs, that the Pentagon and Intelligence Community could at this point only use Google products.

This was just one of many such deals. As I’ve reported before, Google has been aggressively expanding in the lucrative military contacting market to the point where it has sold advanced military grade data products to just about every major military and intelligence agency in America. It has clinched a near monopoly on government battlefield mapping tech, outfitted the CIA and NSA with advanced search capabilities, co-invested in spy satellites and battlefield robots with the Pentagon, partnered with traditional military contractors like Lockheed Martin, and has increasingly filled its executive ranks with top Pentagon officials from the U.S. Army, Air Force Intelligence, and the CIA.

And it all started with their acquisition of CIA-backed Keyhole.

There's just one problem: Apart from a few basic details, the public knows very little about Google's purchase of Keyhole Inc.

Don't Be Evil

The most obvious question is: What prompted the acquisition? Did Google buy Keyhole -- and take on all its military contracts and NatSec liabilities -- because it badly needed its 3D mapping technology? Or did Google see the acquisition as a convenient way of getting into the military contracting business? Was there any internal discussion in the company about the benefits and pitfalls of absorbing a startup so closely tied with the CIA and the Pentagon?

Then there’s the CIA’s perspective: Given Keyhole's close collaboration with active military and intelligence operations, how did the CIA approach the deal? Why Google? Did the Agency have any concerns? Did it impose conditions on Google? Did it require Google to honor Keyhole's previous intel commitments as part of the deal? If so, what were these commitments?

In other words: What deal did Google -- now the biggest private surveillance operation on planet earth -- make with the CIA and the NSA, which run the largest government surveillance operations?

Fortunately, we have a process explicitly designed to allow the public to find out what the government is up to behind closed doors: A Freedom of Information Act request, or FOIA.

And so, back in May, I submitted a FOIA request to the CIA, asking for:

1) “… a copy of all correspondence (emails, letters, related documents and attachments) relating to Keyhole Inc. This part of the request should include all correspondence between the CIA and representatives of Keyhole Inc (e.g. John Hanke). Date range: from 1/1/2000 through 12/31/2006.”



2) “… a copy of all correspondence (emails, letters, related documents and attachments) referring to or discussing Google’s purchase of Keyhole Inc. This part of the request should include all correspondence between the CIA and representatives of Google regarding Keyhole, including Keyhole software and services. Date range: 1/1/2003 through 12/31/2014.”

The CIA got back to me surprisingly quickly. But instead of sending me a stack of highly redacted documents, the Agency sent me a skimpy two page response straight out of a Tom Clancy novel: it "could not confirm or deny” the existence of these records. That is, the mere existence nor non-existence of any documents relating to the Agency’s involvement in the sale of Keyhole to Google is itself a secret, and cannot be divulged to the public for reasons of national security.

Here’s the meat of the denial:

In accordance with section 3.6(a) of Executive Order 13526, the CIA can neither confirm nor deny the existence or nonexistence of records responsive to your request. The fact of the existence or nonexistence of requested records is currently and properly classified and is intelligence sources and methods information that is protected from disclosure by section 6 of the CIA Act of 1949, as amended, and section 102A(i)(l) of the National Security Act of 1947, as amended. Therefore, your request is denied pursuant to FOIA exemptions (b)(1) and (b)(3).

The CIA information officer was kind enough to include definitions of the relevant FOIA exemptions. They stated that…

(b)(1) exempts from disclosure information currently and properly classified, pursuant to an Executive Order… (b)(3) exempts from disclosure information that another federal statute protects, provided that the other federal statute either requires that the matters be withheld, or establishes particular criteria for withholding or refers to particular types of matters to be withheld. The (b)(3) statutes upon which the CIA relies include, but are not limited to, the CIA Act of 1949…

The letter did not explain why these two in particular — (b)(1) and (b)(3) — were relevant to the decision to withhold the requested information.

Luckily, the Reporters Committee for Freedom of the Press (RCFP) gives a rundown of the meaning and intended use of these exemptions in a handy guide. It explains that (b)(1) can be used to restrict access to the documents only if “the unauthorized disclosure of the information reasonably could be expected to result in damage to the national security.” Some of the information that currently falls under this provision includes: military plans and weapons systems; intelligence activities and methods; technology that impacts national security; and vulnerabilities and capabilities of systems relating to national security.

Put simply: (b)(1) exempts active military and intelligence operations, or information that can affect these operations.

The second exemption (b)(3) is equally broad. RCFP explains that it allows the CIA to deny record requests that are exempted from disclosure by laws that are beyond FOIA. In this case, the CIA wrote to me that there are at least two -- and possibly more -- statues that exempt the documents from disclosure. One of them is the CIA Act of 1949 — which basically gave the Agency the power to act in ultimate secrecy and exempted it from just about every normal government requirement. In essence, the CIA’s (b)(3) is what's known as a GLOMAR response, named after the agency's refusal, in the mid-1970s, to confirm or deny the existence of a secret boat called the Glomar Explorer built to retrieve a sunken Soviet nuclear submarine.

So why is the CIA invoking state secrets and national security arguments when asked to divulge a decade-old conversation regarding Google’s acquisition of a small CIA investment? What is it about Keyhole and Google’s relationship with the CIA that is so sensitive and so vital to the military objectives of the United States that the mere admission of existence of these records poses a grave threat to national security?

For now those questions remain unanswered, but hopefully not for long. I've filed an appeal to the FOIA denial and will update this story when I hear the result.

The irony, of course, is that Google has always boasted about standing up to the national security state. After Edward Snowden, it funded privacy think tanks, backed anti-NSA protests, made a big show of opposing secret wiretaps, fought secret court orders, and has done everything it can convince the public that it really really cares about privacy and cyber-democracy and is on our side in the fight against today's creeping military-surveillance society.

As recently as last month, the search giant insisted that it had fought the Department of Justice to allow Google to warn Wikileaks activist Jacob Appelbaum of government attempts to access his Gmail records, for which Appelbaum and other privacy activists, including the ACLU's Christopher Soghoian, lavished heavy praise on Google...

I feel like I should send flowers to Google's legal team. They must have spent hundreds of thousands of dollars on this case alone. — Jacob Appelbaum (@ioerror) June 19, 2015

Sad irony: Twitter never went to court to unseal Wikileaks order. Worldwide praise. Google fought in court, spent big bucks, no one knows. — Christopher Soghoian (@csoghoian) June 22, 2015

Which prompted Wikileaks to point out that, when it comes to sharing data with the government, Google is in fact way worse than Twitter...

@csoghoian Google handed over more data, because its business model is based on collecting that data and mining it. — WikiLeaks (@wikileaks) June 23, 2015

For all of Google's posturing as the scourge of governement surveillance, the CIA’s blanket GLOMAR denial of my Freedom of Information Act request speaks very loudly to a different side of Google’s relationship with US military intelligence agencies. A relationship that the CIA wants us to believe that, should it become public, could seriously harm national security and put all of our lives at risk.