The disclosures about the National Security Agency’s (NSA) massive global surveillance by Edward Snowden, the former information-technology contractor who’s now wanted by the US Government for treason, is hitting the US high-tech industry hard as it tries to explain its involvement in the NSA data-collection program.
Late last week, a gaggle of 22 large US high-tech firms – including Apple, Facebook, Google, Microsoft and Yahoo, which have all acknowledged they participate in NSA data-gathering efforts in some form, if not exactly as Snowden and some press reports have described it – begged to be freed from the secrecy about it in their pleading, public letter to President Obama, NSA director Keith Alexander and a dozen members of Congress.
The 18 July letter from the US’s high-tech powerhouses, which was also signed by almost three dozen non-profit and trade organisations as well as six venture capital firms, begged for “greater transparency around national security-related requests by the US Government to internet, telephone and web-based service providers” in terms of how much information the Government demands on high-tech customers and subscriber accounts and how.
The letter pleaded for the US Government to make the amount of requests the Government makes related to national security for individual customer information public.
“This information about how and how often the Government is using these legal authorities is important to the American people, who are entitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications,” the letter to President Obama, Congress, the NSA director and Director of National Intelligence, stated.
The revelations last month from Snowden about the NSA’s extensive involvement in US high-tech firms for purposes of information collection has suddenly put the US high-tech industry on the defensive, as they struggle to offer an explanation about all this to their global users while still bound by secrecy under the US Patriot Act. There’s no indication yet from the White House or others in government that any change in the NSA spying program, which relies on the participation of US-based firms, will change.
“This should be debated in a public setting,” said John Dickson, principal at security firm Denim Group and a former US Air Force officer, about the situation in which NSA’s global surveillance is tied so clearly to US-based companies. He noted the US Government has actually said little but the media much.
This is all putting tremendous pressure on the US high-tech industry, especially in Europe where privacy questions may be making US industry seem less competitive. This week Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs at Microsoft, issued a public statement that sought to clarify Microsoft’s participation in the US Government’s content gathering methods.
“Recent leaked documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the internet,” Microsoft counsel Smith wrote. “To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.”
Microsoft’s SkyDrive and Skype are handled somewhat similarly in terms of government requests, Smith said. As far as enterprise and document storage for business customers, “We take steps to redirect the Government to the customer directly, and we notify the customer unless we are legally prohibited from doing so,” Smith stated in his 16 July post. “We have never provided any government with customer data from any of our business or government customers for national security purposes.”
Smith added Microsoft got four requests related to law enforcement in 2012. “We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the Government with the encryption keys.”
In the meantime, it’s safe to assume in this NSA leaks debacle that “the bad guys have switched tactics” and probably wouldn’t use US-based high-tech services, Dickson pointed out. And in this atmosphere of rising cyber-nationalism, the possible role of China’s Government and its own high-tech industry has to be asked, too, he noted.
Hayden said he believes that China-based network vendor Huawei conducted clandestine activities and shared with the Chinese state “intimate and sensitive knowledge of the foreign telecommunications systems it is involved with”. According to the published report, Hayden said Huawei is a significant security threat to Australia and the US, has spied for the Chinese Government, and intelligence agencies have evidence of this.
A Huawei spokesman, John Suffolk, Huawei’s global cyber security officer, was then quoted by the Australian publication, calling Hayden’s remarks “unsubstantiated and defamatory” and that any critics of the company should present any evidence publicly.
In an opinion piece on CNN.com, Hayden railed openly against Edward Snowden as a national security threat, saying he “fled to China with several computers’ worth of data from NSANET, one of the most highly classified and sensitive networks in American intelligence”.
Hayden acknowledged that one aspect of the fallout from Snowden’s leaks is that “the undeniable economic punishment that will be inflicted on American businesses for simply complying with American law”.
Hayden’s remarks on CNN also seem to sarcastically criticise the Europeans now complaining about the NSA activities and how they may violate European data-privacy laws. “Others, most notably in Europe, will rend their garments in faux shock and outrage that these firms have done this, all the while ignoring that these very same companies, along with their European counterparts, behave the same way when confronted with the lawful demands of the European states.”
Hayden continued: “The real purpose of those complaints is competitive economic advantage, putting added burdens on or even disqualifying American firms [from] competing in Europe for the big data and cloud services that are at the cutting edge of the global IT industry.”
As if all this weren’t enough, former President Jimmy Carter also spoke out yesterday on NSA global surveillance, suggesting the NSA data collection practices were harming democracy. Former President Carter also said Edward Snowden’s revelations didn’t really harm national security and and was actually “beneficial” because “they inform the public”.
by Ellen Messmer, Networkworld