Just when we thought these spying shenanigans couldn’t get any worse, well… They just did. A report by Michael Riley in Bloomberg today suggests that the nine technology firms supplying the NSA’s PRISM program with data are in fact just the tip of the iceberg, with the stunning revelation that thousands of technology, manufacturing and finance companies regularly hand over data to US authorities. Even worse, they do so willingly, in return for numerous benefits that includes access to classified intelligence.
According to Riley hundreds of leading Internet and telecommunications firms have agreements with agencies like the CIA, FBI and NSA to provide additional data beyond their own customer’s communications, including equipment specifications and details of software bugs well before they become public. This data isn’t just used to boost national security, but in some cases will also be used in offensive operations against perceived enemies of the state.
Microsoft Assisting American Cyber-Offensive?
Riley cites two unnamed sources who claim that Microsoft regularly provides US intelligence with information about bugs in its software, well before it makes these vulnerabilities known to the public. That might seem fairly innocuous in itself – after all, the government should be able to protect its own computers as soon as possible, but according to Riley officials do far more than that.
His sources claim that US operatives often take advantage of these ‘early alerts’ to infiltrate the computers of foreign governments that use Microsoft software, while for its part, Redmond never asks any questions about how the government uses such tip offs.
Microsoft isn’t the only American company willing to assist government spy chiefs. The security firm McAfee is also though to regularly supply data to US intelligence, although its chief technology officer Michael Fey insisted when questioned that the firm does not “share any type of personal information” about its customers.
Instead, what McAfee provides is “security technology, education and threat intelligence,” which includes data on cyber-attack patterns, emerging threats, and the analysis of software, system vulnerabilities and hacker activity. In return for its cooperation, McAfee executives are said to be “showered with attention and information” from the agencies they assist, which includes classified information on things that could threaten their bottom line.
Government Monitoring of Infrastructure
Another big aspect of the government’s data gathering operation covers the system architecture of hundreds of American telecommunications, internet and power companies. Such companies hand over detailed schematics of their system architecture to intelligence agencies, so that the government can analyze them for possible vulnerabilities and weaknesses.
Given the critical nature of the country’s infrastructure, this practice can be justified, but even then there could be unintended invasions of privacy, warns Riley. He points to the example of an NSA program known as Einstein 3, which was developed to protect US government computers against hackers. As part of its monitoring routines, Einstein 3 closely analyzes billions of emails sent to and from government computers in order to check for malware or other spy tools that could be used to infiltrate their systems.
In the above examples, all of the companies involved are said to hand over their data willingly, with no requests being made from the government. Furthermore, much of the data is located in offshore servers anyway, which means that no legal oversight is required for these companies to do so. Nevertheless, companies that cooperate with US intelligence keep whatever arrangements they have with the government under extremely tight wraps, and in many cases only a handful of executives will be aware that these relationships exist.