Privacy SOS

Move over, cyberwar: is there an inside threat to US digital networks?

Please note that by playing this clip YouTube and Google will place a long term cookie on your computer.

How secure is "the information technology supply chain" in the US? Congress is worried it might be compromised by "foreign suppliers of information technology", and so added to the 2013 Intelligence Appropriations bill an amendment that will require the Office of the Director of National Intelligence to put together a report on the question:
 
SEC. 502. PROTECTING THE INFORMATION TECHNOLOGY SUPPLY CHAIN OF THE UNITED STATES.
 
(a) Report- Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report that–
(1) identifies foreign suppliers of information technology (including equipment, software, and services) that are linked directly or indirectly to a foreign government, including–
(A) by ties to the military forces of a foreign government;
(B) by ties to the intelligence services of a foreign government; or
(C) by being the beneficiaries of significant low interest or no interest loans, loan forgiveness, or other support by a foreign government;
(2) assesses the vulnerability to malicious activity, including cyber crime or espionage, of the telecommunications networks of the United States due to the presence of technology produced by suppliers identified under paragraph (1).
(b) Form- The report required under subsection (a) shall be submitted in unclassified form, but may include a classified annex.
(c) Telecommunications Networks of the United States Defined- In this section, the term `telecommunications networks of the United States' includes–
(1) telephone systems;
(2) Internet systems;
(3) fiber optic lines, including cable landings;
(4) computer networks; and
(5) smart grid technology under development by the Department of Energy.
 
Why bother with this? The US intelligence community tells us to trust it with our private data, to believe the government when it says that our digital information is protected and that state agents are not abusing their access to it. But this amendment makes it seem as if the government isn't even sure that its own information is protected — and worse, that government agencies are worried about the very companies that process our data. In other words, the government is concerned that it might be paying people "with ties to the intelligence services of a foreign government" to both run the networks for and spy on its communications.
 
If some experts and numerous former intelligence officials are to be believed, the government is right to be worried. 
 
In his best-selling book on the NSA, "The Shadow Factory," James Bamford discusses this problem, touching upon two NSA-linked firms in particular. From a Forward story about the revelations:
Bamford writes that the largest American telecommunications companies cooperated with the NSA in the “warrantless eavesdropping program by allowing the agency to tap its phone lines and fiber-optic cables.” To do so, he writes, the telecom giants resorted to the assistance of at least two high-tech firms, Narus and Verint, founded in Israel and with alleged ties to its intelligence services.
 
Narus and Verint were involved in tapping phone and Internet communications for, respectively, AT&T and Verizon.
 
“AT&T have outsourced the bugging of their entire networks — carrying billions of American communications every day -— to two mysterious companies with very troubling ties to foreign connections,” he writes. “What is especially troubling, but little known, is that both companies have extensive ties to a foreign country, Israel, as well as links to that country’s intelligence service — a service with a long history of aggressive spying against the U.S.”
 
He then describes close ties between the Mossad’s Unit 8200, which he describes as the Israeli equivalent of the NSA, and several other Israeli high-tech companies doing business with the United States and other governments.
According to writer Christopher Ketcham, the US government has for some time been aware of threats stemming from intelligence agencies' relationships with Verint:
Since the late 1990s, federal agents have reported systemic communications security breaches at the Department of Justice, FBI, DEA, the State Department, and the White House. Several of the alleged breaches, these agents say, can be traced to two hi-tech communications companies, Verint Inc. (formerly Comverse Infosys), and Amdocs Ltd., that respectively provide major wiretap and phone billing/record-keeping software contracts for the US government. Together, Verint and Amdocs form part of the backbone of the government's domestic intelligence surveillance technology.
While the amendment to the Intelligence Appropriations bill only asks for a report to figure out whether there is truth to allegations like these, it's a start. Given the federal government's dogged dedication to pursuing leaks, you'd think that these startling allegations would long have been investigated.
 
If the amendment passes, members of Congress will at the very least learn something about the veracity of the shocking claims Bamford and Ketcham make regarding foreign spooks' access to our digital communications. Here's hoping the public gets to learn something, too.
 
Read more: "How Israeli Backdoor Technology Penetrated the US Government's Telecom System and Compromised National Security," by Christopher Ketcham.

© 2021 ACLU of Massachusetts.