Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts
from the hidden-costs-of-hidden-backdoors dept
As early as June last year, Techdirt noted that beyond the political fallout of NSA spying, there is a considerable risk that there will be serious economic consequences too. That's because other countries are now aware that one way the NSA has been obtaining sensitive information is through US computer products that have secret backdoors added in some way. In that post, we mentioned that Sweden had banned the country's public bodies from using Google Apps; it looks like Germany is going even further, as reported here in the international edition of the German newspaper Süddeutsche Zeitung:
Germany's black-red "grand coalition" government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them -- nor can they be coerced -- to pass on confidential data to foreign secret services or security authorities.
It's not yet clear how that new policy will work in practice. The article goes on to point out that one particular company, Computer Sciences Corporation (CSC), known to work for the US secret services, has been receiving plenty of lucrative German government contracts, including testing the German Federal Criminal Police Office's "state Trojan", which we wrote about in 2012, and working with the German Ministry of Justice and Ministry of the Interior. Even if the effects of the new policy are hard to see so far, it's indicative of how the German government is starting to think about and react to the spying revelations. And as further details of NSA subversion of US computer equipment emerge, other governments around the world may well start to do the same.
The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with "strategic partners," as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.
But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent "the flow of data worth protecting to foreign security authorities."
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: contractors, germany, nsa, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
These big companies regularly bribelobby with huge sums of money for campaign donations. A few words in the right ears might see some changes made.
Maybe such a corrupt system can work for good, for once.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
http://www.networkworld.com/community/blog/german-government-claims-windows-8-has-backdoor -big-enough-drive-bus-through-sideways
I actually think all governments should be banning proprietary software for their own institutions. They should be working only with fully auditable open source software, and instead of using taxpayer public money to enrich private American corporations, they should be using them to fund open source projects that everyone will benefit from for decades.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
regardless, this regulation will mean nothing, because the IT contracts that are awarded now are all a botched and unusable mess to the point were the NSA wouldn't even have to crack security measures, just take one of the ten thousand loopholes per application.
I have seen some of those IT projects, Microsoft and adobe together can't create as many problems, bugs and issues together than any single IT project over here has.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Instructions to strategic partners
Given the NSA's brief they will instruct their (reluctant) strategic partners to lie. It will not hurt the tax revenues of the US government, the big companies don't pay tax anyway. and if the foreign contracts of US companies dry up, the NSA will look for new strategic partners, the might team with the CIA and place "Agents of Influence" in foreign IT companies, they might break in and place taps in data-centers. It only means the NSA will need an increased budget to keep the insane flow of information coming in at the current insane rate.
Bet you they get the budget increase they "Need".
[ link to this | view in chronology ]
Re: Re: Instructions to strategic partners
Call it a political move rather than one with any real teeth.
[ link to this | view in chronology ]
Re: Re: Re: Instructions to strategic partners
If that's what they think, then they're making a really bad miscalculation. This will be widely and closely watched.
[ link to this | view in chronology ]
Funny
[ link to this | view in chronology ]
I hope the US companies take a look at Germany's record with energy policy.
They're making some progress towards it.
Now, they're targeting NSA-'compliant' companies. They'll be selling their own routing equipment soon... Heh.
[ link to this | view in chronology ]
Re: I hope the US companies take a look at Germany's record with energy policy.
This mess is insanely expensive, does not what it is supposed to do and seriously endangers the stability of power grid.
It is a all around botched job out of ideological motives with no scientific and engineering competence to make it work. Worse even, a stable power grid just with renewable energy is plain impossible (no storage mechanism for excess power is available at all on the level necessary and won't be for a very long time, if ever).
And that is only par for the course when it comes to large projects. They are reliable to fuck up every even moderately large project and the only reason small projects may work is initiative (and breaking of contracts, ignoring conditions and so on) of very few to just get things done.
If any of our politicians are anouncing a program to "fix" things, you can be certain that at best nothing will change but usually they manage to make things much worse.
[ link to this | view in chronology ]
Re: Re: I hope the US companies take a look at Germany's record with energy policy.
[ link to this | view in chronology ]
The information at risk has a value, and a real risk if used against those it belongs to.
The NSA and counterpoints will not stop seeking this information, this will drive concern on the vulnerability of the information. And no end of secret NSA briefings to it's "Political Masters" will dispel growing doubts.
[ link to this | view in chronology ]
In 3 days its election time here.
[ link to this | view in chronology ]
Following China
[ link to this | view in chronology ]
Reflections on Trusting Trust
Back doors are possible. They can be very difficult to detect. Spies love them, and intelligence agencies will pay well for them, no matter what laws we pass. So once we're done posturing, maybe we should give some more thought to the problem of doing secure computation on machines we can never entirely trust.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Am I crazy, or...?
It would seem to me that would include banks, any technology service company, any company...?
[ link to this | view in chronology ]
Re: Am I crazy, or...?
I tell you to hand over all data on all your customers, and you can't tell anyone? This is obviously something out of a fascist regimes repertoire.
[ link to this | view in chronology ]
They're hot under the collar that they're not being treated as equal to the UK and they also have a desire to put one over on France. They wanna join the cool gang.
[ link to this | view in chronology ]
Now eating our own
The intelligence agencies will have no problem at all ordering companies to lie in the contracts and, once leakage is discovered, leaving them to take the contract penalties without support.
The U.S. intelligence agencies will now begin destroying companies in their zeal to pursue surveillance.
[ link to this | view in chronology ]
Given that sort of activity, no equipment manufactured in the USA can be considered safe. In fact, even equipment that was merely shipped through the United States should be considered suspect until proven otherwise.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
At least with laws against it, you know the company can not compelled by the government to participate. It may well be some secret agency pulls an NSA and intercepts it for planting bugs, but at least you know it's not (forced) malfeasance on the part of the supplier.
[ link to this | view in chronology ]