Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts

from the hidden-costs-of-hidden-backdoors dept

As early as June last year, Techdirt noted that beyond the political fallout of NSA spying, there is a considerable risk that there will be serious economic consequences too. That's because other countries are now aware that one way the NSA has been obtaining sensitive information is through US computer products that have secret backdoors added in some way. In that post, we mentioned that Sweden had banned the country's public bodies from using Google Apps; it looks like Germany is going even further, as reported here in the international edition of the German newspaper Süddeutsche Zeitung:

Germany's black-red "grand coalition" government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them -- nor can they be coerced -- to pass on confidential data to foreign secret services or security authorities.

The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with "strategic partners," as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.

But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent "the flow of data worth protecting to foreign security authorities."
It's not yet clear how that new policy will work in practice. The article goes on to point out that one particular company, Computer Sciences Corporation (CSC), known to work for the US secret services, has been receiving plenty of lucrative German government contracts, including testing the German Federal Criminal Police Office's "state Trojan", which we wrote about in 2012, and working with the German Ministry of Justice and Ministry of the Interior. Even if the effects of the new policy are hard to see so far, it's indicative of how the German government is starting to think about and react to the spying revelations. And as further details of NSA subversion of US computer equipment emerge, other governments around the world may well start to do the same.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: contractors, germany, nsa, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    John, 21 May 2014 @ 1:23am

    Hit these US companies where it hurts, especially the big ones, and we might see some pressure applied to Congress or the President.

    These big companies regularly bribelobby with huge sums of money for campaign donations. A few words in the right ears might see some changes made.

    Maybe such a corrupt system can work for good, for once.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 May 2014 @ 8:01am

      Re:

      I agree. Even if it doesn't alter the actions of the federal government, it might at least make companies less eager to take these sorts of contracts.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2014 @ 1:25am

    Uh huh. Buh bye Microsoft!

    http://www.networkworld.com/community/blog/german-government-claims-windows-8-has-backdoor -big-enough-drive-bus-through-sideways

    I actually think all governments should be banning proprietary software for their own institutions. They should be working only with fully auditable open source software, and instead of using taxpayer public money to enrich private American corporations, they should be using them to fund open source projects that everyone will benefit from for decades.

    link to this | view in chronology ]

  • icon
    Rikuo (profile), 21 May 2014 @ 1:27am

    Aren't the Germans doing the exact same thing that the NSA is doing? So pot, meet kettle.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2014 @ 1:44am

      Re:

      No, they aren't doing the "exact same thing as NSA". NSA is tapping the world's Internet cables and spying everyone in real-time. All spying is not equal, just like targetted spying is very different from mass spying.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2014 @ 3:21am

      Re:

      Maybe, but the NSA got caught, and have done significant criminal cracking against foreign businesses for private exploitation.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2014 @ 5:13am

      Re:

      If they were, you would have read about it about 2 weeks after they started. Our intelligence agencies (or any governmental agencies) are that incompetent.

      regardless, this regulation will mean nothing, because the IT contracts that are awarded now are all a botched and unusable mess to the point were the NSA wouldn't even have to crack security measures, just take one of the ten thousand loopholes per application.

      I have seen some of those IT projects, Microsoft and adobe together can't create as many problems, bugs and issues together than any single IT project over here has.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2014 @ 1:49am

    And NSA will tell all its strategic partners to lie to foreign governments.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2014 @ 3:04am

      Re: Instructions to strategic partners

      an avalanche starts with the movement of a few pebbles, it looks like Germany is groping for a clear-cut test it's bureaucracy can apply, the Germans are smart, they will find something eventually that dodges treaty commitments and protects confidential information.

      Given the NSA's brief they will instruct their (reluctant) strategic partners to lie. It will not hurt the tax revenues of the US government, the big companies don't pay tax anyway. and if the foreign contracts of US companies dry up, the NSA will look for new strategic partners, the might team with the CIA and place "Agents of Influence" in foreign IT companies, they might break in and place taps in data-centers. It only means the NSA will need an increased budget to keep the insane flow of information coming in at the current insane rate.

      Bet you they get the budget increase they "Need".

      link to this | view in chronology ]

      • identicon
        Whatever, 21 May 2014 @ 3:30am

        Re: Re: Instructions to strategic partners

        It seems more like a public / politican answer from canny politicians that know nobody is actually going to check this out. So they can put these rules in place, but everyone will be just under the threshold and therefore no blocking.

        Call it a political move rather than one with any real teeth.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 21 May 2014 @ 8:03am

          Re: Re: Re: Instructions to strategic partners

          "know nobody is actually going to check this out"

          If that's what they think, then they're making a really bad miscalculation. This will be widely and closely watched.

          link to this | view in chronology ]

  • identicon
    Andypandy, 21 May 2014 @ 4:58am

    Funny

    I seriously hope that they lose the support of all the companies that bribe them every day. It would be cool to see both political parties forced to claim bankruptcy due to insufficient funds.

    link to this | view in chronology ]

  • icon
    Paul Renault (profile), 21 May 2014 @ 5:01am

    I hope the US companies take a look at Germany's record with energy policy.

    When they declared that they would phase out nuclear without increasing carbon-intensive energy source, many of the usual talking heads pooh-poohed them.

    They're making some progress towards it.

    Now, they're targeting NSA-'compliant' companies. They'll be selling their own routing equipment soon... Heh.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2014 @ 5:24am

      Re: I hope the US companies take a look at Germany's record with energy policy.

      haha, that renewable energy program is heading for disaster. It doesn't work. The "renewable energy sources" are destabilizing the power grid to a point that management becomes almost impossible. Also the output of CO2 has increased significantly because there is much more need for powerstations to regulate the power grid.

      This mess is insanely expensive, does not what it is supposed to do and seriously endangers the stability of power grid.

      It is a all around botched job out of ideological motives with no scientific and engineering competence to make it work. Worse even, a stable power grid just with renewable energy is plain impossible (no storage mechanism for excess power is available at all on the level necessary and won't be for a very long time, if ever).

      And that is only par for the course when it comes to large projects. They are reliable to fuck up every even moderately large project and the only reason small projects may work is initiative (and breaking of contracts, ignoring conditions and so on) of very few to just get things done.

      If any of our politicians are anouncing a program to "fix" things, you can be certain that at best nothing will change but usually they manage to make things much worse.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2014 @ 5:22am

    From time to time, these canny politician answers get a life of their own, beyond the vague, glib response it was intended as.

    The information at risk has a value, and a real risk if used against those it belongs to.

    The NSA and counterpoints will not stop seeking this information, this will drive concern on the vulnerability of the information. And no end of secret NSA briefings to it's "Political Masters" will dispel growing doubts.

    link to this | view in chronology ]

  • identicon
    Mr. Oizo, 21 May 2014 @ 6:40am

    In 3 days its election time here.

    _of course_ they have to have plans like that. Will never materialize though.

    link to this | view in chronology ]

  • icon
    madasahatter (profile), 21 May 2014 @ 7:02am

    Following China

    It seems as if several countries are beginning a migration to Linux and other FOSS projects due to the NSA.

    link to this | view in chronology ]

  • icon
    Beta (profile), 21 May 2014 @ 8:16am

    Reflections on Trusting Trust

    These new rules appeal to public outrage and give commercial advantage to German computer companies; this would be a good political move even if it did nothing at all to improve security -- which may be the case.

    Back doors are possible. They can be very difficult to detect. Spies love them, and intelligence agencies will pay well for them, no matter what laws we pass. So once we're done posturing, maybe we should give some more thought to the problem of doing secure computation on machines we can never entirely trust.

    link to this | view in chronology ]

  • identicon
    etrimby, 21 May 2014 @ 8:38am

    any company that cannot guarantee that foreign services or authorities will not obtain any of their data
    What company can guarantee that?

    link to this | view in chronology ]

  • icon
    AricTheRed (profile), 21 May 2014 @ 8:40am

    Am I crazy, or...?

    ...wouldn't this mean that the German govenment would effectively forbid a contract being awarded to ANY US company as they are all subject to NSLs? (National Security Letters)

    It would seem to me that would include banks, any technology service company, any company...?

    link to this | view in chronology ]

    • icon
      Seegras (profile), 22 May 2014 @ 5:35am

      Re: Am I crazy, or...?

      Right. No, you are not crazy. The NSLs are.

      I tell you to hand over all data on all your customers, and you can't tell anyone? This is obviously something out of a fascist regimes repertoire.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2014 @ 9:06am

    "A spokesperson for the Ministry of the Interior said that the aim of the new rule is to.." ... exert pressure until Germany can be in Five Eyes too.

    They're hot under the collar that they're not being treated as equal to the UK and they also have a desire to put one over on France. They wanna join the cool gang.

    link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 21 May 2014 @ 11:05am

    Now eating our own

    Apparently, Germany is as much into useless laws as we are.

    The intelligence agencies will have no problem at all ordering companies to lie in the contracts and, once leakage is discovered, leaving them to take the contract penalties without support.

    The U.S. intelligence agencies will now begin destroying companies in their zeal to pursue surveillance.

    link to this | view in chronology ]

  • icon
    Chris-Mouse (profile), 21 May 2014 @ 11:40am

    What about companies like Cisco? The NSA intercepted routers after they left the factory and added spyware to them without the company being aware that it had happened.
    Given that sort of activity, no equipment manufactured in the USA can be considered safe. In fact, even equipment that was merely shipped through the United States should be considered suspect until proven otherwise.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2014 @ 12:52pm

    This is the kind of thing i would expect from a true honest intentioned cyber security DEFENCE, instead of "cyber security" TOOLS TO OFFENSIVELY INFRINGE ON PEOPLES RIGHTS TO THEIR OWN LIVES GIVEN NO choice.......Ahem, excuse me......CHOICE

    link to this | view in chronology ]

  • icon
    Groaker (profile), 21 May 2014 @ 3:35pm

    While I would agree with the Germans on this issue, how would they know which ones have been so infected? How would the rest of us know which ones the Germans (and anyone else) have infected?

    link to this | view in chronology ]

    • icon
      Seegras (profile), 22 May 2014 @ 7:42am

      Re:

      Nobody does. But if the laws of a country generally allow these kinds of shenanigans, I'd boycott them.

      At least with laws against it, you know the company can not compelled by the government to participate. It may well be some secret agency pulls an NSA and intercepts it for planting bugs, but at least you know it's not (forced) malfeasance on the part of the supplier.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.