DOJ Inspector General Tells Congress That FBI Isn't Letting His Office Do Its Job... Again

In Wake Of NSA Leaks, China Drops Major US Tech Companies From Its Approved Supplier List

from the leaks-docs,-leaking-dollars dept

Fri, Feb 27th 2015 6:11am — Tim Cushing

The NSA continues to "save" the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world's trust of American technology.

Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA's surveillance tactics could cost companies anywhere from $22-180 billion over the next three years.

Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list.

China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.

Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems.

It's certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency's hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not "safe."

The fact that foreign hardware may arrive loaded with spyware and backdoors isn't the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There's also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts.

China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more "secure" than NSA-infected tech shipping from the US. Purchasers will find themselves taking the "lesser of two evils" approach when seeking to obtain tech products -- something that won't always work out in favor of American companies.

Cisco has openly stated that "geopolitical concerns" -- like the NSA's interception of its products destined for foreign markets -- have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it's clear the last 18 months of leaks have done little to raise their future expectations. OTI's wide-open estimate on potential losses will probably never achieve sharper focus. It's unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA's actions, but surveys have indicated this concern does factor heavily into purchasing decisions.

The leaks aren't going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn't going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there's no way any company can claim with certainty that they have avoided becoming part of any government's intelligence apparatus -- and that's going to hurt them for years to come.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, nsa, privacy, surveillance, tech industry

34 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 27 Feb 2015 @ 6:31am

I don't see how any country could trust another at this point
I don't see how any company could trust any other now with all the revelations of spying, even on allies. I think if I was a head of state, I would do whatever I could to get all tech built in my own country. Not only would my spyware be the only spyware on it, it would create jobs.
[ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 6:32am
  
  Re: I don't see how any country could trust another at this point
  Forgot to add, that once trust is lost, it is all but impossible to get back. It will take many, many years to earn it back and with the current state of things; it doesn't appear that the UK and US are interested in being trusted again. Either by other countries or their own citizens.
  [ link to this | view in chronology ]
TimK (profile), 27 Feb 2015 @ 6:34am

I can't wait until Cisco sues the US Government for the "loss of income" this has caused, and then we all get to pay the bill.

Yay.
[ link to this | view in chronology ]
- Designerfx (profile), 27 Feb 2015 @ 7:25am
  
  Re:
  Maybe Cisco's China part of the organization can sue the US in some twisted form of corporate sovereignty? Then our circle of TAFTA/TTIP/stupidity can be complete!
  [ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 7:44am
  
  Re:
  If part of the settlement involved closing the NSA and ending its illegal practices, the cost might be worth it, but sadly, the government, like corporations, would rather pay a fine (with someone else's money) than change their behavior.
  [ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 6:35am

I'm not surprised. I think of it as proof to how bipartisan universal surveillance is.

Because if it wasn't, we would see one party or the other decrying it as a "job killer" that "hurts the middle class" for cheap votes. Instead it's either stunning silence or overwhelming support.

Yes, my cynicism is fed by Washington's lack of cynicism in this case.
[ link to this | view in chronology ]
carborundum (profile), 27 Feb 2015 @ 6:39am

Dear large American tech companies,

One percent of those predicted losses could buy a whole new Congress.
I'm just putting that out there...
[ link to this | view in chronology ]
- Anonymous Howard (profile), 27 Feb 2015 @ 7:31am
  
  Re:
  Can't press enough Funny / (Sad) / Insightful buttons.
  [ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 6:42am

Awesome, especially regards to Cisco. Screw Cisco. They're the ones who even came up with the "legal intercept" protocol for routers, that IETF later standardized. Such a company is not to be trusted. A Cisco employee is still a co-chair at IETF, as is an NSA agent in another crypto group at IETF.
[ link to this | view in chronology ]
Bamboo Harvester (profile), 27 Feb 2015 @ 7:01am

Easy Fix
NSA Headquarters

Dear China;

Please put all American products removed from your list back on the to-buy list, and we will afford you the same trade agreement we have with Britain's GHCQ.

We give you the keys to the back doors in all US products, you give us the keys to all Chinese products, and we trade the information fully from both sets of hardware.

It's a win-win for Intelligence agencies.
=========

(Aside) Bob Asprin covered a scenario rather like this in his novella "The Cold Cash War". A good read if you've got a half hour to kill sometime.
[ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 8:04am
  
  Re: Easy Fix
  Of course they are doing this. China isn't the enemy, it's the American people and their bizarre idea that they have some sore of rights granted by some piece of paper somewhere.
  [ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 7:01am

and what's the betting it will be China's fault that USA companies have been treated like this? i've never known anything to be the USA's fault, whatever the issue is!
[ link to this | view in chronology ]
Geno0wl (profile), 27 Feb 2015 @ 7:01am

They will blame
They will continue to blame Snowden, but we all know it was a matter of time before they were found out eventually anyway. And once they were found out it just would have been worse. The hubris to think they could have long term kept that going without being found out, that only Snowden was the reason they ever would have gotten caught, it rather astounding.
[ link to this | view in chronology ]
avideogameplayer, 27 Feb 2015 @ 7:08am

Wouldn't surprise me if China decides to call in all the IOUs they're holding for us in the future...
[ link to this | view in chronology ]
- Anonymous Howard (profile), 27 Feb 2015 @ 7:46am
  
  Re:
  They won't.
  If you owe someone 100 bucks, he has power over you. If you owe 100M bucks someone, you have power over him. And the US owes chine trillions.
  [ link to this | view in chronology ]
- Pixelation, 27 Feb 2015 @ 8:16am
  
  Re:
  "Wouldn't surprise me if China decides to call in all the IOUs they're holding for us in the future..."
  
  They would be screwing themselves too, if they did.
  [ link to this | view in chronology ]
  - avideogameplayer, 27 Feb 2015 @ 8:34am
    
    Re: Re:
    Wouldn't that 'I'm gonna take you with me!' kinda thing?
    [ link to this | view in chronology ]
musterion (profile), 27 Feb 2015 @ 7:12am

Lenovo anyone
Considering the spyware that Lenovo loads onto its systems, and you know damn well that as a computer manufacturer theyu are under the scrutiny if the Communist party and government, why would anyone in the west buy any of their stuff? It works both ways.
[ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 7:38am
  
  Re: Lenovo anyone
  Don't forget Motorola. There is almost a sure bet that Motorola phones either already have or soon will have spyware as well. Just imagine Obama using a Motorola phone when calling in the nuclear codes. Makes for a good movie.
  [ link to this | view in chronology ]
- John Fenderson (profile), 27 Feb 2015 @ 7:39am
  
  Re: Lenovo anyone
  "why would anyone in the west buy any of their stuff?"
  
  Depends on who they are. Personally, I feel much less threatened by the notion that China might be spying on me than the notion that the US might be. However, major US corporations and companies that do business with the government or with sensitive businesses such as banking would rightfully feel differently.
  [ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 8:36am
  
  Re: Lenovo anyone
  Personally, I'd rather be certain a foreign government is spying on me than worry about my own. My own can press criminal charges against me, interrogate my family, get me fired by implying I broke the law to my boss, and so on. What's the worst China can do?
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Feb 2015 @ 9:32am
    
    Re: Re: Lenovo anyone
    how does that help when the foreign governments are sharing the info with US?
    [ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 7:28am

Open-source hardware anyone?
[ link to this | view in chronology ]
- Anonymous Coward, 27 Feb 2015 @ 7:47am
  
  Re:
  Yes, we can run down to Radio Shack and pick up a board, some chips and a soldering gun. Oh wait!
  
  /sarc
  [ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 7:43am

Too funny. China saying they will not buy products that were made in China under purchase orders from US companies.
[ link to this | view in chronology ]
Whoever, 27 Feb 2015 @ 9:07am

Where is the mainstream reporting?
Where are the mainstream media outlets when these stories break? Nowhere. Look at how little reporting there was of the Chicago Police's black site.

It is clear that the media are not interested in criticizing government. As for those reporters in Chicago who knew about Homan square, but did not report it: I hope that they get "disappeared" for a few hours.
[ link to this | view in chronology ]
Dave, 27 Feb 2015 @ 10:21am

ISDS
Maybe the Cisco offices in these foreign countries can launch ISDS (aka corporate sovereignty) suits against the US.

That would be fun.
[ link to this | view in chronology ]
Whoever, 27 Feb 2015 @ 10:38am

Safety calculus
Before doing road improvements, there is usually an estimate of cost vs. lives saved, with the expectation that a saved life is worth somewhere around $0.5M to $1M (I don't know the current number). I found a study that showed that the cost of saving a life in vehicle safety improvements was about $0.5M in 2002/2004.

Using a more conservative number ($1M per life saved), the NSA should be able to show that their activities saved the lives of at least 22,000 US residents and perhaps 180,000 US residents. Can't show this? Then the NSA's activities are a waste of resources. Resources that could be more effectively spent elsewhere.
[ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 12:55pm

It'd be nice to have more info.
Physically installing backdoors in transit could use some deeper investigation. Specifically, how and where and with whom are these "interdictions" occurring? It would be nice to have some journalism boots on the ground shining light on that process. FedEx, UPS, USPS, DHL, et al, need to be asked some hard questions, starting with what kind of cooperation they've provided.
[ link to this | view in chronology ]
- Albi Qeli, 27 Feb 2015 @ 2:31pm
  
  Re: It'd be nice to have more info.
  According to James Bamford, during the Cold War the NSA managed to place a US Navy submarine close to some underwater Soviet cables in the sea of Okhotsk. They then tapped into those cables, under the cold north Pacific waters, and as a consequence, the US had full access to Soviet Navy communications.
  
  I cannot know the details, but I don't think the NSA would have trouble intercepting a UPS package.
  [ link to this | view in chronology ]
Albi Qeli, 27 Feb 2015 @ 2:13pm

The Chinese have found the perfect excuse to do what they always do: entice foreigners, steal their know-how, then get rid of the foreigners when no longer needed. Nothing new here.

As an aside, I am reading the Gordievsky history of the KGB. At one point in between the world wars, the US Embassy in the USSR operated without any crypto, the ambassador was not particularly worried about "secrets." Apparently everything was above the table, and the US envoy found the Russians perfectly reasonable. The Russians on the other were not honorable: they intercepted every communication they could, brought prostitutes to honey-trap the employees, etc. It did not take long for US to institute countermeasures.

The US spooks have come a long way, needless to say. Unfortunately, the NSA has managed to turn US opinion against it. At a minimum, the NSA is guilty of not being able to keep secrets. At worst, they are the enablers of total surveillance, at the service of God-knows-who. If US citizens could do so, they would vote the agency out of existence. This spy stuff has gone too far.
[ link to this | view in chronology ]
Anonymous Coward, 27 Feb 2015 @ 3:39pm

I might have been born in the USA, but I was Made In China, and assembled in Russia. No matter though, they all worship the Beast.
[ link to this | view in chronology ]
Anonymous Coward, 28 Feb 2015 @ 8:11am

We need well documented hardware with open source drivers controlling the hardware components. That is the only way to have any security in a product. Anything less is security through obscurity. In other words, "trust us" voodoo.
[ link to this | view in chronology ]
xz11111000000 (profile), 28 Feb 2015 @ 8:32am

Trust No One
It's perfectly reasonable at this point to trust no OEM and require safety audits of critical systems. What's unreasonable is to put blind trust in any OEM or service provider.

We are heading toward a world where major OEMs will either learn to love open source and audits, or die and an increasing number of companies roll their own commodity hardware.

Intel knows this, but have Cisco and IBM got the message?

It should be noted Huawei has cooperated with pre-installation audits for years in the UK and recently offered to open it's source code to customers.

Did the US Senate and White House do them a favor by banning them and sending them down that road years ahead of their American competitors?

Probably.

Nice work assholes.
[ link to this | view in chronology ]