Kicking Trust in the Pants: NSA had Close Relationship with Apple, Google

| Analysis

The idea that Apple, Google, and other tech companies have always distanced themselves from the NSA may not be accurate thanks to emails that recently surfaced. The emails show communication between Google executives and the NSA, plus they mention other companies, including Apple, Microsoft, and HP, undermining the trust companies have been working so hard to maintain after the NSA's wide spread surveillance tactics were uncovered.

Emails show NSA had a closer relationship with tech companies than originally thoughtEmails show NSA had a closer relationship with tech companies than originally thought

In an email from June 2012, NSA director General Keith Alexander invited Google's Eric Schmidt to what he called a classified threat briefing to be held at a secure location near San Jose, California. The topic of discussion, according to Al Jazeera America, would focus on mobile threats and security.

General Alexander went on to say,

A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead... Google's participation in refinement, engineering and deployment of the solutions will be essential.

That doesn't necessarily mean the companies were meeting with the NSA to set up secret back doors into their servers, or hand over private information from customers, but it does establish that many tech companies were meeting with the agency voluntarily. Based on the General's choice of words, it sounds like the meeting Mr. Schmidt was invited to was more about enhancing device-level security, and that the agency had been actively working with companies to improve PC security, too.

His email went on to say, "Over the last 18 months, we (primarily Intel, AMD, HP, Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area."

Considering the agency's reputation for exploiting whatever it can to gain access to email exchanges and other personal information that should otherwise remain private, however, it's hard to see NSA meetings of this sort as purely altruistic. For companies like Apple, Google and HP, interacting with the NSA may have been a necessary evil and a way to try to better understand what the agency was up to, and to discover which tactics it used to hack into corporate servers holding private customer data.

What we can tell from email exchanges like these is that the NSA was working on its wide spread surveillance program at least as far back as 2009, and has had some level of cooperation from big tech companies. Companies may have worked with the NSA in an effort improve overall security for their customers, but it doesn't help instill trust in end users.

Regardless of what companies like Google, Apple and HP say their intentions were during NSA interactions, that association wears thin on consumer's trust, and that's a problem businesses will have a hard time overcoming.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

JustCause

Maybe I’m misreading the emails, but they look to be about meetings around hardening US tech not about spying on people…

That’s actually what the NSA is supposed to be doing with US tech companies, working to keep them and their users safe from foreign interests.

John Dingler, artist

John Dingler, artist, said “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the NSA on key ways we want the NSA to stop spying on our innocent citizens and to provide them a brief on the specific NSA threats we believe can be mitigated and to seek its commitment for its organization to move ahead… NSA’s participation in refinement, engineering and deployment of non-spy solutions will be essential.”

*S*

Paul Goodwin

Altruism isn’t why they’d be involved. Part of their function is to ensure the infrastructure from attack. If an enemy wants to paralyze America, bring down the Internet would be the single most damaging thing they could do.

Also, the NSA doesn’t need companies like Apple, HP or Google to help them. The NSA has the funding, tools and expertise to gather whatever information they need from virtually any source. The question is whether they’re spying on citizens without cause. Mostly likely, there would be some “collateral damage” in that some innocent citizens are investigated because of some association with people who are valid suspects. It’s part of their process to find the extent of threats. Does this mean they’re looking at everyone’s private information? IMO, no. Are they intercepting Internet traffic and grabbing data based on keywords or searching for coded patterns of threatening activity. Most assuredly. It’s a public Internet, and everyone should be aware that sending messages out on the public Internet isn’t what you should be doing with your confidential information.

John Dingler, artist

Hi Paul Goodwin,
I strongly disagree with your siding with the police state in this matter. Because it’s the people’s internet, not the police’s, people should have free, unpoliced access to the internet without having to be concerned about the security state’s Peeping Toms scrutinizing their online behavior.

Paul Goodwin

I wasn’t saying it’s the government’s Internet. It’s a public Internet, and anything you put out there is subject to interception by anyone. Yes i should be worry free, and for the most part it is. But I wouldn’t ever send anything across the Internet that was something private or proprietary without a secure method of encryption. And I’m not siding with the police or NSA at all. Businesses that transmit proprietary info don’t do it on the public Internet, they have dedicated secure portals. It’s a great public tool that is as secure or unsecure as you make it. I don’t want anybody snooping around my stuff any more than you do. But there’s a reality to it that it’s not secure without the user making it secure.

gkhudyan

Surprise surprise….the gouvernement lied.  wow, thats got to be a first.

iJack

Just y’ll wait a bit for the next round of explosive Snowden revelations.
You ain’t seen nuttin’ yet.

Blissmonkey

Unfortunately, no one in North America—no one at all—is talking about an enemy of the state conspiring to penetrate as deeply as possible into the private lives of its citizens or their governments.  Virtually everyone is talking about North American governments doing this to its own citizens.

The single exception to this, however, is the North American governments themselves.  Yet, there is no indication anywhere that anyone believes them.

The recent frame that it’s up to business to protect us from our own governments not only astounding but is patently ridiculous when its business itself that’s more and more with each passing day pulling the strings of government.

But this is all common knowledge—and the contents of this article will by now come as a surprise to almost no one.  Welcome, everyone, to the post-privacy age, where private interests don’t even bother to try to keep private how thoroughly they intrude upon our privacies.

Bart B

The key thing to remember here is that the NSA has two (often conflicting) roles:

1) to keep US business (and theoretically people too, but that seems to take less mind-share) safe from hacking and corprate espionage
2) spy on people

The NSA’s left hand is often doing things to spite the work of their right hand. E.g. intentinoally sabbotaging encryption standards.

This sounds to me like the NSA trying to actually do something on their “keep companies safe” madate, not their counter-productive “spy on everyone” mandate. Frankly, the NSA SHOULD be helping to harden the nation’s IT infrastructure.

Log-in to comment