DeepseekerADS
Gold Member
- Mar 3, 2013
- 14,880
- 21,733
- Detector(s) used
- CTX, Excal II, EQ800, Fisher 1260X, Tesoro Royal Sabre, Tejon, Garrett ADSIII, Carrot, Stealth 920iX, Keene A52
- Primary Interest:
- Other
U.S. Agencies Said to Swap Data With Thousands of Firms - Bloomberg
Beyond Prism: Gov't, Companies Share Sensitive Info
Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said.
In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isnât subject to oversight because it doesnât involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military.
Microsoft Corp., the worldâs largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process.
Larry Page, chief executive officer of Google Inc., said in a blog posting June 7 that he hadnât heard of a program called Prism until after Edward Snowdenâs disclosures and that the company didnât allow the U.S. government direct access to its servers or some back-door to its data centers. Photographer: Robert Galbraith/Pool via Bloomberg
These programs, whose participants are known as trusted partners, extend far beyond what was revealed by Edward Snowden, a computer technician who did work for the National Security Agency. The role of private companies has come under intense scrutiny since his disclosure this month that the NSA is collecting millions of U.S. residentsâ telephone records and the computer communications of foreigners from Google Inc (GOOG). and other Internet companies under court order.
Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that donât involve private communications of their customers, the four people said.
Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries.
Along with the NSA, the Central Intelligence Agency (0112917D), the Federal Bureau of Investigation and branches of the U.S. military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of U.S. intelligence or cyber warfare units, according to the people, who have either worked for the government or are in companies that have these accords.
Microsoft Corp. (MSFT), the worldâs largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesnât ask and canât be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government âan early startâ on risk assessment and mitigation.
Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judgeâs order if it were done in the U.S., one of the four people said.
In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.
The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar with the agreements.
Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.âs major spy agencies, the people familiar with those programs said.
Michael Hayden, who formerly directed the National Security Agency and the CIA, described the attention paid to important company partners: âIf I were the director and had a relationship with a company who was doing things that were not just directed by law but were also valuable to the defense of the Republic, I would go out of my way to thank them and give them a sense as to why this is necessary and useful.â
âYou would keep it closely held within the company and there would be very few cleared individuals,â Hayden said.
Cooperation between nine U.S. Internet companies and the NSAâs Special Source Operations unit came to light along with a secret program called Prism. According to a slide deck provided by Snowden, the program gathers e-mails, videos, and other private data of foreign surveillance targets through arrangements that vary by company, overseen by a secret panel of judges.
U.S. intelligence agencies have grown far more dependent on such arrangements as the flow of much of the worldâs information has grown exponentially through switches, cables and other network equipment maintained by U.S. companies.
In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isnât subject to oversight because it doesnât involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military.
Typically, a key executive at a company and a small number of technical people cooperate with different agencies and sometimes multiple units within an agency, according to the four people who described the arrangements.
If necessary, a company executive, known as a âcommitting officer,â is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.
Intel Corp. (INTC)âs McAfee unit, which makes Internet security software, regularly cooperates with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view of malicious Internet traffic, including espionage operations by foreign powers, according to one of the four people, who is familiar with the arrangement.
Such a relationship would start with an approach to McAfeeâs chief executive, who would then clear specific individuals to work with investigators or provide the requested data, the person said. The public would be surprised at how much help the government seeks, the person said.
McAfee firewalls collect information on hackers who use legitimate servers to do their work, and the company data can be used to pinpoint where attacks begin. The company also has knowledge of the architecture of information networks worldwide, which may be useful to spy agencies who tap into them, the person said.
McAfee (MFE)âs data and analysis doesnât include information on individuals, said Michael Fey, the companyâs world wide chief technology officer.
âWe do not share any type of personal information with our government agency partners,â Fey said in an e-mailed statement. âMcAfeeâs function is to provide security technology, education, and threat intelligence to governments. This threat intelligence includes trending data on emerging new threats, cyber-attack patterns and vector activity, as well as analysis on the integrity of software, system vulnerabilities, and hacker group activity.â
In exchange, leaders of companies are showered with attention and information by the agencies to help maintain the relationship, the person said.
In other cases, companies are given quick warnings about threats that could affect their bottom line, including serious Internet attacks and who is behind them.
Following an attack on his company by Chinese hackers in 2010, Sergey Brin, Googleâs co-founder, was provided with highly sensitive government intelligence linking the attack to a specific unit of the Peopleâs Liberation Army, Chinaâs military, according to one of the people, who is familiar with the governmentâs investigation. Brin was given a temporary classified clearance to sit in on the briefing, the person said.
According to information provided by Snowden, Google, owner of the worldâs most popular search engine, had at that point been a Prism participant for more than a year.
Google CEO Larry Page said in a blog posting June 7 that he hadnât heard of a program called Prism until after Snowdenâs disclosures and that the Mountain View, California-based company didnât allow the U.S. government direct access to its servers or some back-door to its data centers. He said Google provides user data to governments âonly in accordance with the law.â
Leslie Miller, a spokeswoman for Google, didnât provide an immediate response yesterday.
The information provided by Snowden also exposed a secret NSA program known as Blarney. As the program was described in the Washington Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails or browse the Internet through principal data routes, known as a backbone.
That metadata includes which version of the operating system, browser and Java software are being used on millions of devices around the world, information that U.S. spy agencies could use to infiltrate those computers or phones and spy on their users.
âItâs highly offensive information,â said Glenn Chisholm, the former chief information officer for Telstra Corp (TLS)., one of Australiaâs largest telecommunications companies, contrasting it to defensive information used to protect computers rather than infiltrate them.
According to Snowdenâs information, Blarneyâs purpose is âto gain access and exploit foreign intelligence,â the Post said.
Itâs unclear whether U.S. Internet service providers gave information to the NSA as part of Blarney, and if so, whether the transfer of that data required a judgeâs order.
Stewart Baker, former general counsel for the NSA, said if metadata involved communications between two foreign computers that just happened to be crossing a U.S. fiber optic cable âthen the likelihood is it would demand less legal scrutiny than when communications are being extracted one by one.â
Lawmakers who oversee U.S. intelligence agencies may not understand the significance of some of the metadata being collected, said Jacob Olcott, a former cybersecurity assistant for Senator John D. Rockefeller IV of West Virginia, the Democratic chairman of the Senate Commerce Committee.
âThatâs what makes this issue of oversight so challenging,â said Olcott, now a principal at Good Harbor Security Risk Management in Washington. âYou have a situation where the technology and technical policy is far outpacing the background and expertise of most elected members of Congress or their staffs.â
While companies are offered powerful inducements to cooperate with U.S. intelligence, many executives are motivated by patriotism or a sense they are defending national security, the people familiar with the trusted partner programs said.
U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies with details of their systemsâ architecture or equipment schematics so the agencies can analyze potential vulnerabilities.
âItâs natural behavior for governments to want to know about the countryâs critical infrastructure,â said Chisholm, chief security officer at Irvine, California-based Cylance Inc.
Even strictly defensive systems can have unintended consequences for privacy. Einstein 3, a costly program originally developed by the NSA, is meant to protect government systems from hackers. The program, which has been made public and is being installed, will closely analyze the billions of e-mails sent to government computers every year to see if they contain spy tools or malicious software.
Einstein 3 could also expose the private content of the e-mails under certain circumstances, according to a person familiar with the system, who asked not to be named because he wasnât authorized to discuss the matter.
Before they agreed to install the system on their networks, some of the five major Internet companies -- AT&T Inc. (T), Verizon Communications Inc (VZ)., Sprint Nextel Corp. (S), Level 3 Communications Inc (LVLT). and CenturyLink Inc (CTL). -- asked for guarantees that they wouldnât be held liable under U.S. wiretap laws. Those companies that asked received a letter signed by the U.S. attorney general indicating such exposure didnât meet the legal definition of a wiretap and granting them immunity from civil lawsuits, the person said.
Mark Siegel, a spokesman for Dallas-based AT&T, the nationâs biggest phone carrier, declined to comment. Edward McFadden, a spokesman for New York-based Verizon, the second-largest phone company, declined to comment.
Scott Sloat, a spokesman for Overland Park, Kansas-based Sprint, and Monica Martinez, a spokeswoman for Broomfield, Colorado-based Level 3, didnât immediately respond to requests for comment.
Linda Johnson, a spokeswoman for Centurylink, formerly Qwest Corp., said her Monroe, Louisiana-based company participates in the Enhanced Cybersecurity Services program and the Intrusion Prevention Security Services program, which includes Einstein 3. Both programs are managed by the U.S. Department of Homeland Security.
Beyond that, she said, âCenturyLink does not comment on matters pertaining to national security.â
Beyond Prism: Gov't, Companies Share Sensitive Info
Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said.
In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isnât subject to oversight because it doesnât involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military.
Microsoft Corp., the worldâs largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process.
Larry Page, chief executive officer of Google Inc., said in a blog posting June 7 that he hadnât heard of a program called Prism until after Edward Snowdenâs disclosures and that the company didnât allow the U.S. government direct access to its servers or some back-door to its data centers. Photographer: Robert Galbraith/Pool via Bloomberg
These programs, whose participants are known as trusted partners, extend far beyond what was revealed by Edward Snowden, a computer technician who did work for the National Security Agency. The role of private companies has come under intense scrutiny since his disclosure this month that the NSA is collecting millions of U.S. residentsâ telephone records and the computer communications of foreigners from Google Inc (GOOG). and other Internet companies under court order.
Many of these same Internet and telecommunications companies voluntarily provide U.S. intelligence organizations with additional data, such as equipment specifications, that donât involve private communications of their customers, the four people said.
Makers of hardware and software, banks, Internet security providers, satellite telecommunications companies and many other companies also participate in the government programs. In some cases, the information gathered may be used not just to defend the nation but to help infiltrate computers of its adversaries.
Along with the NSA, the Central Intelligence Agency (0112917D), the Federal Bureau of Investigation and branches of the U.S. military have agreements with such companies to gather data that might seem innocuous but could be highly useful in the hands of U.S. intelligence or cyber warfare units, according to the people, who have either worked for the government or are in companies that have these accords.
Microsoft Corp. (MSFT), the worldâs largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesnât ask and canât be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Frank Shaw, a spokesman for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to be give government âan early startâ on risk assessment and mitigation.
Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judgeâs order if it were done in the U.S., one of the four people said.
In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.
The extensive cooperation between commercial companies and intelligence agencies is legal and reaches deeply into many aspects of everyday life, though little of it is scrutinized by more than a small number of lawyers, company leaders and spies. Company executives are motivated by a desire to help the national defense as well as to help their own companies, said the people, who are familiar with the agreements.
Most of the arrangements are so sensitive that only a handful of people in a company know of them, and they are sometimes brokered directly between chief executive officers and the heads of the U.S.âs major spy agencies, the people familiar with those programs said.
Michael Hayden, who formerly directed the National Security Agency and the CIA, described the attention paid to important company partners: âIf I were the director and had a relationship with a company who was doing things that were not just directed by law but were also valuable to the defense of the Republic, I would go out of my way to thank them and give them a sense as to why this is necessary and useful.â
âYou would keep it closely held within the company and there would be very few cleared individuals,â Hayden said.
Cooperation between nine U.S. Internet companies and the NSAâs Special Source Operations unit came to light along with a secret program called Prism. According to a slide deck provided by Snowden, the program gathers e-mails, videos, and other private data of foreign surveillance targets through arrangements that vary by company, overseen by a secret panel of judges.
U.S. intelligence agencies have grown far more dependent on such arrangements as the flow of much of the worldâs information has grown exponentially through switches, cables and other network equipment maintained by U.S. companies.
In addition to private communications, information about equipment specifications and data needed for the Internet to work -- much of which isnât subject to oversight because it doesnât involve private communications -- is valuable to intelligence, U.S. law-enforcement officials and the military.
Typically, a key executive at a company and a small number of technical people cooperate with different agencies and sometimes multiple units within an agency, according to the four people who described the arrangements.
If necessary, a company executive, known as a âcommitting officer,â is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.
Intel Corp. (INTC)âs McAfee unit, which makes Internet security software, regularly cooperates with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view of malicious Internet traffic, including espionage operations by foreign powers, according to one of the four people, who is familiar with the arrangement.
Such a relationship would start with an approach to McAfeeâs chief executive, who would then clear specific individuals to work with investigators or provide the requested data, the person said. The public would be surprised at how much help the government seeks, the person said.
McAfee firewalls collect information on hackers who use legitimate servers to do their work, and the company data can be used to pinpoint where attacks begin. The company also has knowledge of the architecture of information networks worldwide, which may be useful to spy agencies who tap into them, the person said.
McAfee (MFE)âs data and analysis doesnât include information on individuals, said Michael Fey, the companyâs world wide chief technology officer.
âWe do not share any type of personal information with our government agency partners,â Fey said in an e-mailed statement. âMcAfeeâs function is to provide security technology, education, and threat intelligence to governments. This threat intelligence includes trending data on emerging new threats, cyber-attack patterns and vector activity, as well as analysis on the integrity of software, system vulnerabilities, and hacker group activity.â
In exchange, leaders of companies are showered with attention and information by the agencies to help maintain the relationship, the person said.
In other cases, companies are given quick warnings about threats that could affect their bottom line, including serious Internet attacks and who is behind them.
Following an attack on his company by Chinese hackers in 2010, Sergey Brin, Googleâs co-founder, was provided with highly sensitive government intelligence linking the attack to a specific unit of the Peopleâs Liberation Army, Chinaâs military, according to one of the people, who is familiar with the governmentâs investigation. Brin was given a temporary classified clearance to sit in on the briefing, the person said.
According to information provided by Snowden, Google, owner of the worldâs most popular search engine, had at that point been a Prism participant for more than a year.
Google CEO Larry Page said in a blog posting June 7 that he hadnât heard of a program called Prism until after Snowdenâs disclosures and that the Mountain View, California-based company didnât allow the U.S. government direct access to its servers or some back-door to its data centers. He said Google provides user data to governments âonly in accordance with the law.â
Leslie Miller, a spokeswoman for Google, didnât provide an immediate response yesterday.
The information provided by Snowden also exposed a secret NSA program known as Blarney. As the program was described in the Washington Post (WPO), the agency gathers metadata on computers and devices that are used to send e-mails or browse the Internet through principal data routes, known as a backbone.
That metadata includes which version of the operating system, browser and Java software are being used on millions of devices around the world, information that U.S. spy agencies could use to infiltrate those computers or phones and spy on their users.
âItâs highly offensive information,â said Glenn Chisholm, the former chief information officer for Telstra Corp (TLS)., one of Australiaâs largest telecommunications companies, contrasting it to defensive information used to protect computers rather than infiltrate them.
According to Snowdenâs information, Blarneyâs purpose is âto gain access and exploit foreign intelligence,â the Post said.
Itâs unclear whether U.S. Internet service providers gave information to the NSA as part of Blarney, and if so, whether the transfer of that data required a judgeâs order.
Stewart Baker, former general counsel for the NSA, said if metadata involved communications between two foreign computers that just happened to be crossing a U.S. fiber optic cable âthen the likelihood is it would demand less legal scrutiny than when communications are being extracted one by one.â
Lawmakers who oversee U.S. intelligence agencies may not understand the significance of some of the metadata being collected, said Jacob Olcott, a former cybersecurity assistant for Senator John D. Rockefeller IV of West Virginia, the Democratic chairman of the Senate Commerce Committee.
âThatâs what makes this issue of oversight so challenging,â said Olcott, now a principal at Good Harbor Security Risk Management in Washington. âYou have a situation where the technology and technical policy is far outpacing the background and expertise of most elected members of Congress or their staffs.â
While companies are offered powerful inducements to cooperate with U.S. intelligence, many executives are motivated by patriotism or a sense they are defending national security, the people familiar with the trusted partner programs said.
U.S telecommunications, Internet, power companies and others provide U.S. intelligence agencies with details of their systemsâ architecture or equipment schematics so the agencies can analyze potential vulnerabilities.
âItâs natural behavior for governments to want to know about the countryâs critical infrastructure,â said Chisholm, chief security officer at Irvine, California-based Cylance Inc.
Even strictly defensive systems can have unintended consequences for privacy. Einstein 3, a costly program originally developed by the NSA, is meant to protect government systems from hackers. The program, which has been made public and is being installed, will closely analyze the billions of e-mails sent to government computers every year to see if they contain spy tools or malicious software.
Einstein 3 could also expose the private content of the e-mails under certain circumstances, according to a person familiar with the system, who asked not to be named because he wasnât authorized to discuss the matter.
Before they agreed to install the system on their networks, some of the five major Internet companies -- AT&T Inc. (T), Verizon Communications Inc (VZ)., Sprint Nextel Corp. (S), Level 3 Communications Inc (LVLT). and CenturyLink Inc (CTL). -- asked for guarantees that they wouldnât be held liable under U.S. wiretap laws. Those companies that asked received a letter signed by the U.S. attorney general indicating such exposure didnât meet the legal definition of a wiretap and granting them immunity from civil lawsuits, the person said.
Mark Siegel, a spokesman for Dallas-based AT&T, the nationâs biggest phone carrier, declined to comment. Edward McFadden, a spokesman for New York-based Verizon, the second-largest phone company, declined to comment.
Scott Sloat, a spokesman for Overland Park, Kansas-based Sprint, and Monica Martinez, a spokeswoman for Broomfield, Colorado-based Level 3, didnât immediately respond to requests for comment.
Linda Johnson, a spokeswoman for Centurylink, formerly Qwest Corp., said her Monroe, Louisiana-based company participates in the Enhanced Cybersecurity Services program and the Intrusion Prevention Security Services program, which includes Einstein 3. Both programs are managed by the U.S. Department of Homeland Security.
Beyond that, she said, âCenturyLink does not comment on matters pertaining to national security.â
