Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts

from the hidden-costs-of-hidden-backdoors dept

As early as June last year, Techdirt noted that beyond the political fallout of NSA spying, there is a considerable risk that there will be serious economic consequences too. That’s because other countries are now aware that one way the NSA has been obtaining sensitive information is through US computer products that have secret backdoors added in some way. In that post, we mentioned that Sweden had banned the country’s public bodies from using Google Apps; it looks like Germany is going even further, as reported here in the international edition of the German newspaper Süddeutsche Zeitung:

Germany’s black-red “grand coalition” government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them — nor can they be coerced — to pass on confidential data to foreign secret services or security authorities.

The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with “strategic partners,” as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.

But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent “the flow of data worth protecting to foreign security authorities.”

It’s not yet clear how that new policy will work in practice. The article goes on to point out that one particular company, Computer Sciences Corporation (CSC), known to work for the US secret services, has been receiving plenty of lucrative German government contracts, including testing the German Federal Criminal Police Office’s “state Trojan”, which we wrote about in 2012, and working with the German Ministry of Justice and Ministry of the Interior. Even if the effects of the new policy are hard to see so far, it’s indicative of how the German government is starting to think about and react to the spying revelations. And as further details of NSA subversion of US computer equipment emerge, other governments around the world may well start to do the same.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts”

Subscribe: RSS Leave a comment
28 Comments
John says:

Hit these US companies where it hurts, especially the big ones, and we might see some pressure applied to Congress or the President.

These big companies regularly bribelobby with huge sums of money for campaign donations. A few words in the right ears might see some changes made.

Maybe such a corrupt system can work for good, for once.

Anonymous Coward says:

Uh huh. Buh bye Microsoft!

http://www.networkworld.com/community/blog/german-government-claims-windows-8-has-backdoor-big-enough-drive-bus-through-sideways

I actually think all governments should be banning proprietary software for their own institutions. They should be working only with fully auditable open source software, and instead of using taxpayer public money to enrich private American corporations, they should be using them to fund open source projects that everyone will benefit from for decades.

Anonymous Coward says:

Re: Re:

If they were, you would have read about it about 2 weeks after they started. Our intelligence agencies (or any governmental agencies) are that incompetent.

regardless, this regulation will mean nothing, because the IT contracts that are awarded now are all a botched and unusable mess to the point were the NSA wouldn’t even have to crack security measures, just take one of the ten thousand loopholes per application.

I have seen some of those IT projects, Microsoft and adobe together can’t create as many problems, bugs and issues together than any single IT project over here has.

Anonymous Coward says:

Re: Instructions to strategic partners

an avalanche starts with the movement of a few pebbles, it looks like Germany is groping for a clear-cut test it’s bureaucracy can apply, the Germans are smart, they will find something eventually that dodges treaty commitments and protects confidential information.

Given the NSA’s brief they will instruct their (reluctant) strategic partners to lie. It will not hurt the tax revenues of the US government, the big companies don’t pay tax anyway. and if the foreign contracts of US companies dry up, the NSA will look for new strategic partners, the might team with the CIA and place “Agents of Influence” in foreign IT companies, they might break in and place taps in data-centers. It only means the NSA will need an increased budget to keep the insane flow of information coming in at the current insane rate.

Bet you they get the budget increase they “Need”.

Whatever says:

Re: Re: Instructions to strategic partners

It seems more like a public / politican answer from canny politicians that know nobody is actually going to check this out. So they can put these rules in place, but everyone will be just under the threshold and therefore no blocking.

Call it a political move rather than one with any real teeth.

Paul Renault (profile) says:

I hope the US companies take a look at Germany's record with energy policy.

When they declared that they would phase out nuclear without increasing carbon-intensive energy source, many of the usual talking heads pooh-poohed them.

They’re making some progress towards it.

Now, they’re targeting NSA-‘compliant’ companies. They’ll be selling their own routing equipment soon… Heh.

Anonymous Coward says:

Re: I hope the US companies take a look at Germany's record with energy policy.

haha, that renewable energy program is heading for disaster. It doesn’t work. The “renewable energy sources” are destabilizing the power grid to a point that management becomes almost impossible. Also the output of CO2 has increased significantly because there is much more need for powerstations to regulate the power grid.

This mess is insanely expensive, does not what it is supposed to do and seriously endangers the stability of power grid.

It is a all around botched job out of ideological motives with no scientific and engineering competence to make it work. Worse even, a stable power grid just with renewable energy is plain impossible (no storage mechanism for excess power is available at all on the level necessary and won’t be for a very long time, if ever).

And that is only par for the course when it comes to large projects. They are reliable to fuck up every even moderately large project and the only reason small projects may work is initiative (and breaking of contracts, ignoring conditions and so on) of very few to just get things done.

If any of our politicians are anouncing a program to “fix” things, you can be certain that at best nothing will change but usually they manage to make things much worse.

Anonymous Coward says:

From time to time, these canny politician answers get a life of their own, beyond the vague, glib response it was intended as.

The information at risk has a value, and a real risk if used against those it belongs to.

The NSA and counterpoints will not stop seeking this information, this will drive concern on the vulnerability of the information. And no end of secret NSA briefings to it’s “Political Masters” will dispel growing doubts.

Beta (profile) says:

Reflections on Trusting Trust

These new rules appeal to public outrage and give commercial advantage to German computer companies; this would be a good political move even if it did nothing at all to improve security — which may be the case.

Back doors are possible. They can be very difficult to detect. Spies love them, and intelligence agencies will pay well for them, no matter what laws we pass. So once we’re done posturing, maybe we should give some more thought to the problem of doing secure computation on machines we can never entirely trust.

Anonymous Coward says:

“A spokesperson for the Ministry of the Interior said that the aim of the new rule is to..” … exert pressure until Germany can be in Five Eyes too.

They’re hot under the collar that they’re not being treated as equal to the UK and they also have a desire to put one over on France. They wanna join the cool gang.

Coyne Tibbets (profile) says:

Now eating our own

Apparently, Germany is as much into useless laws as we are.

The intelligence agencies will have no problem at all ordering companies to lie in the contracts and, once leakage is discovered, leaving them to take the contract penalties without support.

The U.S. intelligence agencies will now begin destroying companies in their zeal to pursue surveillance.

Chris-Mouse (profile) says:

What about companies like Cisco? The NSA intercepted routers after they left the factory and added spyware to them without the company being aware that it had happened.
Given that sort of activity, no equipment manufactured in the USA can be considered safe. In fact, even equipment that was merely shipped through the United States should be considered suspect until proven otherwise.

Seegras (profile) says:

Re: Re:

Nobody does. But if the laws of a country generally allow these kinds of shenanigans, I’d boycott them.

At least with laws against it, you know the company can not compelled by the government to participate. It may well be some secret agency pulls an NSA and intercepts it for planting bugs, but at least you know it’s not (forced) malfeasance on the part of the supplier.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...