Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts
from the hidden-costs-of-hidden-backdoors dept
As early as June last year, Techdirt noted that beyond the political fallout of NSA spying, there is a considerable risk that there will be serious economic consequences too. That’s because other countries are now aware that one way the NSA has been obtaining sensitive information is through US computer products that have secret backdoors added in some way. In that post, we mentioned that Sweden had banned the country’s public bodies from using Google Apps; it looks like Germany is going even further, as reported here in the international edition of the German newspaper Süddeutsche Zeitung:
Germany’s black-red “grand coalition” government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them — nor can they be coerced — to pass on confidential data to foreign secret services or security authorities.
The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with “strategic partners,” as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.
But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent “the flow of data worth protecting to foreign security authorities.”
It’s not yet clear how that new policy will work in practice. The article goes on to point out that one particular company, Computer Sciences Corporation (CSC), known to work for the US secret services, has been receiving plenty of lucrative German government contracts, including testing the German Federal Criminal Police Office’s “state Trojan”, which we wrote about in 2012, and working with the German Ministry of Justice and Ministry of the Interior. Even if the effects of the new policy are hard to see so far, it’s indicative of how the German government is starting to think about and react to the spying revelations. And as further details of NSA subversion of US computer equipment emerge, other governments around the world may well start to do the same.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: contractors, germany, nsa, privacy
Comments on “Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts”
Hit these US companies where it hurts, especially the big ones, and we might see some pressure applied to Congress or the President.
These big companies regularly bribelobby with huge sums of money for campaign donations. A few words in the right ears might see some changes made.
Maybe such a corrupt system can work for good, for once.
Re: Re:
I agree. Even if it doesn’t alter the actions of the federal government, it might at least make companies less eager to take these sorts of contracts.
Uh huh. Buh bye Microsoft!
http://www.networkworld.com/community/blog/german-government-claims-windows-8-has-backdoor-big-enough-drive-bus-through-sideways
I actually think all governments should be banning proprietary software for their own institutions. They should be working only with fully auditable open source software, and instead of using taxpayer public money to enrich private American corporations, they should be using them to fund open source projects that everyone will benefit from for decades.
Aren’t the Germans doing the exact same thing that the NSA is doing? So pot, meet kettle.
Re: Re:
No, they aren’t doing the “exact same thing as NSA”. NSA is tapping the world’s Internet cables and spying everyone in real-time. All spying is not equal, just like targetted spying is very different from mass spying.
Re: Re:
Maybe, but the NSA got caught, and have done significant criminal cracking against foreign businesses for private exploitation.
Re: Re:
If they were, you would have read about it about 2 weeks after they started. Our intelligence agencies (or any governmental agencies) are that incompetent.
regardless, this regulation will mean nothing, because the IT contracts that are awarded now are all a botched and unusable mess to the point were the NSA wouldn’t even have to crack security measures, just take one of the ten thousand loopholes per application.
I have seen some of those IT projects, Microsoft and adobe together can’t create as many problems, bugs and issues together than any single IT project over here has.
And NSA will tell all its strategic partners to lie to foreign governments.
Re: Instructions to strategic partners
an avalanche starts with the movement of a few pebbles, it looks like Germany is groping for a clear-cut test it’s bureaucracy can apply, the Germans are smart, they will find something eventually that dodges treaty commitments and protects confidential information.
Given the NSA’s brief they will instruct their (reluctant) strategic partners to lie. It will not hurt the tax revenues of the US government, the big companies don’t pay tax anyway. and if the foreign contracts of US companies dry up, the NSA will look for new strategic partners, the might team with the CIA and place “Agents of Influence” in foreign IT companies, they might break in and place taps in data-centers. It only means the NSA will need an increased budget to keep the insane flow of information coming in at the current insane rate.
Bet you they get the budget increase they “Need”.
Re: Re: Instructions to strategic partners
It seems more like a public / politican answer from canny politicians that know nobody is actually going to check this out. So they can put these rules in place, but everyone will be just under the threshold and therefore no blocking.
Call it a political move rather than one with any real teeth.
Re: Re: Re: Instructions to strategic partners
“know nobody is actually going to check this out”
If that’s what they think, then they’re making a really bad miscalculation. This will be widely and closely watched.
Funny
I seriously hope that they lose the support of all the companies that bribe them every day. It would be cool to see both political parties forced to claim bankruptcy due to insufficient funds.
I hope the US companies take a look at Germany's record with energy policy.
When they declared that they would phase out nuclear without increasing carbon-intensive energy source, many of the usual talking heads pooh-poohed them.
They’re making some progress towards it.
Now, they’re targeting NSA-‘compliant’ companies. They’ll be selling their own routing equipment soon… Heh.
Re: I hope the US companies take a look at Germany's record with energy policy.
haha, that renewable energy program is heading for disaster. It doesn’t work. The “renewable energy sources” are destabilizing the power grid to a point that management becomes almost impossible. Also the output of CO2 has increased significantly because there is much more need for powerstations to regulate the power grid.
This mess is insanely expensive, does not what it is supposed to do and seriously endangers the stability of power grid.
It is a all around botched job out of ideological motives with no scientific and engineering competence to make it work. Worse even, a stable power grid just with renewable energy is plain impossible (no storage mechanism for excess power is available at all on the level necessary and won’t be for a very long time, if ever).
And that is only par for the course when it comes to large projects. They are reliable to fuck up every even moderately large project and the only reason small projects may work is initiative (and breaking of contracts, ignoring conditions and so on) of very few to just get things done.
If any of our politicians are anouncing a program to “fix” things, you can be certain that at best nothing will change but usually they manage to make things much worse.
Re: Re: I hope the US companies take a look at Germany's record with energy policy.
Time for a little mythbusting: http://www.smartplanet.com/blog/intelligent-energy/myth-busting-germanys-energy-transition/
From time to time, these canny politician answers get a life of their own, beyond the vague, glib response it was intended as.
The information at risk has a value, and a real risk if used against those it belongs to.
The NSA and counterpoints will not stop seeking this information, this will drive concern on the vulnerability of the information. And no end of secret NSA briefings to it’s “Political Masters” will dispel growing doubts.
In 3 days its election time here.
_of course_ they have to have plans like that. Will never materialize though.
Following China
It seems as if several countries are beginning a migration to Linux and other FOSS projects due to the NSA.
Reflections on Trusting Trust
These new rules appeal to public outrage and give commercial advantage to German computer companies; this would be a good political move even if it did nothing at all to improve security — which may be the case.
Back doors are possible. They can be very difficult to detect. Spies love them, and intelligence agencies will pay well for them, no matter what laws we pass. So once we’re done posturing, maybe we should give some more thought to the problem of doing secure computation on machines we can never entirely trust.
What company can guarantee that?
Am I crazy, or...?
…wouldn’t this mean that the German govenment would effectively forbid a contract being awarded to ANY US company as they are all subject to NSLs? (National Security Letters)
It would seem to me that would include banks, any technology service company, any company…?
Re: Am I crazy, or...?
Right. No, you are not crazy. The NSLs are.
I tell you to hand over all data on all your customers, and you can’t tell anyone? This is obviously something out of a fascist regimes repertoire.
“A spokesperson for the Ministry of the Interior said that the aim of the new rule is to..” … exert pressure until Germany can be in Five Eyes too.
They’re hot under the collar that they’re not being treated as equal to the UK and they also have a desire to put one over on France. They wanna join the cool gang.
Now eating our own
Apparently, Germany is as much into useless laws as we are.
The intelligence agencies will have no problem at all ordering companies to lie in the contracts and, once leakage is discovered, leaving them to take the contract penalties without support.
The U.S. intelligence agencies will now begin destroying companies in their zeal to pursue surveillance.
What about companies like Cisco? The NSA intercepted routers after they left the factory and added spyware to them without the company being aware that it had happened.
Given that sort of activity, no equipment manufactured in the USA can be considered safe. In fact, even equipment that was merely shipped through the United States should be considered suspect until proven otherwise.
This is the kind of thing i would expect from a true honest intentioned cyber security DEFENCE, instead of “cyber security” TOOLS TO OFFENSIVELY INFRINGE ON PEOPLES RIGHTS TO THEIR OWN LIVES GIVEN NO choice…….Ahem, excuse me……CHOICE
While I would agree with the Germans on this issue, how would they know which ones have been so infected? How would the rest of us know which ones the Germans (and anyone else) have infected?
Re: Re:
Nobody does. But if the laws of a country generally allow these kinds of shenanigans, I’d boycott them.
At least with laws against it, you know the company can not compelled by the government to participate. It may well be some secret agency pulls an NSA and intercepts it for planting bugs, but at least you know it’s not (forced) malfeasance on the part of the supplier.