Germany Plans To Ban Computer Companies That Work With NSA From Sensitive Public Contracts

from the hidden-costs-of-hidden-backdoors dept

As early as June last year, Techdirt noted that beyond the political fallout of NSA spying, there is a considerable risk that there will be serious economic consequences too. That's because other countries are now aware that one way the NSA has been obtaining sensitive information is through US computer products that have secret backdoors added in some way. In that post, we mentioned that Sweden had banned the country's public bodies from using Google Apps; it looks like Germany is going even further, as reported here in the international edition of the German newspaper Süddeutsche Zeitung:

Germany's black-red "grand coalition" government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them -- nor can they be coerced -- to pass on confidential data to foreign secret services or security authorities.

The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with "strategic partners," as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.

But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent "the flow of data worth protecting to foreign security authorities."
It's not yet clear how that new policy will work in practice. The article goes on to point out that one particular company, Computer Sciences Corporation (CSC), known to work for the US secret services, has been receiving plenty of lucrative German government contracts, including testing the German Federal Criminal Police Office's "state Trojan", which we wrote about in 2012, and working with the German Ministry of Justice and Ministry of the Interior. Even if the effects of the new policy are hard to see so far, it's indicative of how the German government is starting to think about and react to the spying revelations. And as further details of NSA subversion of US computer equipment emerge, other governments around the world may well start to do the same.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    John, May 21st, 2014 @ 1:23am

    Hit these US companies where it hurts, especially the big ones, and we might see some pressure applied to Congress or the President.

    These big companies regularly bribelobby with huge sums of money for campaign donations. A few words in the right ears might see some changes made.

    Maybe such a corrupt system can work for good, for once.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 1:25am

    Uh huh. Buh bye Microsoft!

    http://www.networkworld.com/community/blog/german-government-claims-windows-8-has-backdoor -big-enough-drive-bus-through-sideways

    I actually think all governments should be banning proprietary software for their own institutions. They should be working only with fully auditable open source software, and instead of using taxpayer public money to enrich private American corporations, they should be using them to fund open source projects that everyone will benefit from for decades.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Rikuo (profile), May 21st, 2014 @ 1:27am

    Aren't the Germans doing the exact same thing that the NSA is doing? So pot, meet kettle.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 1:44am

    Re:

    No, they aren't doing the "exact same thing as NSA". NSA is tapping the world's Internet cables and spying everyone in real-time. All spying is not equal, just like targetted spying is very different from mass spying.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 1:49am

    And NSA will tell all its strategic partners to lie to foreign governments.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 3:04am

    Re: Instructions to strategic partners

    an avalanche starts with the movement of a few pebbles, it looks like Germany is groping for a clear-cut test it's bureaucracy can apply, the Germans are smart, they will find something eventually that dodges treaty commitments and protects confidential information.

    Given the NSA's brief they will instruct their (reluctant) strategic partners to lie. It will not hurt the tax revenues of the US government, the big companies don't pay tax anyway. and if the foreign contracts of US companies dry up, the NSA will look for new strategic partners, the might team with the CIA and place "Agents of Influence" in foreign IT companies, they might break in and place taps in data-centers. It only means the NSA will need an increased budget to keep the insane flow of information coming in at the current insane rate.

    Bet you they get the budget increase they "Need".

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 3:21am

    Re:

    Maybe, but the NSA got caught, and have done significant criminal cracking against foreign businesses for private exploitation.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Whatever, May 21st, 2014 @ 3:30am

    Re: Re: Instructions to strategic partners

    It seems more like a public / politican answer from canny politicians that know nobody is actually going to check this out. So they can put these rules in place, but everyone will be just under the threshold and therefore no blocking.

    Call it a political move rather than one with any real teeth.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Andypandy, May 21st, 2014 @ 4:58am

    Funny

    I seriously hope that they lose the support of all the companies that bribe them every day. It would be cool to see both political parties forced to claim bankruptcy due to insufficient funds.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Paul Renault (profile), May 21st, 2014 @ 5:01am

    I hope the US companies take a look at Germany's record with energy policy.

    When they declared that they would phase out nuclear without increasing carbon-intensive energy source, many of the usual talking heads pooh-poohed them.

    They're making some progress towards it.

    Now, they're targeting NSA-'compliant' companies. They'll be selling their own routing equipment soon... Heh.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 5:13am

    Re:

    If they were, you would have read about it about 2 weeks after they started. Our intelligence agencies (or any governmental agencies) are that incompetent.

    regardless, this regulation will mean nothing, because the IT contracts that are awarded now are all a botched and unusable mess to the point were the NSA wouldn't even have to crack security measures, just take one of the ten thousand loopholes per application.

    I have seen some of those IT projects, Microsoft and adobe together can't create as many problems, bugs and issues together than any single IT project over here has.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 5:22am

    From time to time, these canny politician answers get a life of their own, beyond the vague, glib response it was intended as.

    The information at risk has a value, and a real risk if used against those it belongs to.

    The NSA and counterpoints will not stop seeking this information, this will drive concern on the vulnerability of the information. And no end of secret NSA briefings to it's "Political Masters" will dispel growing doubts.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 5:24am

    Re: I hope the US companies take a look at Germany's record with energy policy.

    haha, that renewable energy program is heading for disaster. It doesn't work. The "renewable energy sources" are destabilizing the power grid to a point that management becomes almost impossible. Also the output of CO2 has increased significantly because there is much more need for powerstations to regulate the power grid.

    This mess is insanely expensive, does not what it is supposed to do and seriously endangers the stability of power grid.

    It is a all around botched job out of ideological motives with no scientific and engineering competence to make it work. Worse even, a stable power grid just with renewable energy is plain impossible (no storage mechanism for excess power is available at all on the level necessary and won't be for a very long time, if ever).

    And that is only par for the course when it comes to large projects. They are reliable to fuck up every even moderately large project and the only reason small projects may work is initiative (and breaking of contracts, ignoring conditions and so on) of very few to just get things done.

    If any of our politicians are anouncing a program to "fix" things, you can be certain that at best nothing will change but usually they manage to make things much worse.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Mr. Oizo, May 21st, 2014 @ 6:40am

    In 3 days its election time here.

    _of course_ they have to have plans like that. Will never materialize though.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    madasahatter (profile), May 21st, 2014 @ 7:02am

    Following China

    It seems as if several countries are beginning a migration to Linux and other FOSS projects due to the NSA.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    John Fenderson (profile), May 21st, 2014 @ 8:01am

    Re:

    I agree. Even if it doesn't alter the actions of the federal government, it might at least make companies less eager to take these sorts of contracts.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), May 21st, 2014 @ 8:03am

    Re: Re: Re: Instructions to strategic partners

    "know nobody is actually going to check this out"

    If that's what they think, then they're making a really bad miscalculation. This will be widely and closely watched.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Beta (profile), May 21st, 2014 @ 8:16am

    Reflections on Trusting Trust

    These new rules appeal to public outrage and give commercial advantage to German computer companies; this would be a good political move even if it did nothing at all to improve security -- which may be the case.

    Back doors are possible. They can be very difficult to detect. Spies love them, and intelligence agencies will pay well for them, no matter what laws we pass. So once we're done posturing, maybe we should give some more thought to the problem of doing secure computation on machines we can never entirely trust.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    etrimby, May 21st, 2014 @ 8:38am

    any company that cannot guarantee that foreign services or authorities will not obtain any of their data
    What company can guarantee that?

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    AricTheRed (profile), May 21st, 2014 @ 8:40am

    Am I crazy, or...?

    ...wouldn't this mean that the German govenment would effectively forbid a contract being awarded to ANY US company as they are all subject to NSLs? (National Security Letters)

    It would seem to me that would include banks, any technology service company, any company...?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 9:06am

    "A spokesperson for the Ministry of the Interior said that the aim of the new rule is to.." ... exert pressure until Germany can be in Five Eyes too.

    They're hot under the collar that they're not being treated as equal to the UK and they also have a desire to put one over on France. They wanna join the cool gang.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 10:59am

    Re: Re: I hope the US companies take a look at Germany's record with energy policy.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Coyne Tibbets (profile), May 21st, 2014 @ 11:05am

    Now eating our own

    Apparently, Germany is as much into useless laws as we are.

    The intelligence agencies will have no problem at all ordering companies to lie in the contracts and, once leakage is discovered, leaving them to take the contract penalties without support.

    The U.S. intelligence agencies will now begin destroying companies in their zeal to pursue surveillance.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Chris-Mouse (profile), May 21st, 2014 @ 11:40am

    What about companies like Cisco? The NSA intercepted routers after they left the factory and added spyware to them without the company being aware that it had happened.
    Given that sort of activity, no equipment manufactured in the USA can be considered safe. In fact, even equipment that was merely shipped through the United States should be considered suspect until proven otherwise.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, May 21st, 2014 @ 12:52pm

    This is the kind of thing i would expect from a true honest intentioned cyber security DEFENCE, instead of "cyber security" TOOLS TO OFFENSIVELY INFRINGE ON PEOPLES RIGHTS TO THEIR OWN LIVES GIVEN NO choice.......Ahem, excuse me......CHOICE

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    Groaker (profile), May 21st, 2014 @ 3:35pm

    While I would agree with the Germans on this issue, how would they know which ones have been so infected? How would the rest of us know which ones the Germans (and anyone else) have infected?

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Seegras (profile), May 22nd, 2014 @ 5:35am

    Re: Am I crazy, or...?

    Right. No, you are not crazy. The NSLs are.

    I tell you to hand over all data on all your customers, and you can't tell anyone? This is obviously something out of a fascist regimes repertoire.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Seegras (profile), May 22nd, 2014 @ 7:42am

    Re:

    Nobody does. But if the laws of a country generally allow these kinds of shenanigans, I'd boycott them.

    At least with laws against it, you know the company can not compelled by the government to participate. It may well be some secret agency pulls an NSA and intercepts it for planting bugs, but at least you know it's not (forced) malfeasance on the part of the supplier.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.