NSA Leaks Continue to Pose Challenges for U.S. Firms

 
 
By Robert Lemos  |  Posted 2014-01-11
 
 
 
NSA Leaks

Last year's revelations about the extent to which the U.S. National Security Agency eavesdropped and collected data on other nations, foreign nationals and American citizens continues to cause problems for U.S. companies.

This week, the United Arab Emirates reportedly refused to accept two intelligence satellites from France because they allegedly contained U.S. parts that would allow the NSA to tap into the satellites' encrypted transmissions to ground-based stations. Delivery of the satellites is set for 2018, along with a ground station, but may be delayed as the Middle Eastern nation considers its options.

This is not the first time that other nations have worried about U.S. technology in sensitive products following the revelations of the extent of the NSA's spying activities. Cloud providers and other IT companies have particularly felt the brunt of distrust, a trend that will continue, said John Dickson, a principal with the Denim Group, a provider of secure application technology.

"If your company handles sensitive information from international clients, you need to be ready to answer questions about your organization's cooperation with U.S. law-enforcement and government organizations and how that may affect their business, especially cloud providers," he wrote in Jan. 6 a blog post. "In fact, I'd suggest that you think through these issues now and reach out to your international clients prior to them asking the question."

In June 2013, Edward Snowden, an NSA contractor, left the country and began leaking documents, leading to a steady flow of classified information on the operations and capabilities of the U.S. intelligence agency. From the NSA's bulk collection of data on U.S. citizens to the tapping of communications with allied heads of state, the document provided an unprecedented look into the capabilities and intent of NSA programs.

Yet the revelations have led to widespread distrust of U.S. companies, particularly following leaks revealing the NSA's ability to tap links between cloud providers and the reported $10 million deal with security firm RSA to use a weaker encryption method in one of its products. According to a Dec. 20 Reuters article, the NSA paid the security firm to designate an NSA-designed algorithm, one which the intelligence agency knew it could break, as the default random-number generator for its BSAFE encryption.

The situation now resembles the problem Chinese infrastructure companies face when trying to convince other nations and companies to buy their products. Huawei, for example, built a test lab in the United Kingdom to allow that nation's government to inspect its products. Now companies—such as Microsoft, Google and RSA—have to proactively persuade clients of their trustworthiness. Microsoft, for example, is pursuing a strategy of greater software transparency to convince companies in other nations that its code is secure, said John Pescatore, director of emerging trends for the SANS Institute.

"The Snowden leaks of NSA activities mean that U.S. IT exporters will need to make investments similar to Huawei's in order to convince overseas customers that their technology has not been compromised," he said in the group's bi-weekly NewsBytes newsletter.

Because the NSA has compromised the security of many technology products and services, and other intelligence agencies have similar efforts under way, companies worldwide will likely distance themselves further from governments and cooperate only as far as required under the letter of the law, said Dickson of the Denim Group.

Rocket Fuel