U.S. Cyber-Surveillance Demands Keep IT Innovation Offshore

NEWS ANALYSIS: IT companies in Europe and elsewhere are working hard on new technologies in places beyond the reach of the U.S. government worries about cyber-surveillance.

Government cyber-security 2

BUDAPEST—A number of security companies with some of the newest and most effective technology available for fighting cyber-threats against enterprises are working outside the United States and some of its closest allies.

The reasons aren't particularly surprising, given the attention in Europe to the efforts by the Federal Bureau of Investigation to force Apple to reveal the contents of an iPhone used by a terrorist in a California mass killing.

Then, there is the effort by the U.S. Department of Justice to force Microsoft to disgorge the contents of email services running in Europe. European companies have watched these developments with considerable alarm and they're doing what they can to keep their work beyond the reach of the FBI and the Justice Department.

For that matter, so are some U.S. companies. Microsoft announced during CeBIT in March of 2015 that the company was opening new data centers in Europe that would not be accessible from the U.S.

Those data centers would support cloud computing and storage for European customers, while remaining beyond the reach of the U.S. Government. This move was in direct response to the efforts by the DoJ to force Microsoft to reveal the contents of messages stored servers stored in Europe.

Balázs Scheidler, CTO and co-founder of Balabit Corp, an IT security company whose customers include Facebook, T-Mobile and the European Aeronautic Defense and Space Company (EADS), said that while he understands that the U.S. and its allies have to protect their citizens, it's not necessarily fair to companies outside of their borders.

Scheidler said that he is concerned that if Balabit developed its products in the U.S. he could be forced to implement back doors or other means of access into his products.

He cited the case of the now defunct Texas-based Lavabit encrypted email service, which went out of business in August, 2013 after the U.S. government demanded the company turn over the secure sockets layer encryption keys to enable it to gain access to the email of fugitive former National Security Agency analyst Edward Snowden.

And Balabit isn't the only European company with those concerns. I've spoken with several security companies in the Middle East and Europe, and while they declined to speak on the record, those companies said privately that they didn't want to be in the position of having to comply with U.S. court orders, or with National Security Letters from the FBI.

Scheidler said that the Apple case was especially worrying, "The FBI wants to force them to embed a back door." He said that in the security industry they always try to create secure solutions, and "this is exactly the opposite."

"I'm not sure that anti-terrorism efforts really need that kind of leverage in order to fight it," Scheidler said. He noted that while some companies may have difficulty fighting off terrorists and cyber-attackers, he thinks that a nation with the resources of the U.S. shouldn't have much trouble.

"Embedding back doors into security products is not required," he said, adding that if the U.S. did start mandating such things, every other nation could require the same thing.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...