It’s been a hectic week of NSA news in light of Glenn Greenwald’s recently published book, which furthered the revelation that the NSA intercepts (interdicts) hardware from US companies. The agency then reportedly compromises the equipment before it is delivered to overseas customers.
Published pictures imply that Cisco technology is part of the class of equipment captured in-transit, before it is received by foreign buyers, and weakened so that the NSA might have greater insight into activity that it helps maintain. In short, the NSA is allegedly hacking American hardware that is sold abroad.
This is akin to what the United States government has warned that Chinese companies are doing on behalf of their local government.
Today, a letter from Cisco CEO John Chambers enjoyed wide circulation. It states that if the NSA revelations are correct, and the pictures accurate, the actions of the agency “undermine confidence in our industry and in the ability [of] technology companies to deliver product globally.” That’s putting it mildly.
Chambers called for a new “standards of conduct,” indicating that, sans reforms, the globe could end up with “a fragmented Internet.” Chambers went on to state that “Cisco does not work with any government, including the United States Government, to weaken [its] products.”
In an interview this morning, Senator Dianne Feinstein, Chairman of the United States Senate Select Committee on Intelligence, said that the interdiction program that has been variously reported over the course of several revelations “does not sound familiar.”
There’s an implicit counter-argument here that I think applies to much of the recent course of NSA revelations: That if only the programs had not come to light, the harm to American companies and citizens would have been nonexistent. This is a treatment of the ‘ignorance is bliss’ cliché writ national.
(I call it the Scooby Doo defense: “And I would have gotten away with it too, if it weren’t for you meddling kids.”)
The gist of the idea is that if not for Snowden et al, the programs that are now causing trouble would not be, as they would still be secret. It’s a weak view at best as it presumes that programs that impact United States citizens should remain occluded regardless of scale or domestic impact, while infusing the problem of hubris — the NSA is hardly working to merely maintain is operational capabilities. As such, what was uncovered would have been a fraction of what would have been unturned a half decade from now.
And the scale at play and prior trickle of revelations likely made a leak of significant size at some point unavoidable. So to point the blame externally isn’t too fortress a defense.
Also component to the above is the idea that the NSA — and therefore the Federal government — has the right to insert itself between, say, Cisco and one of its customers, on a chronic scale that weakens their products on a per-unit basis. Does the Federal government not make mistakes? What happens if its handiwork causes Cisco technology to fail, thus causing that company’s business to suffer? Would it apologize? You can answer that one.