© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
September 6, 2013 7:45 pm
A range of US hardware and software companies are in danger of being dragged into the widening scandal over internet surveillance, following the latest leaks from Edward Snowden, the former National Security Agency contractor.
The leaked documents include NSA claims that it has collaborated with technology companies to plant “back doors” into their systems – or ways for the agency secretly to penetrate systems without the users’ knowledge.
“They’re crossing a line – if they’re putting back doors into the software itself, it’s a serious problem,” said Mark Anderson, a US technology commentator.
The Snowden leaks have already proved deeply embarrassing to US internet companies, after it was revealed that they had complied with secret US court orders to hand over information about their users and, in some cases, set up systems to facilitate the transfer of the data.
However, the latest disclosures threaten to draw a wider number of companies into the scandal, potentially undermining international confidence in their products.
“How would it be if your doctor put rat poison in your medicine? Highly damaging,” said Bruce Schneier, a US computer security expert.
In one document, the NSA referred to a programme designed to “insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communication devices used by targets”.
The documents outline attempts by the NSA and Britain’s GCHQ listening post to break the encryption systems that ensure the privacy of internet communications, commerce and banking.
The agency “actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs”, another document stated.
The attempts to break common internet encryption methods were first outlined by The Guardian, to which Mr Snowden leaked the documents, as well as The New York Times and ProPublica, with which it shared them.
The White House defended the NSA’s work to defeat encryption. In a statement on Friday, the office of the director of national intelligence, James Clapper, said that the intelligence establishment “would not be doing its job” if it wasn’t trying to crack code used by “terrorists, cybercriminals, human traffickers and others.”
It went on to attack publication of the agency’s activities for giving a “road map… to our adversaries about the specific techniques we are using to try to intercept their communications”.
The disclosures are set to trigger distrust of US technology suppliers elsewhere in the world, industry analysts said, with a particular risk of a backlash in China, given the long-running US claims that communications equipment made by Chinese companies posed a security risk.
“We’ve seen this already with Chinese companies – now we’ll see it with US companies, and maybe next companies from the UK and other countries,” said Mr Anderson.
Some computer security experts said that official attempts to plant back doors were likely to play only a small part in overall efforts to compromise IT systems.
“Computer security is still in such a [bad] state that you don’t need to insert a back door,” said Paul Kocher, a US cryptography expert. “If the front door is locked, you can just go in through a side window.”
The latest Snowden revelations did not refer to any technology companies by name as having collaborated with the intelligence services. Intel and Cisco Systems both repeated earlier denials that they had ever put back doors in any of their products.
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in