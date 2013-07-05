By Joseph Menn
SAN FRANCISCO, July 3 Silicon Valley has tried
to distance itself from the controversial U.S. surveillance
programs exposed by Edward Snowden, but there is a long history
of close cooperation between technology companies and the
intelligence community.
Former U.S. officials and intelligence sources say the
collaboration between the tech industry and spy agencies is both
broader and deeper than most people realize, dating back to the
formative years of Silicon Valley itself.
As U.S. intelligence agencies accelerate efforts to acquire
new technology and fund research on cybersecurity, they have
invested in start-up companies, encouraged firms to put more
military and intelligence veterans on company boards, and
nurtured a broad network of personal relationships with top
technology executives.
And they are using those connections to carry out specific
espionage missions, current and former officials say, even as
they work with the tech industry to avoid overt cooperation that
might raise the hackles of foreign customers.
Joel Harding, an intelligence officer for the Joint Chiefs
of Staff in the 1990s who went on to work at big defense
contractors Computer Sciences Corp and SAIC,
said spy agencies have at times persuaded companies to alter
their hardware and software products to enable monitoring of
foreign targets.
In one instance several years ago, an intelligence agency
paid a tech company supervisor $50,000 to install tampered
computer chips in machines bound for a customer in a foreign
country so that they could be used for espionage, Harding said,
declining to provide specifics. "They looked exactly the same,
but they changed the chips," he said.
A current U.S. intelligence operative, who spoke on
condition of anonymity, said the government often works through
third parties, in part to shield the big tech companies from
fallout if the operations are discovered.
He cited a case more than a decade ago in which the
government secretly created a computer reselling company to sell
laptops to Asian governments. The reseller bought laptops from a
company called Tadpole Computer, which made machines based on
Sun Microsystems processors. The reseller added secret software
that allowed intelligence analysts to access the machines
remotely.
Tadpole was later bought by defense contractor General
Dynamics Corp in 2005. General Dynamics declined to
comment. Sun's new owner, Oracle Corp, did not respond
to an inquiry.
Despite these secret collaborations, former intelligence
officials and company executives say the great fear of overseas
customers - that widely used U.S. technology products contain a
"back door" accessible only to the National Security Agency or
Central Intelligence Agency - is exaggerated. They said
computers and communications overseas are captured by other
means, including third parties such as the laptop reseller and
special software developed by the agencies.
Defense contractors offer the government the means to break
in to the products of virtually every major software vendor,
according to a product catalogue reviewed by Reuters that was
described as typical for the industry. The NSA
did not respond to a request for comment.
More massive cooperation is rare because big tech companies
sell to many countries and have too much business at stake in
markets like China to risk installing a back door that could be
discovered, said one intelligence veteran who had worked for
Microsoft Corp.
"Microsoft is technically a U.S. company, but it's an
international conglomerate with tons of subsidiaries," he said.
"It's a major part of Microsoft strategy to sell to China." A
spokeswoman for the company declined to comment.
Silicon Valley's relationship with U.S. intelligence
agencies is under scrutiny after Snowden, a former contractor
for the NSA, last month exposed a top secret Internet monitoring
program known as Prism that relied on customer data supplied by
major technology companies.
Google Inc, Microsoft, Facebook Inc and
others scrambled to assure their customers that they only handed
over data for specific intelligence investigations involving
foreign targets, and they denied giving the NSA access to
wholesale client data.
But last weekend, the European Union demanded that
Washington explain its surveillance programs and some European
politicians said there were grounds to break off trade talks.
Others urged citizens to stop relying on U.S.
providers.
HISTORY OF SHARED INTERESTS
The close and symbiotic relationship between U.S. tech
companies and government defense and intelligence agencies is
frequently underplayed in the mythology of Silicon Valley.
Defense contracts were its lifeblood through much of the 1950s
and 1960s. Frederick Terman, who led Allied radio-jamming
efforts in World War II, came to Stanford University with grant
money and counted the founders of Hewlett-Packard Co
among his students.
Varian Associates and other startups, many with ties to
Stanford, got their start in the 1950s with military contracts
for microwave and vacuum-tube technologies that were used in
aerospace projects. In the 1960s, government space and defense
programs, especially the Minuteman missile effort, were the
biggest customers for the Valley's expensive integrated circuit
computer chips. Database software maker Oracle Corp's
first customer was the CIA.
"The birth of Silicon Valley was solving defense problems,"
said Anup Ghosh, whose cybersecurity firm Invincea Inc was
launched in 2009 with funding from the Pentagon's Defense
Advanced Research Projects Agency.
DARPA, which initially funded what became the Internet out
of a desire for a communications network that would survive a
nuclear attack, has intensified its work on Internet security in
recent years and recently launched a "fast-track" program to get
smaller amounts of money to startups more quickly.
Federal cybersecurity spending is expected to reach $11.9
billion next year, up from $8.6 billion in 2010, according to
budget analysts at Deltek.
BUMPS IN THE RELATIONSHIP
The relationship between the Valley and the government has
had its bumps. A low point came in the mid-1990s, when
then-President Bill Clinton pressed the industry to include in
its products a device called the Clipper Chip, which had an
NSA-designed back door to allow for law enforcement
eavesdropping if authorities obtained a warrant.
Civil liberties groups and such technology leaders as
Microsoft and Apple Inc objected, in part because the
code could be broken and presented a security risk, and
eventually the administration backed down.
Stung by that setback, Washington tried harder to learn the
Valley's language. Its most visible initiative was the creation
of In-Q-Tel, a venture capital fund intended to finance
companies whose products were of interest to the CIA and other
agencies.
In-Q-Tel's portfolio now includes security companies such as
FireEye and data analysis firms like Palantir Technologies,
which counts the CIA as a major customer. In-Q-Tel often makes
modest investments in exchange for companies adding specific
features to their products, former employees said. In-Q-Tel
declined to comment.
Government agencies often demand the right to review the
software code of their technology vendors, said former McAfee
Chief Technology Officer Stuart McClure. That could allow them
to spot vulnerabilities that they can use to penetrate the
software when it is installed at other locations.
In other cases, officials and executives said, companies
give the government advance notice of software vulnerabilities,
even before they have warned their own customers - information
that could be used for defense, offense or both.
"The vulnerabilities that are discovered as well as the
potential risks to the infrastructure are now shared at levels
that have never had sharing before," said Dave DeWalt, chief
executive of FireEye and chairman of closely held security firm
Mandiant. DeWalt was previously CEO of No. 2 security software
vendor McAfee, which he said gave early threat warnings to
intelligence agencies.
Chuck Mulloy, a spokesman for current McAfee owner Intel
Corp, said the organization works with governments
around the world but declined to discuss specifics.
In a more formal effort at coordinated defense, NSA Director
Keith Alexander is leading a regular gathering called the
Enduring Security Framework, in which CEOs are given temporary
security clearances.
One outcome of those meetings: a cross-industry effort to
improve the security of the boot-up process on personal
computers, say several people familiar with the project.
"It's a seriously dangerous game they all play," former
Pentagon intelligence officer Harding said of the tech
companies. "They want to help their government, but if it comes
out, it's a serious problem. They are teetering and tottering,
and if they teeter too far, they are going to lose."