Strong ties bind spy agencies, Silicon Valley

 04 Jul 2013 - 2:17

By Joseph Menn

Silicon Valley has tried to distance itself from the controversial US surveillance programmes exposed by Edward Snowden, but there is a long history of close cooperation between technology companies and the intelligence community.

Former US officials and intelligence sources say the collaboration between the tech industry and spy agencies is both broader and deeper than most people realise, dating back to the formative years of Silicon Valley itself.

As US intelligence agencies accelerate efforts to acquire new technology and fund research on cybersecurity, they have invested in start-up companies, encouraged firms to put more military and intelligence veterans on company boards, and nurtured a broad network of personal relationships with top technology executives.

And they are using those connections to carry out specific espionage missions, current and former officials say, even as they work with the tech industry to avoid overt cooperation that might raise the hackles of foreign customers.

Joel Harding, an intelligence officer for the Joint Chiefs of Staff in the 1990s who went on to work at big defence contractors Computer Sciences Corp and SAIC, said spy agencies have at times persuaded companies to alter their hardware and software products to enable monitoring of foreign targets.

In one instance several years ago, an intelligence agency paid a tech company supervisor $50,000 to install tampered computer chips in machines bound for a customer in a foreign country so that they could be used for espionage, Harding said, declining to provide specifics.

A current US intelligence operative, who spoke on condition of anonymity, said the government often works through third parties, in part to shield the big tech companies from fallout if the operations are discovered.

He cited a case more than a decade ago in which the government secretly created a computer reselling company to sell laptops to Asian governments. The reseller bought laptops from a company called Tadpole Computer, which made machines based on Sun Microsystems processors. The reseller added secret software that allowed intelligence analysts to access the machines remotely.

Tadpole was later bought by defence contractor General Dynamics Corp in 2005. 

Despite these secret collaborations, former intelligence officials and company executives say the great fear of overseas customers — that widely used US technology products contain a “back door” accessible only to the National Security Agency or Central Intelligence Agency — is exaggerated. They said computers and communications overseas are captured by other means, including third parties such as the laptop reseller and special software developed by the agencies.

Defence contractors offer the government the means to break into the products of virtually every major software vendor.

More massive cooperation is rare because big tech companies sell to many countries and have too much business at stake in markets like China to risk installing a back door that could be discovered, said one intelligence veteran who had worked for Microsoft Corp.

Silicon Valley’s relationship with US intelligence agencies is under scrutiny after Snowden, a former contractor for the NSA, last month exposed a top secret Internet monitoring programme known as Prism that relied on customer data supplied by major technology companies.

Google Inc, Microsoft, Facebook Inc and others scrambled to assure their customers that they only handed over data for specific intelligence investigations involving foreign targets, and they denied giving the NSA access to wholesale client data.

But last weekend, the European Union demanded that Washington explain its surveillance programmes and some European politicians said there were grounds to break off trade talks. Others urged citizens to stop relying on US providers.

 

SHARED INTERESTS

The close and symbiotic relationship between US tech companies and government defence and intelligence agencies is frequently underplayed in the mythology of Silicon Valley. Defence contracts were its lifeblood through much of the 1950s and 1960s. Frederick Terman, who led Allied radio-jamming efforts in World War II, came to Stanford University with grant money and counted the founders of Hewlett-Packard Co among his students.

Varian Associates and other start-ups, many with ties to Stanford, got their start in the 1950s with military contracts for microwave and vacuum-tube technologies that were used in aerospace projects. In the 1960s, government space and defence programmes, especially the Minuteman missile effort, were the biggest customers for the Valley’s expensive integrated circuit computer chips. Database software maker Oracle Corp’s first customer was the CIA.

“The birth of Silicon Valley was solving defense problems,” said Anup Ghosh, whose cybersecurity firm Invincea Inc was launched in 2009 with funding from the Pentagon’s Defense Advanced Research Projects Agency.

Federal cybersecurity spending is expected to reach $11.9bn next year, up from $8.6 billion in 2010, according to budget analysts at Deltek.

 

LEARNING VALLEY’S LANGUAGE

Washington has tried harder to learn the Valley’s language. Its most visible initiative has been the creation of In-Q-Tel, a venture capital fund intended to finance companies whose products are of interest to the CIA and other agencies. In-Q-Tel often makes modest investments in exchange for companies adding specific features to their products, former employees said. 

Government agencies often demand the right to review the software code of their technology vendors, said former McAfee Chief Technology Officer Stuart McClure. That could allow them to spot vulnerabilities that they can use to penetrate the software when it is installed at other locations.

In other cases, officials and executives said, companies give the government advance notice of software vulnerabilities, even before they have warned their own customers — information that could be used for defence, offence or both.

In a more formal effort at coordinated defence, NSA Director Keith Alexander is leading a regular gathering called the Enduring Security Framework, in which CEOs are given temporary security clearances.

“It’s a seriously dangerous game they all play,” former Pentagon intelligence officer Harding said of the tech companies. “They want to help their government, but if it comes out, it’s a serious problem. They are teetering and tottering, and if they teeter too far, they are going to lose.”

Reuters

 

By Joseph Menn

Silicon Valley has tried to distance itself from the controversial US surveillance programmes exposed by Edward Snowden, but there is a long history of close cooperation between technology companies and the intelligence community.

Former US officials and intelligence sources say the collaboration between the tech industry and spy agencies is both broader and deeper than most people realise, dating back to the formative years of Silicon Valley itself.

As US intelligence agencies accelerate efforts to acquire new technology and fund research on cybersecurity, they have invested in start-up companies, encouraged firms to put more military and intelligence veterans on company boards, and nurtured a broad network of personal relationships with top technology executives.

And they are using those connections to carry out specific espionage missions, current and former officials say, even as they work with the tech industry to avoid overt cooperation that might raise the hackles of foreign customers.

Joel Harding, an intelligence officer for the Joint Chiefs of Staff in the 1990s who went on to work at big defence contractors Computer Sciences Corp and SAIC, said spy agencies have at times persuaded companies to alter their hardware and software products to enable monitoring of foreign targets.

In one instance several years ago, an intelligence agency paid a tech company supervisor $50,000 to install tampered computer chips in machines bound for a customer in a foreign country so that they could be used for espionage, Harding said, declining to provide specifics.

A current US intelligence operative, who spoke on condition of anonymity, said the government often works through third parties, in part to shield the big tech companies from fallout if the operations are discovered.

He cited a case more than a decade ago in which the government secretly created a computer reselling company to sell laptops to Asian governments. The reseller bought laptops from a company called Tadpole Computer, which made machines based on Sun Microsystems processors. The reseller added secret software that allowed intelligence analysts to access the machines remotely.

Tadpole was later bought by defence contractor General Dynamics Corp in 2005. 

Despite these secret collaborations, former intelligence officials and company executives say the great fear of overseas customers — that widely used US technology products contain a “back door” accessible only to the National Security Agency or Central Intelligence Agency — is exaggerated. They said computers and communications overseas are captured by other means, including third parties such as the laptop reseller and special software developed by the agencies.

Defence contractors offer the government the means to break into the products of virtually every major software vendor.

More massive cooperation is rare because big tech companies sell to many countries and have too much business at stake in markets like China to risk installing a back door that could be discovered, said one intelligence veteran who had worked for Microsoft Corp.

Silicon Valley’s relationship with US intelligence agencies is under scrutiny after Snowden, a former contractor for the NSA, last month exposed a top secret Internet monitoring programme known as Prism that relied on customer data supplied by major technology companies.

Google Inc, Microsoft, Facebook Inc and others scrambled to assure their customers that they only handed over data for specific intelligence investigations involving foreign targets, and they denied giving the NSA access to wholesale client data.

But last weekend, the European Union demanded that Washington explain its surveillance programmes and some European politicians said there were grounds to break off trade talks. Others urged citizens to stop relying on US providers.

 

SHARED INTERESTS

The close and symbiotic relationship between US tech companies and government defence and intelligence agencies is frequently underplayed in the mythology of Silicon Valley. Defence contracts were its lifeblood through much of the 1950s and 1960s. Frederick Terman, who led Allied radio-jamming efforts in World War II, came to Stanford University with grant money and counted the founders of Hewlett-Packard Co among his students.

Varian Associates and other start-ups, many with ties to Stanford, got their start in the 1950s with military contracts for microwave and vacuum-tube technologies that were used in aerospace projects. In the 1960s, government space and defence programmes, especially the Minuteman missile effort, were the biggest customers for the Valley’s expensive integrated circuit computer chips. Database software maker Oracle Corp’s first customer was the CIA.

“The birth of Silicon Valley was solving defense problems,” said Anup Ghosh, whose cybersecurity firm Invincea Inc was launched in 2009 with funding from the Pentagon’s Defense Advanced Research Projects Agency.

Federal cybersecurity spending is expected to reach $11.9bn next year, up from $8.6 billion in 2010, according to budget analysts at Deltek.

 

LEARNING VALLEY’S LANGUAGE

Washington has tried harder to learn the Valley’s language. Its most visible initiative has been the creation of In-Q-Tel, a venture capital fund intended to finance companies whose products are of interest to the CIA and other agencies. In-Q-Tel often makes modest investments in exchange for companies adding specific features to their products, former employees said. 

Government agencies often demand the right to review the software code of their technology vendors, said former McAfee Chief Technology Officer Stuart McClure. That could allow them to spot vulnerabilities that they can use to penetrate the software when it is installed at other locations.

In other cases, officials and executives said, companies give the government advance notice of software vulnerabilities, even before they have warned their own customers — information that could be used for defence, offence or both.

In a more formal effort at coordinated defence, NSA Director Keith Alexander is leading a regular gathering called the Enduring Security Framework, in which CEOs are given temporary security clearances.

“It’s a seriously dangerous game they all play,” former Pentagon intelligence officer Harding said of the tech companies. “They want to help their government, but if it comes out, it’s a serious problem. They are teetering and tottering, and if they teeter too far, they are going to lose.”

Reuters