UK companies warned of the risk of buying malware-infested routers and servers from Chinese suppliers have just as much to fear from US vendors – according to a new book which says the NSA spy agency routinely plants backdoors in high-tech kit being exported from America before packing it up again and shipping it out.
The book, ‘No Place to Hide' by journalist Glenn Greenwald, was published on Tuesday and is based on the Snowden revelations. In a preview in The Guardian on 12 May, Greenwald said: “A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to their international customers.
“The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.”
Greenwald added: “It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same.”
Commenting on the claims, leading privacy expert Stewart Room, who is writing a book on cyber security law before becoming a partner in PwC's Legal division, told SCMagazineUK.com via email: “Many people will be deeply alarmed if backdoors have been built into routers and similar equipment for the benefit of intelligence agencies.
“If such facilities do exist, they will be hard to justify from a legal perspective. I anticipate that some members of the European Commission and Parliament will be deeply troubled, due to the importance of data protection law within the European Union.”
But Room added: “What is most noticeable about the Snowden disclosures is that they have not played out massively as a concern to the average citizen. Most people do not seem to unduly bothered by them. This may suggest that people do not see a personal impact of surveillance.”
Giving an ‘industry' view, Steve Durbin, chair of the Information Security Forum (ISF) cyber security advisory organisation, told SCMagazineUK.com via email that the NSA disclosures “have signalled that large-scale state-sponsored espionage is acceptable”.
Durbin said: “Revelations about the extent of governmental intervention in the internet has fundamentally changed perceptions of cybersecurity for everyone. The workings behind what was once a secretive industry, apparently conforming to democratic checks and balances, are out in the open.”
But privacy campaigner Emma Carr, acting director of Big Brother Watch, said the revelations undermine the West's ability to take the moral high ground on cyber security.
“Democratic nations instantly lose the right to lecture on internet freedom and cyber security the moment our own devices are compromised,” she told SCMagazineUK.com via email.
“Governments absolutely should not be undermining cyber security to facilitate greater data gathering, especially when carried out without a clear legal framework or public debate. It is also clear that the NSA's commercial partnerships to weaken security products totally undermines individual security, making the infrastructure and commercial systems like online banking more vulnerable.”
* The NSA expose caps a bad few days for Western intelligence after the Commons Home Affairs Select Committee concluded last Friday that the UK Government's oversight of GCHQ is ‘weak' and ‘ineffective'.
The Committee of 11 MPs from the three main political parties, chaired by Labour's Keith Vaz, reported: “The security and intelligence agencies are staffed by brave men and women who in many cases risk their lives to protect this country. They deserve our gratitude and they deserve to be honoured for their work. The best way to honour them is by ensuring that there are no questions about their integrity and, in order to prove this, there must be adequate scrutiny of their actions.
“We do not believe the current system of oversight is effective and we have concerns that the weak nature of that system has an impact upon the credibility of the agencies' accountability, and to the credibility of Parliament itself.”
Their ‘Counter-Terrorism' report recommends that the Commissioners who scrutinise the intelligence services should be full-time and fully resourced. The scrutiny should be not the sole preserve of the Intelligence and Security Committee (ISC), and the Commons membership of the ISC should be elected.
The report says the Chair of the ISC should always be a member of the Commons, should be elected by the whole House, and should always be a member of the largest opposition party.
Emma Carr at Big Brother Watch commented: “This report is a wake-up call to those blindly parroting the line that the UK has the best oversight system in the world. The law is out of date, the oversight is weak and the reporting of what happens is patchy at best. The public are right to expect better.”
Carr said greater transparency “does not require legislation and should be addressed by the Home Secretary without delay”.