One Nation Under Surveillance – U.S. Government Pushed Tech Companies to Hand Over Source Code

One Nation Under Surveillance – U.S. Government Pushed Tech Companies to Hand Over Source Code

Michael Krieger | Posted Thursday Mar 17, 2016 at 12:14 pm

Our founding fathers studied power structures over the millennia and knew exactly what they were doing when solidifying the Bill of Rights into the U.S. Constitution. All it took was a couple hundred years, an extraordinarily ignorant and apathetic American public, and a major terror attack to roll back this multi-generational gift.

For many years, I and countless others have been screaming from the rooftops that a society should never trade civil liberties for security. Life on earth has always been dangerous for us humans, and what has historically separated free and noble civilizations from stunted tyrannies is a willingness to acknowledge such a precarious existence while at the same time demanding and defending one’s dignity and liberty. In the aftermath of the attacks of 9/11, the American public has demonstrated no such strength of character or historical maturity, thus allowing a corrupt, deceptive and lawless government to run roughshod over freedom with very little resistance.

– From the post: War on Terror Turns Inward – NSA Surveillance Will Be Used Against American Citizens

Freedom? Liberty? Don’t be ridiculous.

It’s been a little while since I’ve updated readers on the shady, shameless surveillance practices of the U.S. government. As usual, it’s worse than we thought.

ZDNet reports:

NEW YORK — The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.

With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing “most of the time.”

Just like the American people. Perpetual losers.

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. In a recent filing against Apple, the government cited a 2013 case where it won a court order demanding that Lavabit, an encrypted email provider said to have been used by whistleblower Edward Snowden, must turn over its source code and private keys. The Justice Dept. used that same filing to imply it would, in a similar effort, demand Apple’s source code and private keys in its ongoing case in an effort to compel the company’s help by unlocking an iPhone used by the San Bernardino shooter.

In case you aren’t familiar with the Lavabit saga, see: The True Story Behind Edward Snowden’s Email Service Provider Lavabit.

We contacted more than a dozen tech companies in the Fortune 500. Unsurprisingly, none would say on the record if they had ever received such a request or demand from the government.

IBM referred to a 2014 statement saying that the company does not provide “software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.” A spokesperson confirmed that the statement is still valid, but did not comment further on whether source code had been handed over to a government agency for any other reason.

Which pretty much means it has.

Microsoft, Juniper Networks, and Seagate declined to comment.

Apple’s software chief Craig Federighi said in a sworn court declaration this week alongside the company’s latest bid to dismiss the government’s claims in the San Bernardino case that Apple has never revealed its source code to any government.

“Apple has also not provided any government with its proprietary iOS source code,” wrote Federighi.

But even senior tech executives may not know if their source code or proprietary technology had been turned over to the government, particularly if the order came from the Foreign Intelligence Surveillance Court (FISC).

The secretive Washington DC-based court, created in 1979 to oversee the government’s surveillance warrants, has authorized more than 99 percent of all surveillance requests. The court has broad-sweeping powers to force companies to turn over customer data via clandestine surveillance programs and authorize US intelligence agencies to record an entire foreign country’s phone calls, as well as conduct tailored hacking operations on high-value targets.

If this is what freedom looks like, I don’t ever want to see tyranny.

FISA orders are generally served to a company’s general counsel, or a “custodian of records” within the legal department. (Smaller companies that can’t afford their own legal departments often outsource their compliance to third-party companies.) These orders are understood to be typically for records or customer data.

These orders are so highly classified that simply acknowledging an order’s existence is illegal, even a company’s chief executive or members of the board may not be told. Only those who are necessary to execute the order would know, and would be subject to the same secrecy provisions.

Top secret NSA documents leaked by whistleblower Edward Snowden, reported in German magazine Der Spiegel in late-2013, have suggested some hardware and software makers were compelled to hand over source code to assist in government surveillance.

Last year, antivirus maker and security firm Kaspersky later found evidencethat the NSA had obtained source code from a number of prominent hard drive makers — a claim the NSA denied — to quietly install software used to eavesdrop on the majority of the world’s computers.

In Liberty,
Michael Krieger

Leave a Reply