Does the NSA Bully Telecom Companies for Access to Data?
“At the end of the day,” Verizon (NYSE:VZ) CEO Lowell McAdam told CNBC in an interview in September that, “If the Justice Department shows up at your door, you have to comply. We have gag orders on what we can say and can’t defend ourselves, but we were told they do this with every carrier.” The tone of McAdam’s statement is somewhat ominous, but it also appears to capture how many people feel about the revelations regarding the National Security Agency’s clandestine mass monitoring programs that were brought to light by Edward Snowden.
Among them was a data-mining operation called PRISM, which reportedly obtained access to the systems of major Internet and technology companies such as Google (NASDAQ:GOOG), Apple (NASDAQ:AAPL), Yahoo (NASDAQ:YHOO), and Facebook (NASDAQ:FB) through the use of court orders. The documents also revealed that the NSA infiltrated the internal cloud networks at major data companies like Google and Yahoo, siphoning information from their private networks.
How, exactly, this monitoring was conducted is still unclear — but McAdam’s comments seem to point in the right direction. The NSA has claimed — and perhaps truthfully — that it did not hack directly into the networks of major corporations. Instead, the agency may have tapped the data transmission lines that run between data centers.
People with knowledge of the matter tell CNBC that the NSA likely tapped into data transmission lines operated by companies like Verizon, Vodafone (NASDAQ:VOD), and Level 3 Communications (NASDAQ:LVLT). Operations of all three companies fall under the umbrella of Internet backbone providers. These companies manage much of the cabling that strings together the data centers of many large technology companies.
Google and Yahoo, for example, use Level 3, the largest Internet backbone provider, and as a result of this relationship the company has received a lot of bad press. In July, the company spoke out in its defense, and in the process shed some light on its relationship with government security agencies.
“Recent media attention has focused on a 2003 ‘network security agreement’ between Global Crossing and “Team Telecom” — a collection of U.S. government agencies that includes the Department of Defense and the Department of Homeland Security,” the company said in a statement. “Many of these reports leap to conclusions that are factually incorrect.” Global Crossing was acquired by Level 3 in 2011, at which time the old agreement was terminated and a new one was signed (the full text of which is publicly available).
The idea that the NSA or other security agencies can force companies to provide access to ostensibly secure data can prove to be bad for business. In November, Qualcomm (NASDAQ:QCOM) CEO Paul Jacobs told the Wall Street Journal that his firm — and most U.S. technology companies, in fact — are “seeing increased pressure” from foreign businesses and governments as a result of the developments regarding the NSA.
Businesses and governments in Europe reacted quickly and vehemently to news that the NSA was eavesdropping on digital communications previously thought secure and confidential. In August, the Information Technology & Innovation Foundation issued a report suggesting that the U.S. cloud computing business alone stands to lose between $22 billion and $35 billion over the next three years due to lost business.
Level 3, looking to avoid as much fallout as possible, spelled out its defense. ”There is no provision in the terminated or existing network security agreement that permits the U.S. government to compel Level 3, or require Level 3 in any way, to cooperate in unauthorized surveillance on U.S. or foreign soil. Our 2011 network security agreement largely addresses the security of Level 3′s U.S.-based communications assets. That agreement also requires us to comply with “Lawful U.S. Process,” reiterating our obligations under applicable law.”