Thank Snowden: Internet Industry Now Considers The Intelligence Community An Adversary, Not A Partner

from the a-useful-level-of-distrust dept

In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.

“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”

“A stupid approach,” is the assessment of one technology executive who will be seeing Mr. Obama on Friday, and who asked to speak anonymously.

And while Silicon Valley executives have made a very public argument over encryption, they have been fuming quietly over the government’s use of zero-day flaws. Intelligence agencies are intent on finding or buying information about those flaws in widely used hardware and software, and information about the flaws often sells for hundreds of thousands of dollars on the black market. N.S.A. keeps a potent stockpile, without revealing the flaws to manufacturers.



Companies like Google, Facebook, Microsoft and Twitter are fighting back by paying “bug bounties” to friendly hackers who alert them to serious bugs in their systems so they can be fixed. And last July, Google took the effort to another level. That month, Mr. Grosse began recruiting some of the world’s best bug hunters to track down and neuter the very bugs that intelligence agencies and military contractors have been paying top dollar for to add to their arsenals.



They called the effort “Project Zero,” Mr. Grosse says, because the ultimate goal is to bring the number of bugs down to zero. He said that “Project Zero” would never get the number of bugs down to zero “but we’re going to get close.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We already wrote about the information sharing efforts coming out of the White House cybersecurity summit at Stanford today. That's supposedly the focus of the event. However, there's a much bigger issue happening as well: and it's the growing distrust between the tech industry and the intelligence community. As Bloomberg notes, the CEOs of Google, Yahoo and Facebook were all invited to join President Obama at the summit and all three declined . Apple's CEO Tim Cook will be there, but he appears to be delivering a message to the intelligence and law enforcement communities , if they think they're going to get him to drop the plan to encrypt iOS devices by default:In fact, it seems noteworthy that this whole issue of increasing encryption by the tech companies to keep everyone out has been left off the official summit schedule. As the NY Times notes (in the link above), Silicon Valley seems to be pretty much completely fed up with the intelligence community after multiple Snowden revelations revealed just how far the NSA had gone in trying to "collect it all" -- including hacking into the foreign data centers of Google and Yahoo. And, on top of that, the NSA's efforts to buy up zero day vulnerabilities before companies can find out and patch them:That Times article quotes White House cybersecurity boss Michael Daniel (the man who is proud of his own lacking of cybersecurity skills) trying to play down the "tensions" between Silicon Valley and Washington, followed by this anonymous quote from a Silicon Valley exec:Further, the article discusses how companies are trying to fight back against the NSA's abuse of zero days (another thing that Daniel has championed ) by getting to them before the government does:There's a lot more in the two stories ahead, but the angry feeling is real. In the past year, it's amazing how many conversations I've had with people around Silicon Valley who aren't just upset or disgusted over the intelligence community's actions, they're. And while the tech industry was never as buddy buddy with the government as some have tried to imply, things had undoubtedly become complacent in some circles, with little effort being made to make sure that information wasn't being misused or abused. But that's no longer the case. There are, of course, legal limits on what companies can do, but just as the NSA once explained how they play right up to the very edge of the limits that Congress puts around them (some of us believe they go beyond that...), the tech industry is rapidly learning that they, too, need to push back to the line that the law allows them to do so as well.And, of course, none of that would likely have happened without Ed Snowden revealing to journalists the nature of the NSA's overreach.

Filed Under: cybersecurity, cybersecurity summit, ed snowden, government, surveillance, trust, white house, zero days

Companies: apple, facebook, google, yahoo