Reports that the U.S. National Security Agency has installed some spying capacity in equipment from Cisco Systems and other American manufacturers destined for those it wants to keep under surveillance has drawn a curt response from the company’s top lawyer.
In a blog this week senior vice-president and general counsel Mark Chandler wrote that the government “overreached, undermining the goals of free communication.” And to make sure Washington gets the message, he said his words come “on behalf of all of Cisco’s leadership team.”
“As a matter of policy and practice, Cisco does not work with any government, including the United States Government, to weaken our products,” he wrote — and the news reports have never suggested otherwise.
Chandler’s blog comes as Ars Technica published photos this week of NSA technicians allegedly taking apart Cisco gear.
“Confidence in the open, global Internet has brought enormous economic benefits to the United States and to billions around the world,” Chander wrote. “This confidence has been eroded by revelations of government surveillance, by efforts of the U.S. government to force U.S. companies to provide access to communications of non-U.S. citizens even when that violates the privacy laws of countries where U.S. companies do business, and allegations that governments exploit rather than report security vulnerabilities in products.”
“We comply with U.S. laws, like those of many other countries, which limit exports to certain customers and destinations; we ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.”
For its part the NSA continues to say it uses its technical capabilities only to support “lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities.”
However, this week PBS carried a two-part series with allegations that some NSA surveillance capabilities were being unlawfully used in the United States by collecting telecom data without a warrant. Here’s a PBS interview with the response of recently retired NSA director Keith Alexander, who says during his term unlawful activity didn’t happen.
To meet the allegation that the NSA exploited vulnerabilities it discovered in IT equipment, Chandler and Cisco recommend all governments should be obliged to report such vulnerabilities to manufacturers for fixing unless forbidden by a court. Nor should governments be able to block third parties from reporting vulnerabilities.
“Governments should not interfere with the ability of companies to lawfully deliver internet infrastructure as ordered by their customers,” Chandler adds.