Recent revelations about U.S. government spying have
fueled a media firestorm that has tacitly implicated programs unrelated to the
more controversial electronic eavesdropping. In reality, these programs help to
secure critical infrastructure, protect intellectual property, and make
commercial software more reliable.
On Friday, Bloomberg ran an exposé overviewing U.S.
National Security Agency (NSA) and other
government initiatives to help software makers address security
vulnerabilities. The programs it alludes to are voluntary and incentivize
companies to share “zero day” information on security bugs and hardware
specifications in return for access to classified intelligence information to
defend their systems from hackers. The information is available to the U.S.
government before it’s publicly disclosed. The fact that it’s happening isn’t
very secret.
Cyber warfare puts
infrastructure at risk from the power grid to stop lights. U.S. companies are
frequently targeted in industrial espionage, and some systems have even been
held for ransom by hackers. Ad networks like Google lose millions from
sophisticated attempts at “click fraud” orchestrated by organized crime
overseas. Companies that have been targeted and work with U.S. intelligence to
protect their assets have said so.
Government involvement to address these issues is hot
news in the wake of the PRISM leak
controversy where it was “revealed” (some details were already known for years)
that telecommunications and Internet companies were cooperating with the NSA to
gather data. That snooping began illegally under the Bush administration, but
Congress acted to shield participating companies from liability after it was
done. President Obama carried the cyber spying forward and expanded its reach.
It’s understandable that industry partnerships are under scrutiny, but it’s not
another PRISM.
PRISM is presumably now legal, but secret interpretations
of laws, shadow courts, a complete lack of judicial review, and the widespread
nature of the program have upset civil libertarians and even some longstanding
proponents. The author of the Patriot Act, which made some of this possible,
now wants to see it amended. But none of that directly involves the
aforementioned cyber security programs — even if press reports tie them in.
The Federal Bureau of Investigation, Defense Department
and NSA all work with thousands of U.S. tech
companies to fight cyber warfare. It isn’t used for spying (at least
domestically), and isn’t anything that hasn’t been disclosed publicly. For
instance, the NSA hosts a public Web site which describes what it does, so it’s
not a new “scandal” or news to anyone — just fodder that media outlets use to
generate Web traffic.
The NSA participates in a public worldwide effort to
design and evaluate secure software called the Common Criteria Evaluation. The NSA’s expertise
led to the creation of at least one ultra-secure operating system that has
protected U.S. troops overseas, ensures that the complex systems found in
commercial jetliners are reliable, and keeps vital infrastructure safe from
attack. What exactly is the scandal there? Nothing much.