Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said.
— according to Bloomberg, U.S. Agencies Said to Swap Data With Thousands of Firms.
Turns out what the firms are getting is not data on customers — nor in the main is that what they are giving. Rather the firms are giving advance info on vulnerabilities in their systems that could be used to by the TLA’s1 to get information from vulnerable systems. Plus some of the firms are allowing the feds to install monitoring equipment on their networks, ostensibly to protect against hacking, but in at least some cases with the ability to spy on message traffic.
In exchange, the firms are getting information about who, especially from abroad, is trying to hack them, and some help and advice on defending themselves.
I have no problem with the feds helping US corporations defend themselves against foreign (or domestic) hackers. I do have a problem if the price of that defense is allowing the feds access to customer data.
My first instinct is that I wouldn’t have a problem with firms like Microsoft giving advance warning about vulnerabilities to the feds — whether it is so they can harden their own systems or even if it is so they can take advantage offensively to hack into foreign targets. I would feel that way, however, only so long as I believed the program had adequate safeguards to prevent its misuse against US persons, whether at home or abroad. And, unfortunately, there is no particular reason to believe that to be the case. There is at present a lack of accountability.
- TLA == Three Letter Agencies [↩]