U.S. security agencies ‘swap data with thousands of tech, finance and manufacturing firms under secret agreements’
- U.S intelligence organizations including the NSA, CIA and FBI ‘have secret agreements with companies including Microsoft and McAfee’
- Companies ‘believe they are helping to protect the nation’
- In return for their help, ‘firms are lavished with gratitude and attention’
By Lydia Warren
PUBLISHED: 11:09 EST, 14 June 2013 | UPDATED: 12:44 EST, 14 June 2013
Thousands of tech, finance, and manufacturing companies have secret agreements with U.S. security agencies to swap sensitive data in return for classified intelligence, sources have claimed.
U.S. intelligence organizations, including the NSA, CIA and FBI and branches of the U.S. military, call the firms ‘trusted partners’, sources told Bloomberg. The sources either worked for the government or for the companies.
A former NSA employee said the programs are far greater than what was uncovered by whistleblower Edward Snowden, who lifted the lid on government surveillance programs before fleeing to Hong Kong last month.
The relationship between the companies, which include Microsoft and McAfee, and intelligence agencies is legal, and because the firms provide information voluntarily, there is no need for court orders to insist they hand over the information, a source said.
The companies are happy to participate in the agreements because they believe they are helping to protect the nation or are advancing their own interests by receiving classified information in return, sources said.
They added that the public would be shocked at how much help the government seeks from the companies.
Bloomberg explained that Microsoft hands over information on bugs in its software before it publicly reveals a way to fix the problem.
The delay means that the U.S. government can exploit vulnerabilities in Microsoft’s system in programs that were sold abroad, including to foreign governments, the sources said.
While Microsoft is reportedly not told how the information is used, spokesman Frank Shaw confirmed data was handed over to give the government ‘an early start’ on risk assessment and mitigation.
Security software company McAfee also cooperates with the NSA, CIA, and FBI, the report explained, and shares data about malicious internet traffic, including foreign spy operations.
‘We do not share any type of personal information with our government agency partners,’ McAfee chief technology officer, Michael Fey, said.
‘McAfee’s function is to provide security technology, education, and threat intelligence to governments [including] emerging new threats, cyber-attack patterns and hacker group activity.’
The agreements deal with such sensitive information that they are usually made strictly between companies’ chief executive officers and chiefs of the U.S. agencies, the report said.
Only a few people in the company may know of them.
Some U.S. telecommunications companies also provide agencies with access to facilities and data abroad that would require a judge’s order if it were done in the U.S., one source added.
And in return for their help, companies are lavished with gratitude.
‘If I were the director and had a relationship with a company who was doing things that were not just directed by law, but were also valuable to the defense of the Republic, I would go out of my way to thank them and give them a sense as to why this is necessary and useful,’ said Michael Hayden, former director of the NSA and the CIA.
The sources said that in return for the companies’ help, some are also given warnings about threats that could affect their business, such as serious Internet attacks and who is responsible.
The report is just the latest revelation in the NSA leaks scandal, which hit headlines after Edward Snowden released information about Prism, an NSA surveillance system that gathers phone call and email information from telecommunication and internet companies.
Since his reveal, Snowden has fled to Hong Kong, but his exact whereabouts are unknown.
He emerged briefly in an interview with the South China Morning Post to claim that the U.S. has also been hacking Chinese computers for as long as four years.