It Isn’t Just Foreign Companies
I’ve been thinking about the revelations about the Prism program, and have noted how this will impact the sale of Cloud services to foreign companies, as will the loss of secure e-mail services provided by companies like Lavabit and Silent Circle. Then it occurred to me that many US companies will be looking for those same services someplace else, because they have things they don’t want people to have access to, be they governments or hackers.
In ancient times all of the big corporations had their own IT infrastructure, but to increase profits more and more have out-sourced these functions. That means that ‘trade secrets’ and other confidential materials, like bids, are now subject to being hoovered up by NSA. If I’m in one of these companies and I see the government secrets that Snowden was able to access, I have to believe that there are probably people working for these contractors who might want to make a few extra bucks by selling my secrets to the highest bidder.
If you have ever had to deal with a Fortune 50 non-disclosure agreement, you would understand how concerned these corporations are. I will be able to talk freely about what I did at NSA at some point, but never about what I learned at certain clients, even who those clients were.
4 comments
Heh. Been there, done that, on the NDA w/Fortune 50 company thing that is :).
Like a lot of small companies we’re using Google Apps for our email and Salesforce for our CRM. We really aren’t in a position to bring those functions inhouse, we’d get deluged with spam if we didn’t use someone like Google to handle it and we don’t have the Internet connectivity to run our own CRM in-house (note that the sales and marketing folks don’t work out of our office, they work from home, which is quite doable since Salesforce is out there). I had already assumed that the NSA could access our data anytime they wished to do so. But your point about the contractors… that’s a point that I hadn’t thought about. They clearly have access to way more than they should, and somehow I doubt they are as dedicated to strict confidentiality and honorable behavior as the military people were.
Do note that our pride and joy — our source code — is 100% inhouse, and the off-site backups are sneakernet (by accident, actually — our Internet connection is too slow to make off-site backups in any other way). But that’s a small consolation to knowing that information about our sales and customers could be in the hands of competitors at the whim of a contractor :(.
We have a lot of defense contractors locally, and it has always been suspected that some of them that provide computer services to Eglin seem to have an ‘edge’ when it comes to contract renewal. It doesn’t make a difference who gets the contracts, because the people who actually do the work don’t change, just the name on their paychecks, and what their benefit package looks like. Nothing has been proven, but there have been former contract employees who seem to have received a ‘nice inheritance’ around contract time.
Yeah, law enforcement makes you think ‘evil thoughts’ like ‘how could this be abused?’
It doesn’t make a difference who gets the contracts, because the people who actually do the work don’t change, just the name on their paychecks, and what their benefit package looks like.
🙂 and this isn’t limited to the computer services there.
I was sure that it probably was widespread but I knew about the computer contracts through family and friends who are working in the system.
It’s all about getting the clearance.