Platt Perspective on Business and Technology

Learnable lessons from Manning, Snowden and inevitable others 18 – the relationship between US government-run national security and private sector businesses

Posted in business and convergent technologies, in the News by Timothy Platt on December 26, 2013

This is my nineteenth posting on what is becoming a series of leaks and unauthorized disclosures of classified US government documents that relate to its War on Terror (see John Peter Zenger, Henry L. Stimson, Edward J. Snowden and the challenge of free speech and the first seventeen postings to this series, available at Ubiquitous Computing and Communications – everywhere all the time 2 as postings 225 and loosely following.)

My focus of attention for this series installment is on the relationship that has developed between the United States government’s national security system and particularly its surveillance and intelligence gathering arm of that, and private sector participants. And I have to admit that I have at least repeatedly touched upon this complex of relationships and its collaborations throughout this series up to here.

• I have cited and at least briefly discussed this when considering how candidates for work in this system are background checked for eligibility for receiving security clearance and even top secret security clearance. Security clearance background checks are the primary due diligence gatekeeper for managing access to national intelligence gathering programs and to data obtained through them, and as such are one of the primary resources in place for safeguarding national security per se. When the scope and scale of US national intelligence gathering and analysis were scaled up as part of the United States government’s War on Terror, the process of background-checking and screening candidates for security clearance was increasingly outsourced to privately held and operated outside businesses – and under contract terms that in practice equated numbers of approvals for security clearance with profitability for the businesses conducting these background checks. This led to shortcuts being taken and faulty security clearance decisions being made. To put this info numerical scale, just one company, U.S. Investigations Services Inc. (USIS) conducts approximately 700,000 security clearance background checks per year for the US Department of Homeland Security and its affiliated agencies, bureaus and services and it has been reported in the news (e.g. the New York Times on September 28, 2013) how managers there have been pressured to push through enough of these investigations at the end of each month to meet their quotas, even if that meant “flushing” through background checks just to be able to claim they had been done.
• I have also, picking up on a pertinent detail just noted above, cited private sector involvement in national security when discussing how contract workers and outside consultants are brought in. This, I add, goes way beyond simply bringing in private sector contractors and consultants and the services of private sector companies for carrying out critically sensitive national security background checks. And in that context I repeat that Edward Snowden was brought in as a contractor and not as a government employee for his work as a top secret clearance security analyst. And his security screening background check was conducted by a private sector contractor too.
• But my focus here is on the relationship between organizations such as the US National Security Agency (NSA) as a federal government entity, and private sector businesses such as telecommunications companies, online service providers, social networking sites and other online information companies, and computer hardware and software manufacturers,
• Where their intent is to secure governmental back-door access to personal and confidential information, bypassing both consumer privacy agreements that these businesses claim to adhere to and encryption and other user security capabilities that they supposedly securely and reliably maintain in place.
• My focus here is on the relationships that have been developed between US federal government agencies and departments as authorized by the United States Foreign Intelligence Surveillance Court (the FISA court) and its decisions, and private-sector businesses that they would mine for data as they conduct their open-ended surveillance programs.

Which companies and even major corporations have been drawn into this endeavor? The list is seemingly endless, and to cite just two telecommunications giants from it, both AT&T and Verizon have been actively providing US government agencies with call log and other sensitive information. Some of this private sector participation has developed strictly as a matter of compliance with FISA court rulings. But some of these data access providing relationships are a lot more complicated to explain, and certainly on the part of businesses involved in them. It has, for example, been reported in the news that the US Central Intelligence Agency (CIA) buys access to supposedly confidential systems user information from AT&T (with that reported, for example, in the New York Times on November 7, 2013.)

As I have been discussing throughout this series, the United States national security infrastructure and its surveillance and information gathering arms seek to gather in as much information as possible, and on everyone they can find information about or gather it from. This open-ended endeavor and their effort to reach the elusive goal of total information access is largely based on relationships created, court-mandated or otherwise, with private sector contractors and consultants, and with private sector businesses. And that situation has prevailed even where it means greatly diminished capability of oversight and control – and for key aspects of virtually every area and aspect of activity in United States national security as it operationally plays out. And that leads me to two open questions that I would finish this series installment with:

• Where in this system of arrangements does the NSA or any other in-house component of the US government’s national security system conduct effective, gap-free due diligence and through its own in-house validated efforts?
• How can these government agencies claim to be taking and exercising due diligence oversight responsibilities when all of the key elements that would go into their basic due diligence (e.g. security clearance checking for any individuals brought in) are being done in very significant part by outside, private sector parties and even where in-house government-based due diligence programs should be validating and overseeing all of this?

My concern is that any realistic answer to either of these questions would simply validate that the way our national security system is being run, strategically and operationally and as business-as-usual, militates against real national security.

I am going to turn in my next series installment to consider two closely interconnected sets of issues. I will at least begin a discussion of the backlash ripple effect that is developing out of all of this. Clearly, disclosure of widespread and open-ended surveillance programs has harmed the United States and its credibility. It has also harmed the credibility of other, allied national governments and private sector participants that have been brought into this effort. And I will discuss how the War on Terror and its various operational arms (e.g. its surveillance programs) have arisen in parallel with what amount to open-ended reaches for power and authority on the part of the leadership of the Department of Homeland Security and its system of agencies and other operational components (e.g. the NSA.)

Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time 2 and in my first Ubiquitous Computing and Communications directory page. I am also listing this under my In the News posting category. (This posting was written and uploaded November 24, 2013.)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: