By Allan Holmes
A congressional committee’s effective blacklisting of Huawei Technologies Co.’s products from the U.S. telecommunications market over allegations they can enable Chinese spying may come back to bite Silicon Valley.
Reports that the National Security Agency persuaded some U.S. technology companies to build so-called backdoors into security products, networks and devices to allow easier surveillance are similar to how the House Intelligence Committee described the threat posed by China through Huawei.
Just as the Shenzhen, China-based Huawei lost business after the report urged U.S. companies not to use its equipment, the NSA disclosures may reduce U.S. technology sales overseas by as much as $180 billion, or 25 percent of information technology services, by 2016, according to Forrester Research Inc., a research group in Cambridge, Massachusetts.
“The National Security Agency will kill the U.S. technology industry singlehandedly,” Rob Enderle, a technology analyst in San Jose, California, said in an interview. “These companies may be just dealing with the difficulty in meeting our numbers through the end of the decade.”
Internet companies, network equipment manufacturers and encryption tool makers receive significant shares of their revenue from overseas companies and governments.
Cisco Systems Inc. (CSCO), the world’s biggest networking equipment maker, received 42 percent of its $46.1 billion in fiscal 2012 revenue from outside the U.S., according to data compiled by Bloomberg. Symantec Corp. (SYMC), the biggest maker of computer-security software based in Mountain View, California, reported 46 percent of its fiscal 2013 revenue of $6.9 billion from markets other than the U.S., Canada and Latin America.
Intel Corp. (INTC), the world’s largest semiconductor maker, reported 84 percent of its $53.3 billion in fiscal 2012 revenue came from outside the U.S., according to data compiled by Bloomberg.
The New York Times, the U.K.’s Guardian and ProPublica reported in early September that NSA has cracked codes protecting e-mail and Web content and convinced some equipment and device makers to build backdoors into products.
That followed earlier reports that the NSA was obtaining and analyzing communications records from phone companies and Internet providers.
The revelations have some overseas governments questioning their reliance on U.S. technology.
Germany’s government has called for home-grown Internet and e-mail companies. Brazil is analyzing whether privacy laws were violated by foreign companies. India may ban e-mail services from Google Inc. and Yahoo Inc., the Wall Street Journal reported. In June, China Daily labeled U.S. companies, including Cisco, a “terrible security threat.”
“One year ago we had the same concern about Huawei,” James Staten, an analyst at Forrester, said in an interview. “Now this is the exact flipping of that circumstance.”
An Information Technology and Innovation Foundation report in August found U.S. providers of cloud services — which manage the networks, storage, applications and computing power for companies — stand to lose as much as $35 billion a year as foreign companies, spooked by the NSA’s surveillance, seek non-U.S. offerings.
“Customers buy products and services based on a company’s reputation, and the NSA has single-handedly tarnished the reputation of the entire U.S. tech industry,” said Daniel Castro, the report’s author and an analyst with the non-partisan research group in Washington, in an e-mail. “I suspect many foreign customers are going to be shopping elsewhere for their hardware and software.”
The latest disclosures were based on documents provided by Edward Snowden, the former NSA contractor accused of espionage by the U.S. who’s now in Russia under temporary asylum.
While the NSA mentioned no company by name, agency documents posted on the New York Times’ website said some companies were persuaded to insert “vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets.” The documents also said the NSA was trying to work with makers of “chips used in Virtual Private Network and Web encryption devices.”
Google, Facebook Inc. and Yahoo yesterday petitioned the U.S. Foreign Intelligence Surveillance Court, which rules on warrants for domestic data, for permission to publish the types of requests they’ve received from the NSA. The three companies were among 22 that sent a letter in July to President Barack Obama and congressional leaders urging that the companies be allowed to say more about their dealings with the agency.
Cisco said it doesn’t customize equipment to enable surveillance.
“Cisco’s product development practices specifically prohibit any intentional behaviors or product features which are designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security features or restrictions,” John Earnhardt, spokesman for the San Jose, California-based company, said in a statement.
Symantec said in a statement that it learned of the NSA’s encryption cracking in the media. “We had no prior knowledge about this program,” said Anna Zvagelskaya, of public relations firm Weber Shandwick, which represents Symantec.
“We have long held that Intel does not participate in alleged government efforts to decrease security in technology,” Lisa Malloy, an Intel spokeswoman, said in an e-mail.
While foreign firms may be more suspicious of some U.S.- made technologies, the impact of the disclosures may be limited, said Charles Kolodgy, a security analyst with IDC.
“It’s a worldwide market and some companies may try to benefit from not being a U.S.-based company, but the real issue is enterprises are trying to protect themselves in most cases from cyber criminals or malicious insiders or competitors,” he said in an interview.
“They’re not so concerned with what a nation-state is doing, The market-leading gear is often market-leading because it’s the best. We’ve gone past being able to source everything within a country.”
The NSA revelations also may undermine congressional efforts to block U.S. sales of networking equipment made by Huawei and ZTE Corp., China’s second-largest phone-equipment maker, also based in Shenzhen.
A House Intelligence Committee report released in October 2012 said the companies’ close ties to the Chinese government and its ability to build backdoors into U.S. computer networks might allow China to disrupt power grids, financial networks or other critical infrastructure.
That suspicion applies to almost every government and technology company, William Plummer, a Huawei spokesman, said in an e-mail. “Threats to data integrity are not limited to the acts of certain governments or the equipment or services of companies with select countries of origin,” he said.
Plummer called the U.S. government’s pursuit of Huawei “an innuendo-driven political exercise” and for “industry and government to leave political games behind and pursue real solutions to more secure networks and data.”