Tue, Jun 27, 2017 - Page 9 News List

Western techs bow to Russian demands to share cybersecrets

By Joel Schectman, Dustin Volz and Jack Stubbs  /  Reuters, WASHINGTON and MOSCOW

In addition to IBM, Cisco and SAP, Hewlett Packard Enterprise Co (HP) and McAfee Inc have also allowed Russia to conduct source code reviews of their products, said people familiar with the companies’ interactions with Moscow and Russian regulatory records.

Until now, little has been known about that regulatory review process outside of the industry. The FSTEC documents and interviews with those involved in the reviews provide a rare window into the tense push-and-pull between technology companies and governments in an era of mounting alarm about hacking.

Roszel Thomsen, an attorney who helps US tech companies navigate Russia import laws, said the firms must balance the dangers of revealing source code to Russian security services against possible lost sales.

“Some companies do refuse,” he said. “Others look at the potential market and take the risk.”

If tech firms do decline the FSB’s source code requests, then approval for their products can be indefinitely delayed or denied outright, US trade attorneys and US officials said.

The Russian information technology market is expected to be worth US$18.4 billion this year, market researcher International Data Corporation said.

Six current and former US officials who have dealt with companies on the issue said they are suspicious about Russia’s motives for the expanded reviews.

“It’s something we have a real concern about,” a former senior US Department of Commerce official said, who had direct knowledge of the interaction between US companies and Russian officials until he left office this year. “You have to ask yourself what it is they are trying to do and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”

However, none of the officials who spoke to reporters could point to specific examples of hacks or cyberespionage that were made possible by the review process.

Source code requests are not unique to Russia. In the US, tech companies allow the government to audit source code in limited instances as part of defense contracts and other sensitive government work. China sometimes also requires source code reviews as a condition to import commercial software, US trade attorneys said.

The reviews often take place in secure facilities known as “clean rooms.” Several of the Russian companies that conduct the testing for Western tech companies on behalf of Russian regulators have current or previous links to the Russian military, according to their Web sites.

Echelon Corp, a Moscow-based technology testing company, is one of several independent FSB-accredited testing centers that Western companies can hire to help obtain FSB approval for their products.

Echelon chief executive Alexey Markov said his engineers review source code in special laboratories, controlled by the companies, where no software data can be altered or transferred.

Markov said Echelon is a private and independent company, but it does have a business relationship with Russia’s military and law enforcement authorities.

Echelon’s Web site touts medals it was awarded in 2013 by the Russian Ministry of Defense for “protection of state secrets.”

The company’s Web site also sometimes refers to Markov as the “Head of Attestation Center of the [Russian] Ministry of Defense.”

This story has been viewed 2145 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top