Tue, Jun 27, 2017 - Page 9 News List

Western techs bow to Russian demands to share cybersecrets

By Joel Schectman, Dustin Volz and Jack Stubbs  /  Reuters, WASHINGTON and MOSCOW

In an e-mail, Markov said that the title is only intended to convey Echelon’s role as a certified outside tester of military technology testing.

The medals were generic and insignificant, he said.

However, for Symantec, the lab “didn’t meet our bar” for independence, spokeswoman Kristen Batch said.

“In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia,” Batch said, adding that the company did not believe Russia had tried to hack into its products.

Last year, the company decided it would no longer use third parties, including Echelon, that have ties to a foreign state or get most of their revenue from government-mandated security testing.

“It poses a risk to the integrity of our products that we are not willing to accept,” she said.

Without the source code approval, Symantec can no longer get approval to sell some of its business-oriented security products in Russia.

“As a result, we do minimal business there,” she said.

Markov declined to comment on Symantec’s decision, citing a non-disclosure agreement with the company.

In the past year, HP has used Echelon to allow FSTEC to review source code, agency records showed.

A company spokesman declined to comment.

An IBM spokesman confirmed the company allows Russia to review its source code in secure, company-controlled facilities “where strict procedures are followed.”

FSTEC certification records showed the Information Security Center, an independent testing company based outside Moscow, has reviewed IBM’s source code on behalf of the agency. The company was founded more than 20 years ago under the auspices of an institute within the Russian defense ministry, its Web site said.

The company did not respond to requests for comment.

The Russia code reviews were conducted at “certified testing labs” at company-owned premises in the US, McAfee said in a statement.

SAP allows Russia to review and test source code in a secure SAP facility in Germany, a person familiar with the process said.

In a company statement, SAP said the review process assures Russian customers “their SAP software investments are safe and secure.”

Cisco has recently allowed Russia to review source code, a person familiar with the matter said.

A Cisco spokeswoman declined to comment on the company’s interactions with Russian authorities, but said the firm does sometimes allow regulators to inspect small parts of its code in “trusted” independent labs and that the reviews do not compromise the security of its products.

Before allowing the reviews, Cisco scrutinizes the code to ensure they are not exposing vulnerabilities that could be used to hack the products, she said.

A White House official said the administration is generally opposed to broad source code requirements because they impede free trade, but whether to comply is “a private business decision.”

Additional reporting by Steve Holland

This story has been viewed 2144 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top