Thousands of US tech, finance, and manufacturing firms have secret agreements with national security agencies to trade sensitive information in return for classified intelligence, Bloomberg’s sources revealed.
The firms involved are referred to as ‘trusted partners’ by US intelligence organizations such as the National Security Agency (NSA), Central Intelligence Agency (CIA), the Federal Bureau of Investigation (FBI) and branches of US military.
In fact, thousands of US companies voluntarily provide US agencies with data (i.e. equipment specifications), Bloomberg’s four sources, who either worked for the government or in companies that have these agreements, said. And the information received can be used to gain access to computers of America’s rivals.
Cooperation between companies and intelligence agencies is legal, reported Bloomberg. And the fact that the companies provide information voluntarily means there is no need for US agencies to get court orders and no oversight is required under the Foreign Intelligence Surveillance Act, one out of four sources said.
Also, some of the companies’ executives are guaranteed immunity from civil actions related to transfer of information.
For example, Microsoft passes on information about bugs in its software before it publicly releases a fix to the problem, two sources confirmed. This kind of information can protect US government computers, as well as help to infiltrate those used by foreign governments by exploiting vulnerabilities in the Microsoft’s system.
Microsoft is reportedly not told how the US government uses the information passed on down to it, according to one official. Spokesman for Microsoft Frank Shaw confirmed such releases and stated that they give the government a chance to get “an early start: on risk assessment and mitigation.”
McAfee, America’s global computer security software company, is another ‘trusted partner’ and is known for its cooperation with the NSA, CIA, and FBI. It can share valuable data including malicious internet traffic, one of the sources said.
The company’s worldwide chief technology officer, Michael Fey, rebuffed the claim that the company does not share any personal information with the government.
“McAfee’s function is to provide security technology, education, and threat intelligence to governments … [including] emerging new threats, cyber-attack patterns and hacker group activity,” he stated.
Due to the sensitivity of information being traded, these kinds of agreements are usually made strictly between companies’ chief executive officers and heads of the US agencies. At times the chief executives could clear a few trusted people to work directly with the agencies.