More Consequences From Broad NSA Surveillance: Germany Government Technologists Consider Windows 8 Too Dangerous
Apparently, surveillance software code by the National Security Agency (NSA) is in the new version of Windows 8. BGR reported:
"German publication Zeit Online has obtained leaked documents that purportedly show that IT experts within the German government believe that Windows 8 contains back doors that the NSA could use to remotely control any computers that have it installed.... Zeit says that German researchers fear that there will be “simply no way to tell what exactly Microsoft does to their system through remote updates..."
From prior news reports we learned that during the last decade Microsoft Windows 95, Windows 98, Windows NT4 and Windows2000 all contained NSA code. Now, we learn that Windows 8 also includes NSA code. The Android OS includes NSA code, while, according to Apple, its operating system software and products do not contain NSA code. (Let's hope that is true. The U.S. does have a secret court, secret laws, and secret processes -- so Apple may be prevented from admitting what is in their OS.)
If the report about Windows 8 is true, this may cast a different light on the departure of Microsoft CEO Steve Ballmer. I see several possible scenarios:
- Microsoft approved the NSA code with Ballmer involved in the decision
- Microsoft approved the NSA code without Ballmer involved in the decision
- After fighting the NSA surveillance program, Microsoft was forced to include NSA code in its products
- Microsoft included the NSA code without fighting the government surveillance program
It's not good if Ballmer approved the decision to include NSA code in Windows 8, and it's not good if he wasn't involved -- with some junior-level engineer making instead such a pivotal decision. It's not good if Microsoft never fought the inclusion of NSA code while being forced to comply. I'd like to believe that company executives could foresee a negative reaction, if and when customers realize that NSA is in the company's software and products.
Reportedly, Yahoo fought the government surveillance program and lost in 2007 or 2008. I am not a lawyer. Perhaps, some legal expert will weigh in here about whether the U.S. government can use the FISA Amendments Act (FAA; Adobe PDF) to force companies to comply with government surveillance programs. We have a secret court, secret laws, and secret processes. So, it is possible there is some secret law besides the FAA.
The embedded NSA code puts Microsoft products at a disadvantage versus Apple, since Apple products and operating system software do not include NSA code. And, the loss of business in Germany is not good news, as Microsoft struggles with lagging market share with smart phones, Microsoft Office faces stiffer competition, and Windows 8 sales lag as PC sales lag.
The situation makes me wonder how much money the NSA paid Microsoft to embed their code. I doubt that any payments to Microsoft equal or exceed lost company revenues. In fact, the Guardian UK reported on Friday that the NSA has already paid millions to several high-tech companies to cover the companies' compliance costs:
"A Yahoo spokesperson said: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Asked about the reimbursement of costs relating to compliance with FISA court certifications, Facebook responded by saying it had "never received any compensation in connection with responding to a government data request." Google did not answer any of the specific questions put to it, and provided only a general statement denying it had joined Prism or any other surveillance program... Microsoft declined to give a response on the record."
If the BGR and Zeit Online news reports are accurate, then the NSA code is not benign, contrary to what the NSA said in prior news reports about its code in the Android operating system software. This is huge news also because it indicates a clear intent by organizations in other countries to stop buying future Microsoft products, which they view as compromised by NSA surveillance.
Prior news reports indicated a review of the Safe Harbor agreement that allows U.S. companies to sell products and services in the European Union. If amended, that would greatly restrict Internet and high-tech companies' sales in Europe. That consequence is in addition to warnings by experts that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues. In simpler terms:
Lost revenues by U.S. high-tech companies = lost American jobs = lost tax revenues to U.S. federal, state, and local governments
Consequences just got real. For everyone. Not just for Microsoft.
A tiny bit of somewhat good news in the BGR report:
"... the researchers say that they’ll still be able to use Windows 7 securely “until 2020..." "
That gives the U.S. and its high-tech firms a small window to restore customers' confidence in their products and services with embedded NSA surveillance code, plus embedded code from any other U.S. government agencies. Ballmer may need to leave far sooner than 12 months. Maybe some more NSA document disclosures will shed light on this.
Do U.S. government officials really believe that there would not be any negative (unintended) consequences for its extensive surveillance programs with NSA code embedded in commercial software products and services? Do U.S. government officials really believe that there would not be any negative consequences for mass surveillance of our European allies? It has undermined our allies' trust in the USA. It has undermined their trust in USA-made products and services.
The American people need to have a full debate about this. Do taxpayers (and voters) want their government spending money this way in surveillance programs and software code? Do you find it acceptable that this code is done in secret? Do you find acceptable the projected revenue losses by American high-tech companies? Are the likely job losses acceptable, too? What other high-tech companies will be affected next?