[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Security unease as government buys software
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Hallo,
nochmal diesen Text:
Security unease as government buys software
By John Markoff
The New York Times
July 7, 2003, 10:56 AM PT
http://news.com.com/2100-1009-1023414.html
Sitting at his laptop computer in a hotel near Toronto one day last
October, Gregory Gabrenya was alarmed by what he discovered in the
sales-support database of his new employer, Platform Software: the
names of more than 30 employees of the United States National Security
Agency.
The security agency, one of many federal supercomputer users that rely
on Platform's software, typically keeps the identities of its
employees under tight wraps. Gabrenya, who had just joined Platform as
a salesman, found the names on a list of potential customer contacts
for Platform's sales team. The discovery crystallized his growing
concern that the company was perhaps too lax about the national
security needs of its United States government customers, in the
military, intelligence and research.
"Anyone who had an account on the system could see this list,"
Gabrenya recalled in a recent interview. "They shouldn't be seeing
this information and I shouldn't be seeing it."
What really worried him, Gabrenya said, was that Platform, although
based in Markham, Ontario, maintains a software maintenance and
testing operation in Beijing--which he was not sure the company had
made clear enough to its American government customers.
He repeatedly raised the concerns with Platform executives, who say
his fears were unfounded. In March, Gabrenya, who had previously
worked for nearly 10 years as a salesman for the supercomputer maker
Silicon Graphics, was let go by Platform. The company said he had not
met sales goals. Gabrenya said his whistle-blowing led to his
dismissal.
Gabrenya, a 42-year-old American, stressed that he had seen no
evidence of espionage or other wrongdoing by Platform employees either
in Canada or China. But he said that he was concerned about two
possibilities, that sensitive government information was not receiving
adequate protection and that the Chinese software operation could be
infiltrated by foreign agents who could tamper with software being
used by United States government agencies.
The issues Gabrenya raised are part of a tension in the information
technology industry, as crucial computer programming is increasingly
performed outside the United States, either in the form of jobs
exported from this country or by a growing array of foreign
competitors.
The trend poses risks, in the view of some American government
officials, because of the potential for foreign spies to sneak illicit
code into critical programs, and simply because the United States is
increasingly losing dominance in information technology.
"Software is so goofy because there is so many lines of code that
hiding Trojans inside the system is the easiest thing in the world to
do," said Keith Rhodes, the chief technologist of the General
Accounting Office. "Setting aside national security, we're also
talking about a tremendous advantage you give to your national
competitors."
The concerns cut both ways. The Chinese government has repeatedly
accused the United States military and intelligence organizations of
attempting to conduct espionage by manipulating American products sold
in China. The tracking features in Intel's microprocessors and
Microsoft's operating system software are of particular concern to
Chinese officials, which is one reason China is intent on expanding
its own technology industry.
"The Chinese emergence as a global workshop for information technology
presents us with a new area of export control challenges," said James
Mulvenon, an analyst at research group Rand.
Hong Chen, a Chinese technologist in Silicon Valley, who is not
affiliated with Platform Software, said that there were software
technologies that the United States should jealously guard and not
develop overseas, but that Platform's was not among them.
"I don't think the technologies at stake here are crucial to national
security," said Chen, an executive who heads the Hua Yuan Science and
Technology Association, a Silicon Valley group of more than 1,000
entrepreneurs and technologists who were born in mainland China.
For the most part, Chen said, the United States and China should
freely exchange technologies.
Platform Software dominates the market for software that enables
clusters of powerful computers to work together. It has dozens of
United States government customers, and computer makers including Dell
Computer, IBM and Silicon Graphics also sell software to the
government. The company was co-founded in 1992 by a Chinese-born
computer scientist, Songnian Zhou, who received his Ph.D. from the
University of California at Berkeley, and who remains Platform's chief
technology officer.
Gabrenya, who lives in Northern California, is still looking for work.
He said that shortly after he was hired by Platform, he began raising
his concerns with company executives, first in person and then in
writing.
In January, he spelled out his concerns in an e-mail message to his
boss: "After spending a little over 90-plus days here at Platform, I
find myself less comfortable in this job than when I began. The
reason? Our China office. It's clear that we now have people in
Beijing doing important development work and we are not, as a company,
telling our U.S. government customers. That's a problem in my mind. Is
this illegal?"
The e-mail message and his persistent queries led the company to
blackball him, Gabrenya said. His relationship with Platform
deteriorated, he said, after he told the company that his security
concerns made him uncomfortable trying to sell its products to the
NASA Ames Laboratory, a government research center in Silicon Valley.
Executives at Platform Software dispute Gabrenya's charges, saying the
company has stringent rules in place to separate its foreign
operations from its domestic software development process and computer
systems. The company says that none of its software for customers in
the American government is developed in China and that it has
carefully informed those customers about its test and maintenance
organization in China.
"What I did say to Greg at the time is that there is clear demarcation
with respect to development of software and no code goes to China,"
said Ian Baird, vice president for sales and marketing operations at
Platform.
The company also does not make customer information stored in its
sales support database generally available within the company, he
said, adding that it was unclear how it would have been possible for
Gabrenya to have the authorization to view the security agency
customer data.
A security agency spokeswoman said last week that the agency was not
prepared to comment.
But several of the company's other United States government customers
said they were aware of Platform's operation in China and were not
concerned.
A spokesman for one customer, the Los Alamos National Laboratory in
New Mexico, said that dealing with software written outside of the
United States was now a normal occurrence.
"Of course we knew that Platform has subsidiary offices all over the
world, including China," said Kevin Roark, a spokesman for the Los
Alamos laboratory. He said the lab reviewed all of the basic
programmer instructions, known as source code, before running software
used in classified applications. "The reality of software in the 21st
century," he said, "is you count on software having source from
foreign sources."
Even before Gabrenya's complaints, Platform Software said, it had been
taking steps to isolate its overseas divisions from the sale of its
software technology to customers in the United States with classified
military and intelligence applications. The company recently created a
separate board for its unit that sells to the United States
government.
The board includes two former government officials: Oliver Revell,
president of the Revell Group International and former assistant
director of the Federal Bureau of Investigation; and Harry Soyster,
vice president of the Washington consultants Military Professional
Resources and a former lieutenant general in the Army who directed the
Defense Intelligence Agency.
Revell said he was unfamiliar with the details of Gabrenya's dispute
with Platform, but said he thought the company had taken the necessary
steps to insulate itself from potential foreign intelligence
operations.
"I've spent 35 years defending my country, and I would not participate
or allow my name to be used in a company that had any potential risk
to the United States," Revell said. "As far as I'm concerned, the
software provided will be thoroughly checked and all of the U.S.
government customers are aware of what's being done and where it's
being done."
Gabrenya, for his part, said he could have gone to a lawyer and
attempted to reach a financial settlement with the company for what he
considers his wrongful termination, but that "it was not about money."
"I have some moral concerns," he said. "This is about doing the right
thing."
Entire contents, Copyright © 2003 The New York Times. All rights
reserved.
--
bye,
Bodo
=====================================================
Bodo Staron
Weidachstrasse 8
85748 Garching
Germany
Tel: +49/89/320 49 50
http://www.staron.org/
mailto:bodo -!
- staron -
de
=====================================================
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.