"If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story," said Schneier in a recent Guardian article. "Your employer obligations don't cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers."
When yesterday asked whether China and Russia might also be working with any of their homegrown industries to also subvert products for espionage purpose, Schneier said he had no direct knowledge about this. But having read a slew of documents that Snowden has released, Schneier said he's convinced that the NSA is doing "everything possible" to ensure complete access to everything it can. The influence of the U.S. and the United Kingdom on software, hardware and the Internet gives them "a very privileged position on the Internet," he said.
The NSA readily acknowledges it is always seeking to "break" security of adversaries and encryption -- that after all, is part of its mission as America's cyber-espionage agency, which also maintains a Cyber Command to attack adversaries via cyberspace. But the revelation that the NSA is spending millions each year to try and get software and hardware vendors to modify their products to include backdoors for intelligence-collection purposes and weakening of cryptographic and security systems raises the prospect of what legal ramification this will all have when more becomes known.
It's possible lawsuits from both businesses and consumers may arise if it becomes known specific products and services were designed with backdoors for the NSA without disclosure of that to the buyer in what would be seen as a deceptive practice. Some revelations in June from Snowden about the NSA's so-called PRISM program for intelligence collection are starting to have legal impacts.
Under PRISM, the NSA can collect e-mail, chat, videos, stored data, VoIP, file transfer and other material from Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Yahoo. Microsoft and Google say they provide this data to the NSA under the Foreign Intelligence Surveillance Act order and want to disclose how many of those are received each year, but say so far the U.S. Department of Justice is not agreeing to that.
At the end of August, Microsoft General Counsel and Executive Vice President Brad Smith said his company and Google would "move forward with litigation in the hopes the courts will uphold our right to speak more freely." They did that yesterday in legal filings at the Foreign Intelligence Surveillance Court, joined by Yahoo.
Public prosecutors in France are said to be starting to build a case against the NSA and the FBI for PRISM-related spying on French citizens.
Sign up for CIO Asia eNewsletters.