We’ve known for roughly two years the
US government has programs devoted to intercepting computer hardware
mid-shipment. These programs are used to insert backdoors or spyware
deep into a system’s firmware before it even arrives at its destination.
A new report claims Apple is looking into building its own servers as a
way to thwart this type of insertion.
The Information (currently offline as of this writing) reported yesterday that:Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, according to a person familiar with the matter. At one point, Apple even assigned people to take photographs of motherboards and annotate the function of each chip, explaining why it was supposed to be there. Building its own servers with motherboards it designed would be the most surefire way for Apple to prevent unauthorized snooping via extra chips.
Security isn’t Apple’s only motivation — the company has expressed unhappiness with Amazon Web Services and, according to VentureBeat,
is working on a plan to build its own in-house data centers and
software to run them. Currently, services like iTunes are mostly
outsourced to other providers like Amazon or Microsoft’s competing
Azure. Apple is far from the first company to take steps like this;
Google publicly announced it would begin encrypting all data that
travels through its data centers after information leaked that the NSA
had tapped undersea cables to spy on Google’s data centers from the
inside, where data was once unencrypted.
Whether or not this approach can actually lock out groups
like the NSA is an incredibly difficult question. Apple could contract
with companies like Foxconn to build hardware to its own specifications,
but there’s no guarantee that the NSA wouldn’t find a different method
of penetrating Apple’s security. A government agency that’s gone to the
trouble of building infrastructure to intercept, bug, and re-ship
network equipment and servers is obviously one that’s willing to spend
top dollar to guarantee results. Apple can make the game more difficult,
certainly, but can it close the loopholes altogether?
This rumor isn’t going to be well-received by the government, which has already indicated it believes Apple’s behavior is just shy of treasonous
in various court filings related to the San Bernardino shooting.
Building its own data centers and designing its own hardware from the
ground up, at least partly for the express purpose of locking the
government out, isn’t going to sit well with the folks in Washington.
Up to this point, the battle over encryption
has largely been waged behind the scenes. The White House has declined
to push for any legislation that would actually ban encryption or
formally require companies to cooperate with the government in turning
over keys and access. One likely reason for this state of affairs is
that government agencies feel reasonably assured that they can get the
data they want without the battle public legislation would spark. If
government agencies start feeling less sure of their own ability to
compel cooperation or access information at will, this fight could go
more public than it has to date. The technology sector would ferociously
oppose such legislative fiat (assuming Congress was willing to consider
it in the first place), but whether that opposition would be sufficient
to sway the final outcome is another unknown.
Both Republicans and Democrats have given great deference to
the NSA, FBI, and their claims that warrantless wiretaps and mass
surveillance are required if the American people are to be kept safe.
Apple, however, isn’t alone in its efforts. Last year, Cisco’s security
chief announced it purposefully shipped to fake locations to keep the NSA from targeting and intercepting its hardware.
Post a Comment