UPS Denies Helping the NSA 'Interdict' Packages 207
An anonymous reader writes "When Glenn Greenwald's book came out recently, one of the most startling revelations was that the NSA has been intercepting shipments of networking gear to add spyware. Cisco was one of the vendors whose gear was altered, and now their shipping provider has spoken up about it: 'UPS, which Cisco has used since 1997 to ship hardware to customers around the world, said on Thursday that it did not voluntarily allow government officials to inspect its packages unless it is required to do so by law. "UPS' long-standing policy is to require a legal court-ordered process, such as a subpoena, before responding to any third-party requests," UPS spokeswoman Kara Ross wrote in an e-mail to TheBlot Magazine. "UPS is not aware of any court orders from the NSA seeking to inspect technology-related shipments." In a follow-up e-mail, Ross said UPS had no knowledge of similar orders from the FBI, CIA or any other federal agency.' That sounds like carefully parsed language to me. 'Did not voluntarily,' 'unless it is required to do so by law.' Perhaps they're bound by a National Security Letter?"
No need for UPS to help (Score:5, Interesting)
If the device is made (or packaged in the US) and is being shipped overseas, the NSA can grab it at customs, there is nothing the shipper can do about it.
What kind of spyware (Score:0, Interesting)
So, what kind of spyware could be installed on an IOS router? Does the NSA write their own bootloader?
Can NSA serve National Security Letters? (Score:5, Interesting)
Excuse my ignorance, I am not from the U.S., but I thought only the F.B.I. could serve National Security Letters. Can the NSA also serve them?
yeah, whatever (Score:4, Interesting)
I wonder if they (private companies) secretly allowed it(NSA infiltration) to happen under fear of the NSA using whatever power they have to get the companies shut down if they didn't follow suit. Now that the public has been informed, the companies are using all the plausible deniability they can to prevent lawsuits. In the case of the UPS, I don't think there's any plausible deniability to use...It's not a software system that the NSA could exploit per-se.
Or is it the case these companies really are just as corrupt as the NSA?
I really don't see any other alternative, unless you want to argue that Snowdens docs were fake (Highly unlikely).
Re:No need for UPS to help (Score:4, Interesting)
Many (all?) custom's warehouses are operated by third-party companies. This will be a little bit more complicated than inspecting luggage. However, the companies (subsidiaries) that operate those warehouses get their entire revenue from allowing people to transport goods across borders. I suspect the NSA can get away with almost anything in that environment.
Re:Physical interdiction of trucks? (Score:4, Interesting)
So here is a theoretical setup:
1) Identify the route of the target - the company who ordered the part
2) Order a delivery scheduled for the same day to a company earlier in the route
3) Watch the second company, identify the truck number and driver
4) Run a background on the driver to find out family, friends, brand of toilet paper
5) Meet driver en route and perform the stop as above
Who says they were third parties? (Score:4, Interesting)
Vetting National Security Letters (Score:5, Interesting)
OK, so the NSL is basically a secret letter, that nobody wants to talk about. How do they (recipients) even know if/when they're legit. It's not like there's a 1-800-DIAL-NSA number to check it out.
What's to stop "shady group X" from getting some serious looking guys with suits, sunglasses, and some fake ID's+forms to drop by the local datacentre and say "OK, we're NSA and we need records/access from this group of servers here. Oh, and you can't talk about this to anyone. Delay us and very bad things will happen to your and/or your business"