UPS Denies Helping the NSA 'Interdict' Packages

An anonymous reader writes "When Glenn Greenwald's book came out recently, one of the most startling revelations was that the NSA has been intercepting shipments of networking gear to add spyware. Cisco was one of the vendors whose gear was altered, and now their shipping provider has spoken up about it: 'UPS, which Cisco has used since 1997 to ship hardware to customers around the world, said on Thursday that it did not voluntarily allow government officials to inspect its packages unless it is required to do so by law. "UPS' long-standing policy is to require a legal court-ordered process, such as a subpoena, before responding to any third-party requests," UPS spokeswoman Kara Ross wrote in an e-mail to TheBlot Magazine. "UPS is not aware of any court orders from the NSA seeking to inspect technology-related shipments." In a follow-up e-mail, Ross said UPS had no knowledge of similar orders from the FBI, CIA or any other federal agency.' That sounds like carefully parsed language to me. 'Did not voluntarily,' 'unless it is required to do so by law.' Perhaps they're bound by a National Security Letter?"

Guilty

[Noah+Haders]

Not voluntarily unless required by law? Why do companies release statements like this? It just makes them seem more guilty. Better not to say anything.

Re:Guilty

[NotDrWho]

Here is the quote from the article:

“UPS’ long-standing policy is to require a legal court-ordered process, such as a subpoena, before responding to any third-party requests,” UPS spokeswoman Kara Ross wrote in an e-mail to TheBlot Magazine. “UPS is not aware of any court orders from the NSA seeking to inspect technology-related shipments.”

When you parse the language and translate it from PR-speak/legalese, you realize that this is basically a meaningless statement. The first sentence is boilerplate BS, and has nothing to do with the allegation at hand at all. "We have a long-standing policy not to do X" *IS NOT* the same as saying "We didn't do X" (though that's what they want you to believe they're saying, of course). The second part of the statement only tells us that the NSA didn't get a court order to do this, *NOT* that UPS didn't let them do it anyway without a court order.

And what the whole statement is absolutely NOT is an actual denial. In short, if UPS *REALLY* didn't let the NSA intercept their packages, they could have released a very simple statement saying "UPS did not and does not let the NSA intercept our packages." What they released was some vague boilerplate BS that basically says fuck all.

No need for UPS to help

[headhot]

If the device is made (or packaged in the US) and is being shipped overseas, the NSA can grab it at customs, there is nothing the shipper can do about it.

Re:wow

[larry+bagina]

Too many secrets.

I watched sneakers a couple days ago (it's on netflix) and nearly shit my pants at the end when Robert Redford reveals the magic decryptor box isn't for spying on the russians, it's "for spying on us". (Of course, they meant the NSA was spying on the FBI/CIA but still... future predicted).

Weaponized products don't sell

When you weaponize U.S. technology products to the extent that the NSA has, don't be surprised when no one wants to buy those products in the future.

What foreign CEO or government official wants U.S. technology in control of their banking industry? Their communications infrastructure? Their manufacuring base? Their electrical power and distribution network?

Can you imagine the U.S. response if the critical infrastructure items such as those listed above were found out to be backdoor and controllable at will by the Russians? Chinese? Indians?

The U.S. has a serious reputation problem right now. We need to stop this nonsense immediately if we expect our tech industry to survive.

It takes a second to destroy a reputation - it takes years, sometimes decades to build it back.

Re:Trust!

[Opportunist]

You know that the US resembles more and more the USSR of old? The way to get to the result is a different one, the end result is the same: You have a population that is mostly apathetic towards its government. And whoever isn't apathetic outright hates it. You have a secret service that seems to be more concerned with domestic spying than foreign intelligence, simply because the state and the powers that are fear their "internal" enemies more than they fears anyone coming from abroad. You have a small "elite" that mostly stays within its own circle who share the power in the country while everyone else is mostly powerless. And you have a mainstream press that toes the party line.

It's actually pretty amazing. You needn't have a totalitarian dictatorship to create a situation where you can bullshit and oppress most of the population. But what you DO need is an absence of a better system. That's what fell the communist systems and what keeps the current one we have alive: We lack the "west" they had.

Next time try this:

[mvw]

"Stories on rearranged routing yielded great overstatement today. For UPS customers keep invaluable. No government necessitated said law!"

Vetting National Security Letters

[phorm]

OK, so the NSL is basically a secret letter, that nobody wants to talk about. How do they (recipients) even know if/when they're legit. It's not like there's a 1-800-DIAL-NSA number to check it out.

What's to stop "shady group X" from getting some serious looking guys with suits, sunglasses, and some fake ID's+forms to drop by the local datacentre and say "OK, we're NSA and we need records/access from this group of servers here. Oh, and you can't talk about this to anyone. Delay us and very bad things will happen to your and/or your business"