Cisco chief John Chambers has written to Barack Obama asking the US president to help restore trust in US tech firms after revelations the government tampers with equipment en route to offshore customers.
The letter, published by Re/code on Sunday, follows the release of journalist Glen Greenwald’s new book, which includes claims the National Security Agency (NSA) intercepts and plants backdoors in servers, routers and other networking equipment destined for foreign customers of interest.
Chambers said the allegations could undermine confidence in the entire US technology sector and would be an impossible environment for the company to succeed in.
“[I]f hese allegations are true, these actions will undermine confidence in our industry and in the ability of the technology companies to deliver products globally,” wrote Chambers.
“This confidence is eroded by revelations of governments’ surveillance, government demands that make it difficult for companies to meet the privacy expectations of citizens and laws of other countries, and allegations that governments exploit rather than report security vulnerabilities,” he wrote.
Chambers urged Obama to consider “new rules of the road” to ensure the US' technological leadership was not “impaired”.
Cisco’s specific requests were conveyed in a blog post published last week by Cisco’s general counsel, Mark Chandler, who outlined the company’s wish that agencies require a court’s permission to keep a zero day flaw under wraps — rather than using solely internal procedures to determine whether to tell a vendor about a vulnerability.
Cisco’s suggestions included:
- Governments should have policies requiring that product security vulnerabilities that are detected be reported promptly to manufacturers for remediation, unless a court finds a compelling reason for a temporary delay. By the same token, governments should not block third parties from reporting such vulnerabilities to manufacturers.
- Governments should not interfere with the ability of companies to lawfully deliver internet infrastructure as ordered by their customers
- Clear standards should be set to protect information outside the United States which belongs to third parties, but are in the custody of subsidiaries of US companies, so that customers world-wide can know the rules that will apply and work with confidence with US suppliers.
In December eight US companies, including Apple, Google, Facebook, Microsoft and Yahoo, called for restraint on government surveillance.