WASHINGTON
When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern.
Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency.
Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans.
The only difference is that the NSA does it for intelligence, and Silicon Valley does it to make money.
The disclosure of the spy agency’s program called Prism, which is said to collect the e-mails and other Web activity of foreigners using major Internet companies like,
Yahoo
Facebook,
...has prompted the companies to deny that the agency has direct access to their computers, even as they acknowledge complying with secret NSA court orders for specific data.
Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the NSA and the rise of data mining - both as an industry and as a crucial intelligence tool - have created a more complex reality.
Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets.
To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly.
“We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco.
“There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.”
Although Silicon Valley has sold equipment to the NSA and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data - at the same time that the value of the data for use in consumer marketing began to rise.
“These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York.
The sums the NSA spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.
Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the NSA and to make their customers’ information more accessible to the agency.
The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the NSA to make access easier.
Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.
Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project.
The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.
A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement.
It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the NSA One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.
Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.
In its recruiting in Silicon Valley, the NSA sends some of its most senior officials to lure the best of the best.
No less than Gen. Keith B. Alexander, the agency’s director and the chief of the Pentagon’s Cyber Command, showed up at one of the world’s largest hacker conferences in Las Vegas last summer, looking stiff in an uncharacteristic T-shirt and jeans, to give the keynote speech.
His main purpose at Defcon, the conference, was to recruit hackers for his spy agency.
NSA badges are often seen on the lapels of officials at other technology and information security conferences.
“They’re very open about their interest in recruiting from the hacker community,” said Jennifer Granick, the director of civil liberties at Stanford Law School’s Center for Internet and Society.
But perhaps no one embodies the tightening relationship between the NSA and the valley more than Kenneth A. Minihan.
A career Air Force intelligence officer, Mr. Minihan was the director of the NSA during the Clinton administration until his retirement in the late 1990s, and then he ran the agency’s outside professional networking organization.
Today he is managing director of Paladin Capital Group, a venture capital firm based in Washington that in part specializes in financing start-ups that offer high-tech solutions for the NSA and other intelligence agencies.
In effect, Mr. Minihan is an advanced scout for the NSA as it tries to capitalize on the latest technology to analyze and exploit the vast amounts of data flowing around the world and inside the United States.
The members of Paladin’s strategic advisory board include Richard C. Schaeffer Jr., a former NSA executive.
While Paladin is a private firm, the American intelligence community has its own in-house venture capital company, In-Q-Tel, financed by the Central Intelligence Agency to invest in high-tech start-ups.
Many software technology firms involved in data analytics are open about their connections to intelligence agencies.
Gary King, a co-founder and chief scientist at Crimson Hexagon, a start-up in Boston, said in an interview that he had given talks at CIA headquarters in Langley, Va., about his company’s social media analytics tools.
The future holds the prospect of ever greater cooperation between Silicon Valley and the NSA because data storage is expected to increase at an annual compound rate of 53 percent through 2016, according to the International Data Corporation.
“We reached a tipping point, where the value of having user data rose beyond the cost of storing it,” said Dan Auerbach, a technology analyst with the Electronic Frontier Foundation, an electronic privacy group in San Francisco.
“Now we have an incentive to keep it forever.”
Social media sites in the meantime are growing as voluntary data mining operations on a scale that rivals or exceeds anything the government could attempt on its own.
“You willingly hand over data to Facebook that you would never give voluntarily to the government,” said Bruce Schneier, a technologist and an author.
Skype's Secret 'Project Chess'
...Reportedly
Helped NSA Access Customers' Data
by Dominic Rushe
in New York
20 June 2013
from
TheGuardian Website
Scheme - set up before firm was purchased by Microsoft - allegedly
eased access for US law enforcement agencies
Skype, the web-based communications company, reportedly set up a secret program to make it easier for US surveillance agencies to access customers' information.
The program, called Project Chess and first revealed by the New York Times on Thursday, was said to have been established before Skype was bought by Microsoft in 2011.
Microsoft's links with US security are under intense scrutiny following the Guardian's revelation of Prism, a surveillance program run by the National Security Agency (NSA), that claimed "direct" access to its servers and those of rivals including Apple, Facebook and Google.
Project Chess was set up to explore the legal and technical issues involved in making Skype's communications more readily available to law enforcement and security officials, according to the Times.
Only a handful of executives were aware of the plan. The company did not immediately return a call for comment.
Last year Skype denied reports that it had changed its software following the Microsoft acquisition in order to allow law enforcement easier access to communications.
"Nothing could be more contrary to the Skype philosophy," Mark Gillett, vice president of Microsoft's Skype division, said in a blog post.
According to the Prism documents, Skype had been co-operating with the NSA's scheme since February 2011, eight months before the software giant took it over.
The document gives little detail on the technical nature of that cooperation. Microsoft declined to comment. The news comes as the tech firms are attempting to distance themselves from the Prism revelations.
All the firm's listed as participating in the Prism scheme have denied that they give the NSA "direct" access to their servers, as claimed by the slide presentation, and said that they only comply with legal requests made through the courts.
But since the story broke a more nuanced picture of how the tech firms work with the surveillance authorities has emerged. The US authorities have become increasingly interested in tech firms and its employees after initially struggling to keep up with the shift to digital communications.
NSA officials have held high level talks with executives in the tech firms and are actively recruiting in the tech community.
'That information is how they make their money'
Shane Harris, author of The Watchers: The Rise of America's Surveillance State, said the NSA had a crisis in the late 1990s when it realized communication was increasingly digital and it was falling behind in its powers to track that data.
"You can not overstate that without this data the NSA would be blind," he said.
The NSA employs former valley executives, including Max Kelly, the former chief security officer for Facebook, and has increasingly sought to hire people in the hacker community.
Former NSA director lieutenant general Kenneth Minihan has taken the opposite tack and is helping create the next generation of tech security firms. Minihan is managing director of Paladin Capital, a private equity firm that has a fund dedicated to investing in homeland security.
Paladin also employs Dr Alf Andreassen, a former technical adviser for naval warfare who was also for classified national programs at AT&T and Bell Laboratories.
Harris said the ties were only likely to deepen as technology moves ever more of our communications on line. He warned the move was likely to present more problems for the tech firms as their consumers worry about their privacy.
"It's been fascinating for me listening to the push back from the tech companies," said Harris.
Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union, said the relationship between the tech giants and the NSA has a fundamental - and ironic - flaw that guarantees the Prism scandal is unlikely to be the last time tensions surface between the two.
The US spying apparatus and Silicon Valley's top tech firms are basically in the same business, collecting information on people, he said.
"It's a weird symbiotic relationship. It's not that Facebook and Google are trying to build a surveillance system but they effectively have," he said.
"If they wanted to, Google and Facebook could use technology to tackle the issue, anonymizing and deleting their customers' information. But that information is how they make their money, so that is never going to happen."