Technology giants allowing Russian government access to source code
Fri 23 Jun 2017
Western technology companies such as Cisco, IBM and SAP are granting Russian agencies access to proprietary information when requested, ostensibly to ensure that access to the lucrative Russian tech market is not blocked.
Hewlett-Packard Enterprise and MacAfee have reportedly allowed the Russian government source code reviews of their products as well.
However, some companies are declining these requests. For example, representatives from Symantec told Reuters that the company had refused to allow the Russian government to conduct source code reviews because it had concerns about security.
Requests for source code review come from the Russian Federal Security Service (FSB), which is in charge of issuing approvals for the sale of technology products in the country. Some requests are also generated by the FSTEC, the Federal Service for Technical and Export Control, which is responsible for protecting the government from cyberattacks and managing state secrets.
Russia is not the only country to demand review of proprietary information from United States technology companies as a condition of market access. Most recently, the new Chinese cybersecurity law requires that the government be given access to source code on demand as part of a ‘national security review.’ It is understood by all parties that denying these requests may result in market access being denied to non-cooperating companies for lengthy periods, or perhaps permanently.
The technology companies that do accede to the demands for code review protect their proprietary data by only allowing review in secure facilities, which prevents the information from being copied or tampered with.
These facilities, however, did not fulfil security requirements for Symantec. The facility Symantec was directed to use was intended to be a third-party provider, but the company found that the operator had ties to the Russian government.
Symantec decided that while it did not believe that Russia had attempted to hack its products, “the protection of our customer base was more important that pursuing an increased market share in Russia.” According to a spokesperson, Symantec instituted a policy in 2016 preventing the company from releasing information to third-party security reviews when the testers have ties to a foreign government. This policy has caused Symantec to be largely shut out of the Russian market.
“As a result, we do minimal business there.”