A report from Bloomberg this morning says that an awful lot more than just eight firms are contributing to the American NSA monitoring of communications:
"Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence..."
Of the thousands implicated, the report names just two, Microsoft and Intel-McAfee. However, the way Microsoft supports the NSA sheds a light on how CAD vendors might be helping out. Microsoft secretly provides advance notice of bugs to the American government, allowing agencies to exploit the bugs on computers running overseas. This from a company that pretends to be outraged when Google releases early information about bugs in Microsoft software.
Frank Shaw, [vice president of corporate communications] for Microsoft, said those releases occur in cooperation with multiple agencies and are designed to give government “an early start” on risk assessment and mitigation.
The article notes that when companies provide information willingly, then no FISA oversight is needed by the government. In addition, very few within a company -- "a key executive at a company and a small number of technical people" -- know that they are disseminating information customers assume is being held in confidence.
Data generated within Canada is particularly vulnerable, because Internet pathways between two points in Canada may well travel through the USA when routers deem it more efficient. As this traffic is deemed foreign, it so requires "less legal scrutiny."