GOVERNMENT
Uneasiness About Security as Government Buys Software
- Written by: Writer
- Category: GOVERNMENT
By JOHN MARKOFF, The New York Times -- Sitting at his laptop computer in a hotel near Toronto one day last October, Gregory Gabrenya was alarmed by what he discovered in the sales-support database of his new employer, Platform Software: the names of more than 30 employees of the United States National Security Agency. The security agency, one of many federal supercomputer users that rely on Platform's software, typically keeps the identities of its employees under tight wraps. Mr. Gabrenya, who had just joined Platform as a salesman, found the names on a list of potential customer contacts for Platform's sales team. The discovery crystallized his growing concern that the company was perhaps too lax about the national security needs of its United States government customers, in the military, intelligence and research. "Anyone who had an account on the system could see this list," Mr. Gabrenya recalled in a recent interview. "They shouldn't be seeing this information and I shouldn't be seeing it." What really worried him, Mr. Gabrenya said, was that Platform, although based in Markham, Ontario, maintains a software maintenance and testing operation in Beijing — which he was not sure the company had made clear enough to its American government customers. He repeatedly raised the concerns with Platform executives, who say his fears were unfounded. In March, Mr. Gabrenya, who had previously worked for nearly 10 years as a salesman for the supercomputer maker Silicon Graphics, was let go by Platform. The company said he had not met sales goals. Mr. Gabrenya said his whistle-blowing led to his dismissal. Mr. Gabrenya, a 42-year-old American, stressed that he had seen no evidence of espionage or other wrongdoing by Platform employees either in Canada or China. But he said that he was concerned about two possibilities, that sensitive government information was not receiving adequate protection and that the Chinese software operation could be infiltrated by foreign agents who could tamper with software being used by United States government agencies. The issues Mr. Gabrenya raised are part of a tension in the information technology industry, as crucial computer programming is increasingly performed outside the United States, either in the form of jobs exported from this country or by a growing array of foreign competitors. The trend poses risks, in the view of some American government officials, because of the potential for foreign spies to sneak illicit code into critical programs, and simply because the United States is increasingly losing dominance in information technology. "Software is so goofy because there is so many lines of code that hiding Trojans inside the system is the easiest thing in the world to do," said Keith A. Rhodes, the chief technologist of the General Accounting Office. "Setting aside national security, we're also talking about a tremendous advantage you give to your national competitors." The concerns cut both ways. The Chinese government has repeatedly accused the United States military and intelligence organizations of attempting to conduct espionage by manipulating American products sold in China. The tracking features in Intel's microprocessors and Microsoft's operating system software are of particular concern to Chinese officials, which is one reason China is intent on expanding its own technology industry. "The Chinese emergence as a global workshop for information technology presents us with a new area of export control challenges," said James Mulvenon, an analyst at the RAND Corporation. Hong Chen, a Chinese technologist in Silicon Valley, who is not affiliated with Platform Software, said that there were software technologies that the United States should jealously guard and not develop overseas, but that Platform's was not among them. "I don't think the technologies at stake here are crucial to national security," said Mr. Chen, an executive who heads the Hua Yuan Science and Technology Association, a Silicon Valley group of more than 1,000 entrepreneurs and technologists who were born in mainland China. For the most part, Mr. Chen said, the United States and China should freely exchange technologies. Platform Software dominates the market for software that enables clusters of powerful computers to work together. It has dozens of United States federal customers, and computer makers including Dell, I.B.M. and Silicon Graphics also sell its software to federal customers. The company was co-founded in 1992 by a Chinese-born computer scientist, Songnian Zhou, who received his Ph.D. from the University of California at Berkeley, and who remains Platform's chief technology officer. Mr. Gabrenya, who lives in Northern California, is still looking for work. He said that shortly after he was hired by Platform, he began raising his concerns with company executives, first in person and then in writing. In January, he spelled out his concerns in an e-mail message to his boss: "After spending a little over 90 plus days here at Platform, I find myself less comfortable in this job than when I began. The reason? Our China office. It's clear that we now have people in Beijing doing important development work and we are not, as a company, telling our U.S. government customers. That's a problem in my mind. Is this illegal?" The e-mail message and his persistent queries led the company to blackball him, Mr. Gabrenya said. His relationship with Platform deteriorated, he said, after he told the company that his security concerns made him uncomfortable trying to sell its products to the NASA Ames Laboratory, a government research center in Silicon Valley. Executives at Platform Software dispute Mr. Gabrenya's charges, saying the company has stringent rules in place to separate its foreign operations from its domestic software development process and computer systems. The company says that none of its software for customers in the American government is developed in China and that it has carefully informed those customers about its test and maintenance organization in China. "What I did say to Greg at the time is that there is clear demarcation with respect to development of software and no code goes to China," said Ian Baird, vice president for sales and marketing operations at Platform. The company also does not make customer information stored in its sales support database generally available within the company, he said, adding that it was unclear how it would have been possible for Mr. Gabrenya to have the authorization to view the security agency customer data. A security agency spokeswoman said last week that the agency was not prepared to comment. But several of the company's other United States government customers said they were aware of Platform's operation in China and were not concerned. A spokesman for one customer, the Los Alamos National Laboratory in New Mexico, said that dealing with software written outside of the United States was now a normal occurrence. "Of course we knew that Platform has subsidiary offices all over the world, including China," said Kevin Roark, a spokesman for the Los Alamos laboratory. He said the lab reviewed all of the basic programmer instructions, known as source code, before running software used in classified applications. "The reality of software in the 21st century," he said, "is you count on software having source from foreign sources." Even before Mr. Gabrenya's complaints, Platform Software said, it had been taking steps to isolate its overseas divisions from the sale of its software technology to customers in the United States with classified military and intelligence applications. The company recently created a separate board for its unit that sells to the United States government. The board includes two former government officials: Oliver Revell, president of the Revell Group International and former assistant director of the Federal Bureau of Investigation, and Harry Soyster, vice president of the Washington consultants Military Professional Resources Inc. and a former lieutenant general in the Army who directed the Defense Intelligence Agency. Mr. Revell said he was unfamiliar with the details of Mr. Gabrenya's dispute with Platform, but said he thought the company had taken the necessary steps to insulate itself from potential foreign intelligence operations. "I've spent 35 years defending my country and I would not participate or allow my name to be used in a company that had any potential risk to the United States," Mr. Revell said. "As far as I'm concerned the software provided will be thoroughly checked and all of the U.S. government customers are aware of what's being done and where it's being done." Mr. Gabrenya, for his part, said he could have gone to a lawyer and attempted to reach a financial settlement with the company for what he considers his wrongful termination, but that "it was not about money." "I have some moral concerns," he said. "This is about doing the right thing." This article is used with the permission of The New York Times.