When it comes to the NSA's spying activities, worldwide outrage is perhaps overblown — and shouldn't detract from supply chain concern about information security in the broadest sense.
One of the most memorable scenes in the film classic Casablanca is when the French police chief uses gambling as a pretext to shut down Rick's Café Americain. He feigns disbelief when he tells Rick, played by the iconic actor Humphrey Bogart, that he is “shocked” to see gambling taking place on the premises — just before he is handed his winnings for that night. The scene aptly serves as an analogy of the German and, especially, the French governments' very public display of their shock and outrage over Le Monde’s report that the NSA has intercepted millions of communications among their high-level officials.
The France and German governments were certainly aware that one of their staunchest allies was spying on them, long before the Le Monde report was published. The United States is also well aware that France and Germany use their technology to attempt to spy on the country. Before the diplomatic row started over the report of the NSA's spying on France and Germany, Arnaud Danjean, a European parliament member and a former employee of France’s NSA equivalent Direction Générale de la Sécurité Extérieure (DGSE), told Le Monde that Western allies routinely spy on each other.
Regarding how the United States was reportedly eavesdropping on French embassy communications, Danjean told Le Monde that the US, French, German, and UK governments invariably do the same between them.
Indeed, spying is sometimes called the world's second oldest profession for good reason. Espionage among allies in Western countries has taken place for centuries and is certainly widespread around the world beyond US and European borders. While arguably more of a threat to Western countries, the US Department of Defense, for example, has revealed cases of attacks originating in China and Russia when US trade secrets were compromised.
Still, the Le Monde report of a few days ago has certainly added flames to the fire for those concerned about the potential security risks that the NSA poses to supply chains, especially for organizations with direct business ties to the United States.
Already, US companies in the tech sector probably lost a significant amount of business from overseas customers when Edward Snowden, a contractor for the NSA, leaked information earlier this year to the press about how the NSA has collected user data from Facebook, Google, Skype, and other US companies. As an indication of the damage done to US technology firms' reputations, the Cloud Security Alliance (CSA) published the results of a survey earlier this year that revealed that 56 percent of non-US residents were less likely to use US-based cloud providers following the Snowden affair.
However, to say that there is more going on in the murky world of supply chain and industrial espionage than meets the eye is a euphemism. While the NSA's activities continue to dominate the headlines, it is easy to overlook the fact that governments from other countries are engaged in spying activities that, at the very least, are similar to what the NSA is doing. France routinely monitors email, social networking, and other communications without warrants or court orders.
France's NSA-like activities have been underreported in the United States and in France and certainly have not invoked the outrage that the Snowden affair has. In fact, according to Le Monde, the French government tries to intercept all Twitter, Facebook, and Gmail communications sent within France's borders and stores the data for years, making the NSA's activities seem like a misdemeanor in comparison in many ways.
The NSA's activities, at the very least, are still a concern for supply chain companies that have communicated sensitive information to parties in the United States, especially when using Gmail, Facebook, Skype, or other services compromised by the NSA. But the NSA is but one of many security worries that threaten supply chains.
Keeping data as safe as you can involves many facets of security management, including encryption, avoidance of electronic communications altogether for certain very sensitive data sharing, and other means. However, without defending the NSA in any way, government-sponsored espionage by governments around the world, as well as a data thieves whose mission is to steal and broker your sensitive data, collectively represent the biggest security problem to today's supply chain.