Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Outsourcing jobs a security risk: US intelligence
Indian Express Newspapers (Bombay) Ltd ^ | March 20, 2004

Posted on 03/20/2004 4:06:30 AM PST by sarcasm

Washington, March 20:With as many as three million software industry jobs poised to move offshore by 2015, the US industry needs to protect itself against potential security risks, including economic espionage, the chairman of the National Intelligence Council has warned.

“While outsourcing of business functions is a growing trend that helps firms cut costs, it also brings potential security risks--particularly when outsourcing involves entities owned and operated abroad,” Robert L. Hitchings, Chairman of the council, which is the US intelligence community's think tank said while addressing the international security management association in Scottsdale.

He said besides outsourcing, writing computer codes aboard and importing hardware entails security risks. “As many as 3 million software industry jobs could move offshore by 2015, with 70 per cent of these jobs moving to India, 20 per cent to the Philippines and 10 per cent to China,” he said. Warning that corporate leaders need to be on guard.

“Corporate leaders need to be on guard and know who their business partners are and what security measures they have in place to protect against loss, whether through unintended leakage of proprietary business information, deliberate thefts of intellectual property, or outright economic espionage," Hitchings said.

While technology now allows companies to have their most sensitive proprietary computer code written overseas, he said the inability of companies to sufficiently vet the personnel involved in these activities can create a “significant vulnerability.”

US openness to foreign trade and investment and its commitment to global information sharing through academic and scientific exchange, Hitchings said unfortunately leave US technologies highly exposed to foreign exploitation. Pointing out that collectors last year employed a wide variety of techniques in their quest to circumvent US restrictions in the acquisition of sensitive manufacturing processes, he said foreigners often through middlemen acquired sensitive US technologies simply by requesting them via e-mail, faxes or telephones.

Globally networked information systems, he said, also present vulnerabilities, and even the simplest computer threats pose real risks for US companies’ business interests and proprietary knowledge.

Information technology, said Hutchings, has become as important to the US economy as oil, and the growing dependency of the US on foreign it "raises concerns for corporate as well as national security." for instance, he said, half of the world's laptops, one quarter of desktop computers, and half of all PC motherboards are now assembled in China. Taiwan is now responsible for about 70 per cent of all semiconductor production for hire--producing chips designed and marketed by others.”

This growing US dependence, said Hutchings, makes US IT firms vulnerable to interruptions of foreign-built critical components, whether intentional or accidental. “Foreign supply disruptions could suspend US firms' deliveries of finished systems within only a few days, as most carry limited inventories.”


TOPICS: News/Current Events
KEYWORDS: nationalsecurity; outsourcing
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-70 next last

1 posted on 03/20/2004 4:06:30 AM PST by sarcasm
[ Post Reply | Private Reply | View Replies]

To: harpseal; A. Pole
ping
2 posted on 03/20/2004 4:08:38 AM PST by sarcasm (Tancredo 2004)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sarcasm
I wonder how many back-doors are being inserted into computer software by our offshore programmers?
3 posted on 03/20/2004 4:37:55 AM PST by GregoryFul (who ya gonna call?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sarcasm
Not to mention that whenever customer data goes offshore, it's by statute no longer subject to the privacy and security laws of the United States, e.g., HIPAA regs no longer apply.

BTW, had a very frustrating discussion yesterday with my bank's customer service representative in (I suppose) Bangalore. The telltale Indian accent, overseas hiss on the line, slight delay in voice transmission.

She insisted I'd made an error in validating my account info (I hadn't) but refused to tell me what the problem was, and that "changes" had been made to my account but she couldn't discuss those either. When we finally got to the actual reason for my call, she couldn't explain the transaction in question nor where it came from.

Very helpful people. Not.

4 posted on 03/20/2004 4:40:10 AM PST by angkor
[ Post Reply | Private Reply | To 1 | View Replies]

To: angkor
Remember, the official line is 'there is no problem with outsourcing!'

5 posted on 03/20/2004 4:43:15 AM PST by HarryCaul
[ Post Reply | Private Reply | To 4 | View Replies]

To: angkor
Not to mention that whenever customer data goes offshore, it's by statute no longer subject to the privacy and security laws of the United States, e.g., HIPAA regs no longer apply.

Source?

6 posted on 03/20/2004 4:48:06 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 4 | View Replies]

To: angkor
It is even worse when foreign conglomerates are allowed to buy up American businesses. There is one case where a foreign conglomerate bought an American company (building contractor). The American company changed its name 3 times over the course of a two year period. It bought over $100k worth of materials from a small business - then refused to pay for the goods - even tho there were signed contracts in agreement for the company to make their purchase. The American small business who had been around for more than 18 years was put out of business - completely.

A foreign company bought an American company only to put another small American company out of business. And they did it while working on American government contracts.

You would think that our government would find this to be a form of economic terrorism.



7 posted on 03/20/2004 4:49:27 AM PST by tomball
[ Post Reply | Private Reply | To 4 | View Replies]

To: 1rudeboy
How's this for starters? SOURCE

One can hardly expect U.S. statutes to apply to citizens and business entities of another sovereign nation, now, can they?

8 posted on 03/20/2004 4:58:01 AM PST by neutrino (Oderint dum metuant: Let them hate us, so long as they fear us.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: sarcasm
Good article!

Gee, I wonder if our buddies the pakies would engage in a little corporate espionage? Nah, not them! They love us! (/intense sarcasm)

9 posted on 03/20/2004 4:59:31 AM PST by neutrino (Oderint dum metuant: Let them hate us, so long as they fear us.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: neutrino
One can hardly expect U.S. statutes to apply to citizens and business entities of another sovereign nation, now, can they?

Does the company do business in the U.S.? Back to Civil Procedure class, my friend.

10 posted on 03/20/2004 5:02:00 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 8 | View Replies]

To: 1rudeboy
Source?

I've posted a link to the exact, specific HIPAA subsection in previous threads, don't have the time to look for it again. Do a Google on "HIPAA outsourcing" and poke around, you'll find it.

HIPAA specifically and by statute allows "Covered Entities" (e.g., HMOs) to outsource medical records (for example), and the "Covered Entity" is thereafter not liable for privacy or security breaches made by the outsourcing vendor.

11 posted on 03/20/2004 5:07:01 AM PST by angkor
[ Post Reply | Private Reply | To 6 | View Replies]

To: 1rudeboy
Does the company do business in the U.S.?

The rules of civil procedure apply to civil cases. As I recall, the rules of venue specify that civil actions much be initiated in the same venue as the defendant. Which might be just the least bit problematic for one located in India.

And then we have to remember that the really big teeth are available through criminal prosecution. I wonder (even more) how one proposes to file criminal charges against an outsourcing company in New Delhi.

12 posted on 03/20/2004 5:07:03 AM PST by neutrino (Oderint dum metuant: Let them hate us, so long as they fear us.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: angkor
Thanks for nothing.
13 posted on 03/20/2004 5:10:15 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 11 | View Replies]

To: Willie Green; Wolfie; ex-snook; Jhoffa_; FITZ; arete; FreedomPoster; Red Jones; Pyro7480; ...
While technology now allows companies to have their most sensitive proprietary computer code written overseas, he said the inability of companies to sufficiently vet the personnel involved in these activities can create a "significant vulnerability."

I am sure Chinese and Indian governments can do security clearances if asked.

Pointing out that collectors last year employed a wide variety of techniques in their quest to circumvent US restrictions in the acquisition of sensitive manufacturing processes

No problem. We are so creative that we will invent new technologies faster than they can steal. No need to cry over buggy whips.

14 posted on 03/20/2004 5:10:55 AM PST by A. Pole (<SARCASM> The genocide of Albanians was stopped in its tracks before it began.</S>)
[ Post Reply | Private Reply | To 1 | View Replies]

To: neutrino
Likewise, a criminal act in the U.S. is prosecuted in the U.S. You might be able to argue that the crime itself did not occur in the U.S., but I suspect you'd rather do it here, instead of in front of a judge.
15 posted on 03/20/2004 5:14:12 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 12 | View Replies]

To: 1rudeboy
Likewise, a criminal act in the U.S. is prosecuted in the U.S.

So, you suppose that India or China will let us extradite some local on the basis of a HIPAA violation? My, you are an optimist!

16 posted on 03/20/2004 5:19:20 AM PST by neutrino (Oderint dum metuant: Let them hate us, so long as they fear us.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: 1rudeboy
Thanks for nothing.

Gimme' a break.

17 posted on 03/20/2004 5:23:18 AM PST by angkor
[ Post Reply | Private Reply | To 13 | View Replies]

To: neutrino
So, you suppose that India or China will let us extradite some local on the basis of a HIPAA violation?

Earlier, someone argued that the HIPAA cannot be "violated" overseas . . . I'd like to figure that out before getting into an argument with you.

Incidentally, if your medical records are stolen, do you think your lawyer will go after the medical-provider, or simply consult you to let the state prosecutor's office handle the case?

18 posted on 03/20/2004 5:24:37 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 16 | View Replies]

To: angkor
No, I will not. I expect, on a discussion forum such as this one, that folks back-up their assertions . . . instead of giving me the on-line version of "the dog ate my homework."
19 posted on 03/20/2004 5:26:47 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 17 | View Replies]

To: neutrino; 1rudeboy
So, you suppose that India or China will let us extradite some local on the basis of a HIPAA violation?

Not possible in any case since HIPAA specifically exempts third-party outsourcers and Covered Entities from breaches by the third-party outsourcer (unless the outsourcer is itself a Covered Entity, which most would not be).

In other words, there is no law under which an outsourcer can be prosecuted either here or abroad.

20 posted on 03/20/2004 5:30:41 AM PST by angkor
[ Post Reply | Private Reply | To 16 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-70 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson