Monday, March 27, 2006

Feds stop Israeli company purchase

Checkpoint, the Israeli company that makes the most popular firewall product worldwide, has been effectively stopped from buying an American company, Sourcefire. Sourcefire creates Snort, an open-source intrusion detection software, as well as some commercial products that build on Snort.

It was done by the same government panel that approved the Dubai ports deal.

Forbes reported in early March:
The company was told U.S. officials feared the transaction could endanger some of the government's most sensitive computer systems.

The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers.

The contrast between the administration's handling of the $6.8 billion Dubai ports deal and the Israeli company's $225 million technology purchase offers an uncommon glimpse into the U.S. government's choices to permit some deals but raise deep security concerns over others.

The 45-day investigation into the Israeli deal still under way is only the 26th ever conducted in 1,600 business transactions reviewed by the Committee on Foreign Investments in the United States. The panel, facing criticism by Congress about its scrutiny of the ports deal, judges the security risks of foreign companies buying or investing in American industry.

In private meetings between the panel and Check Point, officials from the FBI and Defense Department objected forcefully to permitting any foreign company to acquire some sensitive Sourcefire technology for preventing hacker break-ins and monitoring data traffic, an executive familiar with the discussions told The Associated Press. This executive spoke on condition of anonymity because government negotiations are supposed to remain confidential.

William Reinsch, a former senior U.S. official who participated in reviews under President Clinton, said the Israeli sale involves more dire security issues than the administration's recent approval for a Dubai-owned company to take over significant operations at six major American ports.

"This raises a lot more important issues," said Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."

Many things do not make sense about this:
  • Snort is open-source, meaning that the technology is completely open and transparent to the world. There is no additonal security risk to having Israel own the rights to the code that is already publicly known, even if the government is heavily using Snort. (The feds could take the open-source Snort and build new versions based on that, rather than use the new ones thast Checkpoint would come out with.)

  • The government already uses Checkpoint firewall software, and that in theory is far more problematic than intrusion detection software. For years, people who distrust Jews have spread rumors that Checkpoint put backdoors into the firewall software so they can break into computers at will. Of course it is untrue (the downside of having something like that discovered is so much worse than any perceived benefit as to make the idea ridiculous.)

    Anyway, firewall software is in the critical path of data; intrusion detection systems are not. If the Israelis can be trusted with firewall code, there is no additional risk for IDS.

  • Anyone who thinks that trusting Arabs who support terror with port security makes more sense than trusting Israelis with perceived data security is insane.
So what's going on? Was it an overreaction to the criticism over Dubai? Was it latent anti-semitism in the FBI and Pentagon? Was it a complete misunderstanding of technology?

This is a bit troubling.