Germany: US snooping poses risk of data theft, industrial espionage

germanindustryGerman companies believe the US now poses almost as big a risk as China when it comes to industrial espionage and data theft, a survey has revealed.

The startling finding of a survey of 400 companies conducted in mid-July underscores the shift in German public and business opinion caused by revelations about US surveillance activities.

Some 26 per cent of German managers, IT and security professionals described the US as a high-risk place for industrial espionage and data theft, according to the survey commissioned by EY, the consultancy.

This was second only to the 28 per cent of respondents who view China as a particularly high-risk country for industrial espionage. Russia was ranked third, with 12 per cent saying it posed a significant risk.

When they were asked the same question two years ago only 6 per cent of German companies described the US as a high-risk centre for industrial espionage and data theft.

“Until now [German companies] mostly identified China and Russia as the location of [potential] attackers. Now companies realise that western intelligence agencies also employ very comprehensive surveillance measures,” Bodo Meseke, executive director of fraud investigation and dispute services at EY, said.

US surveillance has become a core issue in Germany’s election campaign following disclosures about Prism, the US data mining programme, and reports in Der Spiegel, the German magazine, that the US has spied on EU offices and is obtaining around 500m pieces of metadata a month from Germany.

Opposition parties have pressed ministers to obtain answers from the US on the extent of any spying on German soil, and the Federation of German Industry has described media reports about US surveillance as “concerning”.

Following meetings in Washington last month, Hans-Peter Friedrich, Germany’s interior minister, assured German industry that the US National Security Agency had not engaged in industrial espionage in Germany.
The US says its cyber activities are focused on combating terrorism and do not target companies, in contrast to China, which Washington accuses of cyber snooping to obtain corporate secrets.

These assurances do not appear to have convinced a significant portion of Germany’s business community.

Germany’s dependence on high-tech exports means the protection of patents and intellectual property are of perennial concern. Modern Germany’s tolerance of mass surveillance is also far lower than in other countries because of their experience of Nazism and East Germany’s Stasi secret police.

German companies continue to view business competitors in foreign countries as a bigger espionage threat than state intelligence agencies, according to the EY survey.

There are signs that disclosures made by Edward Snowden, the former NSA official turned whistleblower, are affecting the cloud computing industry, which involves storage of data and software on huge external servers rather than local hard drives.

A separate survey carried out last month by the Cloud Security Alliance, a trade body, found that 10 per cent of non-US members had cancelled plans to use a US-based cloud provider. Some 56 per cent said they would be less likely to use a US cloud company in future. – FT