STE WILLIAMS

Networking supergiant Cisco has become the latest big firm to release a transparency report, detailing its approach to dealing with requests for information from governments and police forces, and listing how many such requests have been received and responded to.

The stats themselves are remarkably stark and simple – it seems Cisco didn’t have to deal with any requests for information at all, from law enforcement or national security agencies, whether in the US or elsewhere, in this first reporting period covering the first half of 2014.

Cisco isn’t the first company to release a report like this of course; over the last few years we’ve seen similar reports from most of the big internet players, including Google, Facebook, Yahoo!, Apple, Microsoft, and even Snapchat.

They’re all keen to show that they’re open and honest, keeping their users and customers informed of any attempts to force them into cooperating with The Man by handing over whatever sensitive or confidential information they may be holding.

In most other cases though, there have been at least some information requests to report – in some cases fairly large numbers. Most of those listed above regularly report thousands if not tens of thousands of requests, from all around the world.

The most recent sets of stats from Facebook, covering the second half of 2014, includes over 35,000 requests, with more than 14,000 from the US alone.

Google and Microsoft both cover more than 30,000 incidents each in their latest releases, and even a relatively small and comparatively young business like Snapchat has been asked for data a few hundred times.

So how come a giant firm like Cisco hasn’t been asked for anything? And why release such a report, if there’s nothing to actually say?

The first part seems fairly obvious. Cisco isn’t a big provider of webmail, messaging services, search engines or social networking. Its main business is a lot more real-world, selling a broad range of devices from dinky home-user tools to heavy-duty industrial-grade kit (alongside a selection of less tangible offerings such as software and services to back it up of course).

The company is not, one would think, going to be the first port of call in a police investigation.

While it might be fairly normal these days to look into a criminal’s social networks or call history, surely fairly few feds will find themselves thinking “I wonder if this suspected terrorist has bought any nice routers or switches lately?”

The most likely answer to the second question, the reason for releasing a blank report, is of course the legacy of Edward Snowden and the great NSA data security fail of 2013.

In the wake of the Snowden revelations, there’s been a lot of vague and generally unproven conspiracy theorising about big firms and to what extent they have collaborated with security agencies.

Various allegations about the big platform providers and social sites brought us the transparency report movement in the first place, with a group of the big web players listed earlier taking legal action to ensure they could openly communicate how often they were asked for user info and how hard they tried to keep it to themselves.

Along with most other networking hardware makers, Cisco took its share of flak and accusations, especially after details emerged of techniques the NSA apparently used to circumvent the company’s firewalls.

The firm responded with strong denials that they in any way weakened their products or opened up backdoors for the snoops.

Details of the TAO project later suggested that hardware was physically intercepted and doctored en route to customers, by a team of low-glamour secret agents.

This report seems to be designed as another step in the process of restoring a reputation for solidity and probity, and the information provided along with it backs that up.

Cisco has made a clear and public promise to report these stats every six months, empty or not, and also details how it approaches requests for information: challenging any requests as far as possible, informing those subject to data requests where legally permitted, and only stretching these rules in life-threatening situations.

It’s all good and proper, and quite reassuring to know that the world’s law enforcement and security agencies aren’t demanding data from every big company operating on the web, so far at least.

Let’s hope we don’t see rather more juicy revelations in another six months.

Follow @VirusBtn
Follow @NakedSecurity

Image of magnifying glass courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/zF_S7rntcLA/