Actually, it’s not that difficult, according to mobile security company Fixmo’s CEO, Rick Segal.

“Despite the Bush years of let’s go play in another war, there’s a very tight, close alliance between Canada and the USA,” Segal says.

He can get away with saying that sort of thing more than most Canadians, because the CEO of this Toronto-based startup is a ex-patriate American who has spent the last 15 years in Canada. He’s building his business in Ontario because, he says, of the tax credits for high-tech companies, the influx of talent from the most-populous Canadian province’s 50+ universities, and the ability of Canadian governmental agencies to give him personalized attention in his efforts to break into new markets.

Such as sponsoring him to attend expensive international conferences like the one where he met “some NSA folks.”

Fixmo makes mobile security products that allow organizations to safely offer BYOD (bring your own device) policies that don’t imperil sensitive data and networks. The company, which had just three employees just a few years ago, offers an encrypted sandbox, digital fingerprint technology that can detect tampering to your mobile operating system, and compliance breaches like the installing of unauthorized apps on both iOS and Android. Built with 256-bit encryption, two-factor authentication, and remote wipe capability, Fixmo’s products are sold largely to governments.

And, interestingly, they’re built on software originally developed by the NSA.

“The US government and security agencies tend to view Canada as one of its own,” Segal says. “Eyebrows don’t get raised when a Canadian company does business with NSA … there’s no ‘it’s a foreign country’ kind of thing going on.”

It started — as so many things do — in Vegas.

While attending the wireless industry trade show CTIA in March 2011, Segal met the men in black who represent the NSA’s Technical Transfer Program, which is in place to commercialize technologies and products developed inside the agency. Interested in Fixmo’s existing security products, the NSA decided the company was a good bet to do business with.

After developing a relationship that resulted in a technology transfer in which Fixmo licensed agency-developed security code, Segal started building shippable products based on the NSA technology. Fixmo’s products, the company’s sales literature highlights prominently, “have been developed as part of a cooperative research and development agreement with the U.S. National Security Agency.”

That commercialization has culminated in the sale of those products back to the three-letter agencies.

“Seventy percent of our customers are government agencies like the NSA, FBI, and Homeland Security,” Segal says, noting a contract with the US air force that completed last week. “One of our clients has 700,000 seats.”

The company’s other clients include businesses in the financial services and healthcare industries, both sectors in which privacy, security, and compliance with corporate policies are paramount.

photo credit: DonkeyHotey via photopin cc

Disclosure: I’ve been invited by the government of Ontario to explore the startup ecosystem in Toronto, Waterloo, and elsewhere, and this post is part of that series, and Ontario has paid for this trip. My reporting, however, is my own.

President Barack Obama signed the Foreign Intelligence Surveillance Act bill into law yesterday after the U.S. Senate voted for an extension of the President George W. Bush-era spy bill 73-23.

The FISA bill gives the government clearance to tap into American citizens’ communications with people outside of the U.S. without a warrant, so long as it is done in the name of collecting foreign intelligence. Obama has previously stated his approval of the bill, saying that the U.S. needs such measures when dealing with national security. More specifically, it means that government entities such as the National Security Agency are able to watch Americans without probable cause. They need only an order from the secret FISA court, and they don’t have to alert the targeted citizen prior to the wiretapping.

At the time the bill’s extension passed, the Electronic Frontier Foundation, which protects people’s digital rights, called the decision a “blight on our nation.”

Perhaps more concerning is the fact that the surveillance can begin before an order is received and can continue through an appeals process should the court decide not to issue the order, as Wired notes.

Senators from both sides of the aisle proposed a number of amendments to FISA, including one that would require the government to reveal how many citizens have already been affected by this kind of surveillance. Thus far, we are unsure of the scale of the FISA bills’ effect. Another amendment would force the government to be more transparent about what exactly it is monitoring and what kind of data it is collecting.

The senate voted for the bill’s extension on Friday. It is now set to expire in 2017.

hat tip RT; Image of President Obama signing bills via The White House/Flickr

National Security Agency director General Keith Alexander promised a crowd of hackers Friday that the NSA does not keep a profile on every American. But one former employee is saying that’s not entirely an honest claim.

“His statement about not keeping track of every American is absolutely true. He missed a few,” said Bill Binney, former official in the NSA, at the Def Con conference in Las Vegas. In other words, the NSA does not keep a profile on every American.

“That’s the kind of word game they play,” Binney said. “There’s absolutely no excuse for him even implying that he’s not collecting all this data.”

Alexander, however, called the question of keeping profiles on every American “absolute nonsense,” during his talk at the same conference. He was the first NSA director to visit Def Con, a conference that has traditionally attracted hackers, feds, and press alike. During the speech, the director appeared in jeans and called a pre-teen hacker codenamed Sci-Fi to the stage to underscore the importance of passing hacking knowledge on to the country’s youth. Much of his talk centered around sharing between the private sector and the government, as well as the need for hackers to join the NSA’s team.

“We need great talent. We don’t pay as high as some of the others. We’re fun to be around,” said Alexander. “Sometimes you guys get a bad rap. From my perspective what you are doing to figure out the vulnerabilities in our systems is absolutely needed.”

His slides ended with a link to www.nsa.gov/careers/dc20, a recruiting site.

Don’t expect Binney to be visiting that site looking for another job with the agency. After leaving, he has since written a number of books about the NSA and the technology he created there, saying the agency built a number of facilities just to house the massive amounts of data it is said to collect on American citizens. On the same theme, James Bamford recently wrote an article for Wired Magazine about a new $2 billion Utah facility being erected so that it can serve a a repository for the NSA’s vast records.

“The reason I left the NSA is because they started spying on everybody in the country,” said Binney. “Unfortunately they took those programs that I built and turned them on you, and I’m sorry for that. I didn’t intend that. But they did that.”

Binney accused the NSA of always intending to spy on Americans, not just falling into the job after 9/11. Indeed, he says that “three-star generals” within the organization approached telecommunications companies to “supply customer data” in February of 2001, seven months before 9/11 occurred. He also said the systems the NSA uses to keep that data are able to identify parties within the communications and then build searchable profiles from there.

Alexander, on the other hand, says the NSA is watched by too many people for it to be able to get away with something like that. He mentions that all of the branches of government are privy to its activities and have access to the data it collects. Under the FISA, or Foreign Intelligence Surveillance Act, the NSA must with “minimize” the amount of data it receives if a foreign target is speaking with an American citizen. He further defined that this means “nobody can see” that data “unless a crime has been committed.”

Indeed, Alexander says that those who accuse the NSA of keep dossier on the American people “should know better.”

“Think of that 260 million dossiers, or however many you’d come out [with],” he said. “Let’s see, if you’re trying to maintain those dossiers, I’m not a real good mathematician, but let’s say we have 20,000 people working that. How many files would each of us have to work? I’m not that kind of guy who’s going to work all those files.”

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Former National Security Agency director Mike McConnell urged cloud companies to have a political opinion today, stating the US government is moving “very, very slowly  to address [cloud] threats.”

“We are the most digitally dependent nation on earth, we have more to lose,” said McConnell at the RSA Conference in San Francisco today. “There isn’t an entity on the globe that’s safe from penetration, not one.”

McConnell, currently the vice chairman of technology strategy firm Booz Allen Hamilton, spent 29 years as a U.S. Navy Intelligence Officer, and soon thereafter, the director of the NSA. During his time serving in the Navy, McConnell spent time wiretapping the enemy. They were confident that any attack on the country would be known, would be expected, would be protected against. Today, in the age of the cloud, McConnell is worried.

After the 9/11 terrorist attack in New York, McConnell met with then President George W. Bush in the oval office. He explained that while they were taking offensive actions against terrorist organizations, they weren’t being digitally defensive at home. If one of the terrorists had programming experience, and could hack into only one of the U.S.’s banks, it could have a economic damage on the country and the globe far bigger than the damage felt by 9/11.

The former president immediately gave McConnell $13.7 billion to start patching the holes. When Obama came on board, he upped the budget to $18 billion. But thus far that money has only gone toward protecting .gov domains. However, ninety-eight percent of the cloud exists on .com domains.

For McConnell, it is up to the cloud companies to take a political stance now, and ask representatives to protect the U.S. from what he calls “cyber economic espionage.” He says legislation is coming, but it’s not going to be enough. Cloud companies also need to start the debate about privacy regulation across country borders.

“I’ve got a message for you,” said McConnell. “Drive this technology, and drive the standards to force change. The economics of the cloud are compelling…and we’re going to have to get the security aspects of it right.”

Mike McConnell photo via Wikipedia