narus-logo.gif

The venture capital-backed Silicon Valley company Narus has found itself at the center of a legal fight over domestic spying. We’re now wondering how its software is being used abroad in places like China and the Middle East.

Narus is based in Mountain View, and makes a network management software.

This week, the Electronic Frontier Foundation filed documents contending Narus’ software was plugged into AT&T’s network as part of a massive surveillance program conducted by the National Security Agency — to eavesdrop on Americans’ international phone calls and e-mails. President Bush signed a secret order in 2002 authorizing the NSA project.

Our Mercury News colleague Elise Ackerman has the story today (free registration). An AT&T technician said a computer containing Narus’ software had been installed in a secret room in the company’s Folsom Street office in San Francisco after Oct. 2003 to monitor “people’s e-mail, Web surfing or any other data.”

We’re not sure if this is negative publicity for the company, or positive, because it has given Narus’ chief executive a grand platform to talk about Narus’ unique properties:

Narus CEO Greg Oslan said the company’s software is designed to allow carriers to monitor all Internet traffic, including Web searches, e-mail content and attachments, and Internet phone calls.

There are business reasons for this: AT&T could decide to charge a customer more if they’re putting more strain on the network, such as by downloading movies.

There are also security reasons: As the Internet is increasingly used for new purposes such as watching TV, new ways of spreading viruses and other malicious online behavior are popping up.

For example, Narus says viruses can hitchhike on encrypted Internet phone calls. Traditional security software can’t spot these invisible intruders, but Narus can. “We provide a unique level of protection,” Oslan said.

Good stuff. But more sobering is that the company is selling its technology to folks like China’s Shanghai Telecom for a system we’ll never know exactly how is being used. At the minimum, the Chinese government can use it to detect and block certain “unauthorized” telephone calls placed over the Internet, but it could be used for much more aggressive monitoring of its citizens.

And here is Narus’ response to questions about how customers are using its product: “Once our customers buy your product, it’s relatively opaque to us,” said Steve Bannerman, vice president of marketing.

Narus has received at least $55 million from Walden International, Mayfield, J.P. Morgan Capital, Intel Capital and others over the past six years, according to our records.