Debunked! The CIA-Docker connection

Last week The Intercept reported that the Central Intelligence Agency’s In-Q-Tel venture capital firm has been investing in companies that mine social media, a reflection of the agency’s increasing focus on monitoring social media use.

Some readers may have been alarmed to also learn that one of the companies that presented at a summit sponsored by In-Q-Tel was Docker. But Docker’s involvement with In-Q-Tel appears limited to a government support contract for its software — a wholly uncontroversial connection between Docker and the spy agency.

Much of The Intercept’s article focuses on how software and hardware vendors participate in the creation of surveillance systems that can be used in a questionable manner by law enforcement and government agencies. But again, there’s little sign that Docker is participating on that level.

A brochure for In-Q-Tel’s summit listed Docker and a number of other firms as presenters, The Intercept reported. Docker is also listed as having a government contract to provide support services to “the Bureau of the Fiscal Service [an arm of the Department of the Treasury], on behalf of the Consumer Financial Protection Bureau (CFPB).”

In other words, whatever government money Docker is receiving is for support to an arm of the government that has no direct connection with the CIA.

In-Q-Tel has previously cultivated relationships that make it easier for vendors to work with federal customers. In 2009 it purchased support for the Lucene search engine from Lucid Imagination, mainly to provide backing by an official vendor for government use.

Earlier this year, Cylance — creator of an endpoint intrusion detection system used by Dell, among others — signed a strategic investment and technology development agreement with In-Q-Tel. “The partnership is intended to simplify the review process for intelligence agencies seeking more effective endpoint security technology for preventing the success of today’s new breed of cyberattacks. The investment does not restrict Cylance’s business or technology in any way,” said Stuart McClure, founder and CEO of Cylance.

There are good reasons to worry about the influence that government bureaus could wield over information technology projects. After all, it’s hard not to be suspicious once word broke of the NSA’s attempts to surreptitiously weaken encryption standards. Likewise, that agency’s alleged infiltration of networking hardware is sure to cause unease.

It would raise eyebrows if developers were sneaking unreviewed source code patches into Docker’s commit tree or arranging to fund specific features in Docker with questionable implications. But Docker’s involvement currently appears limited to selling support for its product to a government agency.

(Docker did not immediately return requests for comment.)