There's an interesting interview posted at Bruce Schneier: NSA Spying Is Making Us Less Safe, and the part about back doors in over the counter software is particularly interesting in light of NSA predilection to spy on citizens. Here's an excerpt:
There have been many allusions to NSA efforts to put back doors in consumer products and software. What’s the reality?
The reality is that we don’t know how pervasive this is; we just know that it happens. I have heard several stories from people, and am working to get them published. The way it seems to go, it’s never an explicit request from the NSA. It’s more of a joking thing: “So, are you going to give us a back door?” If you act amenable, then the conversation progresses. If you don’t, it’s completely deniable. It’s like going out on a date. Sex might never be explicitly mentioned, but you know it’s on the table.
But what sorts of access, to what products, has been requested and given? What crypto is, and isn’t, backdoored or otherwise subverted? What has, and hasn’t, been fixed?
Near as I can tell, the answer on what has been requested is everything: deliberate weakenings of encryption algorithms, deliberate weakenings of random number generations, copies of master keys, encryption of the session key with an NSA-specific key … everything.
NSA surveillance is robust. I have no inside knowledge of which products are subverted, and which are not. That’s probably the most frustrating thing. We have no choice but to mistrust everything. And we have no way of knowing if we’ve fixed anything.
There's a market niche available to some entrepreneur in some country free of ties with the U.S. to develop software and encryption programs without back doors. But as Schneier says, you can't trust anyone.
P.S. Article says Schneier is now helping Guardian decipher the Snowden documents.
Comments