Spinoffs From Spyland: How Some NSA Technology Is Making Its Way Into Industry 44
An anonymous reader writes with this news from MIT's Technology Review: "Like other federal agencies, the NSA is compelled by law to try to commercialize its R&D. It employs patent attorneys and has a marketing department that is now trying to license inventions ... The agency claims more than 170 patents ... But the NSA has faced severe challenges trying to keep up with rapidly changing technology. ... Most recently, the NSA's revamp included a sweeping effort to dismantle ... 'stovepipes,' and switch to flexible cloud computing ... in 2008, NSA brass ordered the agency's computer and information sciences research organization to create a version of the system Google uses to store its index of the Web and the raw images of Google Earth. That team was led by Adam Fuchs, now Sqrrl's chief technology officer. Its twist on big data was to add 'cell-level security,' a way of requiring a passcode for each data point ... that's how software (like the infamous PRISM application) knows what can be shown only to people with top-secret clearance. Similar features could control access to data about U.S. citizens. 'A lot of the technology we put [in] is to protect rights," says Fuchs. Like other big-data projects, the NSA team's system, called Accumulo, was built on top of open-source code because "you don't want to have to replicate everything yourself," ... In 2011, the NSA released 200,000 lines of code to the Apache Foundation. When Atlas Venture's Lynch read about that, he jumped—here was a technology already developed, proven to work on tens of terabytes of data, and with security features sorely needed by heavily regulated health-care and banking customers.'"
Software licence change (Score:1, Insightful)
A modification to popular open-source software licenses that prohibits using the licensed software for surveillance would be nice.
Not trustworthy (Score:0, Insightful)
The NSA has proven that it cannot be trusted, nor can be its code or official information coming from this agency. They are a bunch of liars.
Time for a code review? (Score:5, Insightful)
In 2011, the NSA released 200,000 lines of code to the Apache Foundation.
it may be time for people to start looking for the backdoors that the NSA may have put into Apache.
So what? (Score:4, Insightful)
Spinoffs from Nazi technology got us to the moon. That some good can come out of evil does not make the evil less evil.
Re:Time for a code review? (Score:5, Insightful)
Or they could simply discard the code from the NSA on security / espionage grounds.
The code that is obviously the NSA's contribution is not the back door. The back door likely would leverage some edge case created by their contributions, or another part of the system altogether while the NSA part is fully legit. Attributing the secret agencies goodwill is a huge part of disinformation and image management to convince people to accept the FBI & NSA anti-activism campaign. [wikipedia.org]
Perhaps it would be something like this:
// Change the file permission.
// ...
// Current user is now root priveledged.
if ( option == CHANGE_OWNER && sessionState == VALID && user = ROOT ) {
}
A single equal char is missing, it looks like it could be a legitimate mistake. Perfect plausible deniability. Such would be contributed by someone else who seems innocuous. Perhaps even by a change nearby which happens to change the formatting or constant name, and thus the logic change is easier to miss.
Point being, it really doesn't matter either way. They won't admit to all the shit they do, and have a long history of being against the populace, even committing illegal acts. So, the only answer is to demand eradication of secrecy in governance. Otherwise the people can never know whether their government is or is not operating in the best interest of citizens. [theguardian.com] We shouldn't have to wonder if their concern is just lies to manufacture consent for a more draconian dystopia; We should be able to prove our governments are not acting against us.