[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 7 Dec 2013, Philip Whateley wrote:
The issue is that MS software is known (or at least strongly suspected) to have a "break encryption and report to NSA" function
They don't. Because such a backdoor would be relatively easy to detect by anyone sniffing network traffic. (They wouldn't be able to say that it was the NSA doing that, but Microsoft would have a lot of explaining to do.)
What the NSA could have done is set up boxes in (or near) Microsoft's servers that siphon off all data passing through it to the NSA. Thanks to Edward Snowden, we can be pretty certain they have done that. We can't prove it, but from a legal point of view that doesn't really matter: we have long known that the NSA has the legal capabilities to obtain the data.
As for backdooring software, if they have done that (and I don't think any of Snowden's slides have suggested the NSA has put some kind of backdoor into Windows - there are actually pretty good reasons to assume they haven't), the most likely way for them to have achieved that is by having inserted a backdoor in some kind of crypto-system.
Crypto backdoors, when done well, are extremely hard to detect. The suggestion that if only we used open source, we could detect such backdoors is therefore far more than an "overstatement".
Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq