Gizmodo 
Enter your username and password.
Tip your editors:
tips@gizmodo.com
Editorial Director:
Brian Lam | Email | Twitter
Editor:
Jason Chen
Email | AIM | Twitter
Features Editor:
Wilson Rothman
Email | Twitter
Senior Contributing Editors:
Jesus Diaz
Email | AIM | Twitter
Mark Wilson, Reviews
Email | AIM | Twitter
Contributing Editors:
Matt Buchanan
Email | AIM | Twitter
Adam Frucci
Email | Twitter
Sean Fallon
Email | Twitter
Jack Loftus
Email | Twitter
John Herrman
Email | Twitter
Dan Nosowitz
Email
Chris Mascari
Email
Danny Allen
Email | Twitter
Rosa Golijan
Email | Twitter
Chris Jacob
Email
Columnist:
Brendan I. Koerner
Interns:
Don Nguyen
Email
Kyle VanHemert
Email
Comment Intern:
Nick Ellenoff | Email
Comment Account Questions:
Comments@gizmodo.com
Original material is licensed under a Creative Commons License permitting non-commercial sharing with attribution.
11/20/09
Actually, it didn't cause any trouble because it wasn't a backdoor - the NSA was just the technical authority to review Windows to ensure it met US export laws.
11/20/09
[www.cnn.com]
[en.wikipedia.org]
11/20/09
Thanks. That's the one - many people panicked, but even a decade after people figured out how to substitute their own keys for the built-in one, nothing has happened. There are far easier ways to snoop on and control a Windows PC; the NSA simply doesn't need to integrate such a device into the OS.
[www.schneier.com]
11/20/09
11/20/09
What's hilarious is people made the same claims back in the 70s, when the NBS went to the NSA for suggestions on DES, and the NSA told the NBS to change the s-box design. Everybody was convinced that the NSA had snuck secret backdoors into this wonderful encryption algorithm. Until 20 years later, when differential cryptanalysis was invented. Turns out that the design of DES would have been quite vulnerable to differential cryptanalysis, and it was only somehow by a freak coincidence *cough* *cough* that the s-box design kept it safe.
And what makes this particularly ludicrous: this whole issue stems from comments made by the NSA in public comments to congress. If they really snuck backdoors into the code, would they have been talking about it in a public hearing? Seriously? It seems like a conspiracy theory derived from the belief that the NSA is simultaneously a brilliant evil organization, and at the same time a group of bumbling buffoons.
11/20/09
I'm sure there's nothing here to worry about...
11/20/09
11/20/09
The Windows kernel on the other hand cannot be viewed by anyone, so whether MS or NSA admit or deny anything is useless to the outside world since no one can verify their claims.
11/20/09
So you shouldn't defend them because of their past goodwill. You should simply look at them as an organization with many conflicts-of-interest, and be wary when they 'collaborate' with complacent, market-share dominant companies.
Just like any other organization that has the power and interest to undermine Americans' rights, we shouldn't just rely upon trust to keep us safe.
[en.wikipedia.org]
11/20/09
Now, the windows kernel..heh, remember when the win2k (I think, maybe xp?) source was leaked? and it was hilarious?!
11/20/09
11/20/09
private void doEvilShit() {...}
You wouldn't just SEE it. You'de have to know exactly what you're looking for and understand every aspect of the code.
In complex code, undocumented functionality can hidden quite easily.
This is also why bugs still exist in ALL source-code. Regardless of it being open or closed source.
11/20/09
Second, lots of organizations, including foreign governments, have access to the Windows source code. It's not released to the world, but it's out there. It's even been leaked, on occasion.
@Borateen: @Coolmodo: @marissasentme: The NSA has been working with Microsoft on Windows for more than a decade. You can find their guide to security hardening various versions of Windows online, with a little googling. And for as long as they have been, they've been accused of slipping backdoors into Windows. I'm sure none of you remember the _NSAKEY debacle from Windows NT4. But see my above point: lots of people have access to the Windows source code, and as far as I know, nobody has ever found these purported NSA backdoors. It doesn't even make sense... slip backdoors into Windows... which the Chinese government gets access to? So what, the Chinese government can find the backdoor and use it to hack American government computers?
This hysteria over a purported NSA backdoor is just one any number of things people and government organizations could be doing to me. I see no reason to treat it any more credibly than any other. Lots of crap could be going on in the world, including the NSA slipping backdoors into Windows. But I see no reason why that is particularly more likely than any other possible threat out there. It's like the Calvin and Hobbes comic, where Calvin is perfectly happy, then sees and ad for some gum and now MUST HAVE IT for his own happiness. You all can buy into it if you want. I have better things to worry about.
@JessicaAlba: I'm not even American.
11/20/09
11/20/09
Coincidence? I think not.
Now, if you'll excuse me, I have some Tivo'd Glenn Beck to watch for the 7th time.
11/20/09
The NSA is an intelligence gathering organisation and anyone reading this should not be naive to think they made a few recommendations to prevent viruses or Trojans from affecting the system.
You just need to look at history to see how businesses have colluded with intelligence agencies around the world.
So again, let us not be naive, wishful thinking is for children.
When in the past a company like MS would have completely denied working with the NSA, today people have become shrewd and witty, they can even market collusion as a great thing for the customer "hey this is NSA approved security man!".
11/19/09
11/19/09
11/19/09
11/19/09
just kidding... I see the worth of this.
11/19/09
11/19/09
YES! this is a poster that needs to be made.
11/19/09
11/19/09
11/19/09
11/19/09
11/02/09
We might as well go ahead and assume this is wrong then. Every Federal Government estimate, on the size of things, is either to conservative, or just way off period.
And I just want to say, I think this is a great idea. Centralize the information, put it all in one location. This way all the super hackers that exist out there in the world will have an easier time of mining data on people in the US and stealing identity's and causing havoc.
Yay go federal government! you guys are just soooo brilliant..
You know, I normally always laughed at the people who mention the big brother stuff. But when shit like this is being built, well guess I gotta at least give those people a bit of credit.
"But when the plans were released by the UK government, there was an immediate outcry from both the press and the public, leading to the scrapping of the "big brother database," as it was called. In its place, however, the government came up with a new plan. Instead of one vast, centralized database, the telecom companies and Internet service providers would be required to maintain records of all details about people's phone, e-mail, and Web-browsing habits for a year and to permit the government access to them when asked. That has led again to public anger and to a protest by the London Internet Exchange, which represents more than 330 telecommunications firms. "We view...the volume of data the government now proposes [we] should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of citizenry," the group said in August.[2]
Unlike the British government, which, to its great credit, allowed public debate on the idea of a central data bank, the NSA obtained the full cooperation of much of the American telecom industry in utmost secrecy after September 11. For example, the agency built secret rooms in AT&T's major switching facilities where duplicate copies of all data are diverted, screened for key names and words by computers, and then transmitted on to the agency for analysis. Thus, these new centers in Utah, Texas, and possibly elsewhere will likely become the centralized repositories for the data intercepted by the NSA in America's version of the "big brother database" rejected by the British."
Damn our government is worse than British Government in that sense... at least let the public pretend we have an option.
There honestly something wrong about this WHOLE situation. I can't place my finger on it. But there really is.
"here does all this leave us? Aid concludes that the biggest problem facing the agency is not the fact that it's drowning in untranslated, indecipherable, and mostly unusable data, problems that the troubled new modernization plan, Turbulence, is supposed to eventually fix. "These problems may, in fact, be the tip of the iceberg," he writes. Instead, what the agency needs most, Aid says, is more power. But the type of power to which he is referring is the kind that comes from electrical substations, not statutes. "As strange as it may sound," he writes, "one of the most urgent problems facing NSA is a severe shortage of electrical power." With supercomputers measured by the acre and estimated $70 million annual electricity bills for its headquarters, the agency has begun browning out, which is the reason for locating its new data centers in Utah and Texas. And as it pleads for more money to construct newer and bigger power generators, Aid notes, Congress is balking.
The issue is critical because at the NSA, electrical power is political power. In its top-secret world, the coin of the realm is the kilowatt. More electrical power ensures bigger data centers. Bigger data centers, in turn, generate a need for more access to phone calls and e-mail and, conversely, less privacy. The more data that comes in, the more reports flow out. And the more reports that flow out, the more political power for the agency.
Rather than give the NSA more money for more power—electrical and political—some have instead suggested just pulling the plug. "NSA can point to things they have obtained that have been useful," Aid quotes former senior State Department official Herbert Levin, a longtime customer of the agency, "but whether they're worth the billions that are spent, is a genuine question in my mind."
Based on the NSA's history of often being on the wrong end of a surprise and a tendency to mistakenly get the country into, rather than out of, wars, it seems to have a rather disastrous cost-benefit ratio. Were it a corporation, it would likely have gone belly-up years ago. The September 11 attacks are a case in point. For more than a year and a half the NSA was eavesdropping on two of the lead hijackers, knowing they had been sent by bin Laden, while they were in the US preparing for the attacks. The terrorists even chose as their command center a motel in Laurel, Maryland, almost within eyesight of the director's office. Yet the agency never once sought an easy-to-obtain FISA warrant to pinpoint their locations, or even informed the CIA or FBI of their presence."
Interesting... I'm thinking this is a bad investment.
I read once, that what we really need is "more feet pounding the streets" or something like that, some guy from the CIA said this I believe, when referring to what happened on 911.
Basically people are needed in the field.
They have enough Desk Jockeys already.
Anyways, interesting, yet depressing article.
I am also going to buy that book in the article eventually. Sounds like it would be worth checking out.
11/02/09
11/02/09
11/02/09
11/02/09
11/02/09
"The [surveillance] harms consist of those created by bureaucracies—indifference, errors, abuses, frustration, and lack of transparency and accountability." (Solove p. 766)
Source: [papers.ssrn.com] #yottabyte
11/02/09