[5532] in cryptography@c2.net mail archive
Re: Microsoft Windows has NSA Crypto Backdoor
daemon@ATHENA.MIT.EDU (Zombie Cow)
Sat Sep 4 14:17:38 1999
Date: Sat, 4 Sep 1999 20:57:47 +0300 (EEST)
From: Zombie Cow <waste@zor.hut.fi>
To: T Bruce Tober <octobersdad@reporters.net>
Cc: "Jay D. Dyson" <jdyson@techreports.jpl.nasa.gov>,
Cryptography List <cryptography@c2.net>,
European Crytpo <eucrypto@fitug.de>, ukcrypto@maillist.ox.ac.uk
In-Reply-To: <YPrWkpAvcO03Ewmj@crecon.demon.co.uk>
On Sat, 4 Sep 1999, T Bruce Tober wrote:
> In message <Pine.GSO.3.96.990903075622.5562D-100000@techreports.jpl.nasa
> .gov>, Jay D. Dyson <jdyson@techreports.jpl.nasa.gov> writes
> >
> >
> >Hi folks,
> >
> > You may find this of interest. It is chilling, to say the least.
> >(Of course, this is something I always suspected, but had yet to confirm.)
> >
> > http://www.cryptonym.com/hottopics/msft-nsa.html
>
> There's an attempt to deny the thing today, as one would expect:
> <http://www.nytimes.com/library/tech/99/09/biztech/articles/04soft.html>
> free registration required.
>
> How reliable is Andrew Fernandes the guy who discovered this backdoor?
> How likely is the thing to be real, or as M$ explains it, "a Microsoft
> programmer's remarkably bad choice of language in a software system
> designed to protect electronic communications and commerce?
> Microsoft executives insisted that there was no Big Brother feature in
> the software. "The big answer is that these charges are completely
> false," said Scott Culp, a security product manager at Microsoft."
History usually repeats itself:
http://caq.com/cryptogate
http://www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm
Read some of the Internet terrorist scares, Osama Bin Laden having
a PC (god forbid), etc, for possible motivations.
And the question we should be asking isn't whether they do have
a back door, but rather, why shouldn't they have a back door?
National security has been used to justify similar deeds in the
past and there is no reason why it shouldn't justify them now.
Or can they prove that they don't have a back door?
Does the US government trust it's people?
Has it done so in the past?
Should the people trust the US government?
Has it been worth the trust in the past?
Does the US trust even it's closest allies?
Does the US government and Microsoft have a moral standing that
would lead us to belive that they would never ever implement such
a back door? Have they exhibited previous behaviour that would
reflect this?
IMO, this case will serve as a good cold bucket of water on the
necks of some people who are way too trusting. It doesn't matter
whether the backdoor is real or not. I guess we will never know
the truth, it is too well designed.
And instead of people risking their business on trojaned software,
they should be asking to buy secure (commercially) authenticated,
professionally audited and reviewed Open Source Software. I'm sure
people could make a living by commercially auditing software, and
I'm sure there is a market for properly reviewed OSS, if not now,
then certainly by the time this thing blows over and the next M$
security hole is exposed.
