from owner-cryptography@metzdowd.com Eugene Volokh, 3/25/2004 04:02:38 PM Israeli coders, Arab testers: A reader writes, apropos checking sensitive source code for sabotage: I spoke to [someone] from the NSA, about this subject a couple of years back. As you probably know, although the NSA has teams of cryptographers at its disposal, a large amount of the successful interception it carries out is simply due to exploiting software faults in communications soft- ware. Consequently, in their other role, as advisor to the DoD about communications security issues, they focus on software assurance to an extent that often takes new- comers by surprise. The NSA used to have a requirement that only American citizens should be allowed to work on sensitive source code, because they considered there to be too great a risk of backdoors being placed in the code by foreign nationals . . . . More recently, because of the number of H1(B)s and green cards in the computer industry, it's been impractical for the NSA to insist on that. Instead, what they've encouraged -- and this is the interesting and quite clever part -- is that programmers and testers should be of different nationalities. If you have Israeli coders, get Arabic testers. If you have British coders, get French testers. And so on. A cute solution to the problem. But I don't know if it ever worked. I suspect the NSA still insists, though, that source code for sensitive systems be written by American companies on American soil, even if it isn't written by American fingers.Of course, even if the NSA's program worked for the NSA, it would be pretty expensive to adopt for the important source code and off-the-shelf object code used by lots of other organizations -- many of which are private companies -- that manage critical American infrastructure. Nor am I sure that it would work that well even if it were adopted. Still, it struck me as interesting enough to be worth mentioning. http://volokh.com/2004_03_21_volokh_archive.html#108025935883663167