CDR: ZDNet UK News: Ex-NSA expert warns of concealed backdoors

Tue Sep 26 14:36:57 PDT 2000

This ZDNET UK News story has been forwarded to you by n.ominous at somewhere.out.there.net.

Ex-NSA expert warns of concealed backdoors

Mon, 25 Sep 2000 10:51:57 GMT  Will Knight

Ex-spook believes that software backdoors are out there, fuelling
conspiracy theories

Former NSA (http://www.zdnet.co.uk/news/2000/4/ns-12998.html) (National
Security Agency) analyst and representative of Internet rights watchdog
EPIC (Electronic Privacy Information Centre) Wayne Madison warned
privacy groups Friday that a growing number of proprietary commercial
software applications may have backdoors allowing the security services
to carry out surveillance activities.

Speaking to privacy groups as well as cryptography and security experts
at the International Forum on Surveillance by Design
(http://www.zdnet.co.uk/news/2000/37/ns-17972.html) at the London
School of Economics, Madison warned that this is an area of growing
interest for security services such as the NSA. "A lot of manufacturers
play ball with the NSA," said Madison. "This is an area that the NSA is
moving into a lot and we have to be really careful about it."

Until recently the US government strictly controlled the strength of
cryptography in software exported to different countries, in order to
protect the government's ability to access and monitor communications
data. The regulations were relaxed after pressure from industry but
Madison believes that this may have driven the NSA to find ways to
carry out surveillance. "They're not going to give in over exporting
strong cryptography without getting something in return," he says.

The NSA carries out the US government's intelligence gathering
operations. It is known to gather information from Internet traffic. It
is possible for programmers to put secret capabilities into the code
used to build programs that are difficult to detect. Software companies
including Microsoft (http://www.zdnet.co.uk/news/1999/35/ns-9723.html)
have in the past been accused of colluding with the NSA to provide
backdoors into their applications.

Open source software, which publishes the underlying source code with a
finished application, is by contrast entirely transparent. This has
caused some foreign governments including the French administration to
take an interest in open source solutions.

According to Madison, evidence of the FBI's controversial Carnivore
email surveillance tool shows that NSA technology is finding its way
into other law enforcement departments. He predicts that similar
surveillance tools may be applied to other technologies including
biometrics and smart cards and used track the movements of individuals.
"These are new intelligence targets," he says. Madison warns that
government agencies often have a significant role in the development of
standards for new technologies.

The London forum (http://www.zdnet.co.uk/news/2000/37/ns-17972.html)
saw presentations from a host of experts on government surveillance
technology including Duncan Campbell, famous for his work on Echelon,
and Tony Bunyan of Statewatch.

Take me to Surveillance
(http://www.zdnet.co.uk/news/specials/1999/09/surveillance/).

Is commercial software at risk? To have your say online click on the
TalkBack
(http://forums.zdnet.co.uk/community/showpost.cgi?forum=anchordesk&Cat=&Board=News&Number=38&page=0&view=expanded&mode=&sb=5)
button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom
(mailroomuk at zdnet.com). And read
(http://www.zdnet.co.uk/news/mailroom.html) what others have said.

If you found this ZDNN news report valuable, why not sign up for the 
free daily ZDNN News Alert - and we'll email you our top five headlines 
every day.
http://www.zdnet.co.uk/misc/newsletters/news.html

ZDNet News: The UK's best source for computing news - updated throughout the day.
http://www.zdnet.co.uk/news/

Please report any abuse of this service to ukwebmaster at zd.com