[Cryptography] ZDNet: "US government pushed tech firms to hand over source code"
Tom Mitchell
mitch at niftyegg.com
Fri Mar 18 00:51:55 EDT 2016
On Thu, Mar 17, 2016 at 5:21 PM, ianG <iang at iang.org> wrote:
> On 17/03/2016 18:21 pm, Perry E. Metzger wrote:
>
>> NEW YORK -- The US government has made numerous attempts to obtain
>> source code from tech companies in an effort to find security flaws
>> that could be used for surveillance or investigations.
>>
>> The government has demanded source code in civil cases filed under
>> seal but also by seeking clandestine rulings authorized under the
>> secretive Foreign Intelligence Surveillance Act (FISA), a person with
>> direct knowledge of these demands told ZDNet. We're not naming the
>> person as they relayed information that is likely classified.
>>
>> With these hearings held in secret and away from the public gaze, the
>> person said that the tech companies hit by these demands are losing
>> "most of the time."
>>
>>
>>
>> http://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/
>>
>
>
> So, first, you register the crypto code with the government, because we
> won CW-1.
>
> Then they come after you for the source code in secret court.
>
> Did we really win CW-1?
>
> Who are we fooling?
>
Not just cryptographic code but the entire "trustable" platform
that is the phone. Apple's phone has not been qualified
but other Apple platforms have.
https://en.wikipedia.org/wiki/Trusted_operating_system
My interaction with Common Criteria and the rainbow books
is if one part of the engineering community suffers the effort
the entire company will see processes and procedures that
make it possible for ongoing audit.
I would bet a Starbuck's Coffee that parts of the FBI have a copy of the
phones OS now and is looking
for a way to launder their knowledge and cash in on their expertise.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160317/b4c04118/attachment.html>
More information about the cryptography
mailing list