Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is 'Promis' Software Spying On Canadian Spies?

Posted by timothy on from the wouldn't-put-it-past-'em dept.

Legolas-Greenleaf writes: "The Royal Canadian Mounted Police are currently conducting an investigation into a software package called 'Promis,' used by the government, that allegedly contains a backdoor. According to Inslaw Inc. (original makers of Promis), the American and Israeli intelligence services pirated this software package, and resold a hacked version allowing them access. This software is possibly running in some of the RCMP's databases. The Canadian newspaper The Globe and Mail has a story on it here, and CNN has a story on it here." The whole thing reads a bit like a Monty Python sketch: a months-long investigation based on sketchy allegations from 1993, claiming some very interesting just-among-pals bureaucratic copyright violations. Hmmm. A handful of Canadian quarters says it's not an open-source product.

27 of 73 comments (clear)

  1. You young 'uns these days... by kubrick · · Score: 3

    Back when Wired was an interesting magazine (or at least had the potential to be one :) they reported on this in their very first issue....

    http://www.wired.com/wired/arch ive/1.01/inslaw.html

    --
    deus does not exist but if he does
  2. doesn't add up by e_lehman · · Score: 2

    This story sounds very fishy. There are just too many oddities:

    • The Canadian news story says: CSIS spokesman Dan Lambert said yesterday, however, that the service conducted its own in-depth review in 1991 and found that it had no copies of Promis, bootlegged or otherwise, and never had. (CNN left this out.)
    • The Canadian account: A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story. (CNN omits this.)
    • A site quoted earlier with extensive details on the case has a veneer of credibility, until it starts to fold in the CIA, contras, Jimmy Hoffa, murders of native Americans, ex-green berets, etc. Pins the wack-o-meter.
    • Most everything seems to stem from statements by one guy, a Michael J. Riconoscuito (the one with drug charges). If you think he's a nut, as the independent counsel did, then we can all move along.
    • Complex software shouldn't be that easy to pirate and reinstall on computer systems around the world, should it? These high-ranking Justice Department officials were sitting around copying 3.5" floppies and photocopying manuals, were they? "Jist cuz its kewl, man!" Don't they have day jobs over there at Justice, after all?
    • Some of the countries that supposedly holding bootleg copies-- Iraq and Libya-- aren't English-speaking. What gives?
    • What does this amazing software do? It was supposedly made for the US dept of justice to track cases. But-- oh!-- the Candian Intelligence Service just had to have it. And we're told, "The software could have been used in the recent Persian Gulf War to track U.S. and allied troop movements." Man, that is one amazing piece of code!
    • Furthermore, the software was written around 1990. Who is updating it for new hardware and fixing bugs, if the company producing it went bankrupt nearly a decade ago? But the software is so good that it keeps on chugging along?

    Come on...

  3. Peace by baywulf · · Score: 2

    This reminds me of a quote I saw somewhere: "Peace - In international politics, a period of lying and cheating between periods of fighting"

  4. Re:Why RCMP databases? by Legolas-Greenleaf · · Score: 2
    It was also the CSIS databases as well, not just teh RCMP. Actually, I think the main concern was over the CSIS database.

    according to the various news stories, CSIS did an audit of their systems years ago, and found they were not running said product in question.
    -legolas

    i've looked at love from both sides now. from win and lose, and still somehow...

  5. Re:Canadian Quarters by Legolas-Greenleaf · · Score: 2
    The twonie is useless. Half the vending machines in the country don't accept it, and it's ALWAYS when you're really, really thirsty... =^)
    -legolas

    i've looked at love from both sides now. from win and lose, and still somehow...

  6. Re:Blame Canada by MeDD77 · · Score: 2

    "The Canadian Security Intelligence Service said outsiders were particularly interested in aerospace, biotechnology,chemicals, communications, information technology, mining and metallurgy, nuclear energy, oil and gas, and the environment." -- They're not interested in hockey? Then what are we afraid of?

    --
    -- Sig? Filthy habit.
  7. Re:*What* sensitive data? by mindstrm · · Score: 2

    Regardless of what you might think, every country has it's secrets.

    Sure, the US likes to show it's power.. but there are LOTS of things the US military (and government) is up to that NOBODY knows about.

    And the same can be said for Canada. We're smaller, so we have to be smarter.

  8. Re:Another example of free-software's superiority by Malcontent · · Score: 2
    Why not free software? That way you end up saving the taxpayer a bunch of money too. It's very easy to examine the patches and keep your version updated. If you find any obvious bugs you could contribute them back to the world and acutally help the citizens of your country instead of some corporation.

    A Dick and a Bush .. You know somebody's gonna get screwed.

    --

    War is necrophilia.

  9. Re:Why RCMP databases? by Vassily+Overveight · · Score: 2

    Yes, they could have just asked for it. :-P

    Keep in mind that this is a government whose agents smash in unlocked doors when conducting a raid. Asking for and getting a tape with the stuff for free would be no fun whatsoever. It also doesn't employ the dozens or hundreds of people that doing it the hard way does.

    --

    "If I have seen further than other men, it is by stepping on their glasses." - Michael Swaine

  10. I'm not buying this... by Otter · · Score: 3

    First of all, I give Timothy credit for mentioning that these claims are a bit iffy, but I think he understates how shaky this story is. Maybe there are more facts available than are offered in these stories (links, anyone?) but what's here doesn't look too compelling.

    From the Globe and Mail:
    The allegations are not new. They were investigated and dismissed nine years ago by the Canadian Security Intelligence Service..
    and
    A U.S. government independent counsel in 1993 found no credible evidence to support Inslaw's allegations. The counsel, retired judge Nicholas Bua, said the company relied on witnesses who had credibility problems, including a former computer expert who is serving a sentence on drug charges and an Israeli who changed his story.

    And neither article mentions any shred of evidence that the allegation is true. And, at least as the stories present it, it doesn't even make sense. US and Israeli agencies sell this to other intelligence agencies. Accomplishing what? Or is the idea that governments were unknowingly buying the modified version?
    -----------

    --
    What I'm listening to now on Pandora...
  11. holy shit! by fluxrad · · Score: 2

    you don't seriously mean to suggest that the US might be spying on it's neighbors do you?

    i'm not surprised the US is doing it...i'm surprised they appear to have gotten caught. Remember, in political circles...spying is just considered a cost of friendship. We're spying on all our allies, and they're all spying on us.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network

    --
    "It is seldom that liberty of any kind is lost all at once." -David Hume
  12. Re:Yet another reason for everyone to open source by Anonymous Coward · · Score: 2

    Agreed that they should have had the source - indeed I'd say they were incompetent in not getting it, to check for things just like this.

    But, if you mean Open-Source as in available for _anyone_ then I'm not convinced that would be a good idea at all, for the simple reason that not many people (other than other governments) would be interested in it. Any flaws found would not be reported (and fixed) simply because the people that found the flaws would take advantage of them for spying purposes. In this case Open-Source would be a liability, not an aid.

    This case isn't so much about the benefits of OS (sorry to all the zealots) as it is about the perils of incompetence and corruption.

  13. Bomb a Baldwin for fun and sport by Money__ · · Score: 2

    As a proud american, I would say that bombing the Baldwins would work the american people up into a collective . . [sigh].

  14. Re:Trust us...we're the government! by Duxup · · Score: 2

    I'm posting this under the guise of actually believing the story (I actually think it's a load of hooey).

    "Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them. "

    Also makes you wonder what OTHER governments might have access to Carnivore. Having such monitoring devices doesn't just put people at risk from mean people in our Gov, but also mean people in other Govs who might manage to access the equipment too.

  15. Re:Yet another reason for everyone to open source by Duxup · · Score: 2

    For everyday people I would note that is a hard thing to do, I doubt there's anyone out there who's read all the source of all the software they've run.

    Having said that. I still agree. Especially when your an intelligence service. It doesn't necessarily have to be open source, but if they're buying software that will use sensitive data and such I would defiantly ask for the source and have a good look at it. Even more so if I'm buying it from a company in another country.

  16. Re:Canadian Quarters by Legolas-Greenleaf · · Score: 2
    Heh... it may have something to do with living in atlantic Canada, which is fueled by transfer payments... we can't afford to upgrade our vending machines. =^) But, it is frustrating having a pocket full of toonies, and no machines to accept them.
    -legolas

    i've looked at love from both sides now. from win and lose, and still somehow...

  17. Blame Canada by Basalisk · · Score: 2

    It's obvious, isn't it? The US is gathering intelligence on Canada's planned invasion. Blame Canada

  18. Read the Risks Forum; EFF on INSLAW by goingware · · Score: 2
    This is a good opportunity for me to recommend that you read The Forum on Risks to the Public in Computers and Related Systems.

    Searching for "Promis" yields US Congress Report on INSLAW Case

    The mentioned article on Apple's FTP site doesn't appear to be there anymore, but doing an FTP search on lycos revealed that there's a lot of INSLAW stuff at the Electronic Frontier Foundation. You can repeat the search yourself with this link.

    While you're there, why don't you stop in and Join the EFF? It will only take you a few minutes, cost a few bucks (you can give what you're comfortable with) and it will help with the DVD case as well as bringing justice to bear on the folks that stole and hacked the Promis code.

    --
    -- Could you use my software consulting serv
  19. Public-Domain Version? by Bruce+Perens · · Score: 2
    Was there ever really a public-domain version? If so, does the code exist anywhere, in any known archive?

    I've been hearing this story for 10 years. Parts of it have never made sense. But it doesn't go away. But then again, the Area 51 story is complete hooey and it doesn't go away, either.

    Bruce

    --
    Bruce Perens.
  20. Canadian top secrets by Genie1 · · Score: 2

    Maybe the US trying to steal secrets like the Weapons-X project. The US could then build a whole army of Wolverines.

    Yes yes, I know I have seen X-men one too many times.

  21. The Inslaw vs. USA case was thrown out by isaac_akira · · Score: 5

    They won the orginal case, and an appeal, but the case was later thrown out because of a technicality.

    LOTS of details on the case:

    http://www.sonic.net/sentinel/gvcon7.html

    - Isaac =)

  22. Re:Sensitive data sucks by mindstrm · · Score: 2

    Yes, we do.
    However, if you permit your government to do secret things, then by their nature, those very things must be kept secret from you as well. IT's a catch 22.

    We could always rule that the government is forbidden from having anything that's 'top secret', and that any citizen is allowed to know anything the government is doing.. but would that really work?

  23. Yet another reason for everyone to open source by acumen · · Score: 2
    I don't believe in binaries.

    Check what you're running, top secret intelligent dudes.

    Just a lesson to be learned.

  24. Trust us...we're the government! by SagSaw · · Score: 2

    (With credit and apolgies to the /.'er who I stole the title from.)

    Hmmm...

    Our government writes a software package with a built-in security flaw and sees that it is deployed within the Canadian government. In spite of this, we should trust them when they want to deploy a software package within our borders?

    Makes you wonder what kind of "back-doors" may have been build into Carnivore, and who in our government has access to them.

    --
    Come test your mettle in the world of Alter Aeon!
  25. Canadian Quarters by AirSupply · · Score: 3

    A handful of Canadian quarters says it's not an open-source product.

    Were these Canadian quarters a reliable source?

    --

    AirSupply: go ahead, cut me off.

  26. Another example of free-software's superiority by phaze3000 · · Score: 2

    To be perfectly honest it really surprises me that any organisation that needs to be 100% sure of security would use proprietry software. I realise defense budgets are stretched, but surely shouldn't they have a team of people either coding their own systems or evaluating free ones?

    This should provide a good rebutal to the silly 'I wouldn't want to run an operating system where just anyone can edit the source!' comment that was made last week.

    --
    Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
  27. Why do we care? by 11-wires · · Score: 2

    Why are Isreal and the US so interested in Canada?
    Is Canada planning on invading Isreal?
    Does Canada pose a threat to the US of A?
    Will this affect the supply of Canada Dry in the US?

    --
    - I'm full of tinier men!