Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did MS Lobbying Stop NSA Work On SELinux?

Posted by timothy on from the this-foil-hat-is-extremely-comfortable dept.

inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."

19 of 549 comments (clear)

  1. It's a new concept... by Demon-Xanth · · Score: 5, Insightful

    ...called competition.
    'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'

    Apparantly MS is worried that it'll catch on.

    --
    If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
    1. Re:It's a new concept... by paladin_tom · · Score: 5, Insightful

      The issue here that made the U.S. government listen is that the "open-source software would compete with American proprietary software." The article states clearly that "Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."

      This is another example of American government's actions being fuelled by a desire to help American businesses to the detriment of individual freedom, similar to the DCMA.

      --
      #define sig "Every social system runs on the people's belief in it."
  2. That's scary by EvilTwinSkippy · · Score: 4, Insightful
    Think about it folks.

    We have Microsoft telling the NSA what to do. Shouldn't it be the other way around?

    Or maybe it's one of Bill's minions I hear breathing over the phone line?

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
    1. Re:That's scary by guttentag · · Score: 4, Interesting
      Or maybe it's one of Bill's minions I hear breathing over the phone line?
      To quote from Sneakers:

      Agent: National Security Agency.
      Martin: Oh, you're the guys I hear breathing on the other end of my phone.
      Agent: No, that's the FBI. We're not chartered for domestic surveillance.
      Martin: Oh, I see. You just overthrow governments; set up friendly dictators.
      Agent: No, that's the CIA. We protect our government's communications. We try to break the other fella's codes. We're the good guys, Marty.
      Martin: Gee, I can't tell you what a relief that is, Dick... You know, I could have joined the NSA, but they found out my parents were married.

      Bear in mind that just because it's illegal for the NSA to spy on Americans doesn't mean they don't. Also, any technology released to commercial entities or the public in America is going to find its way to the rest of the world. Therefore, it is in the interest of the NSA to prevent Microsoft/Linux users/common people from securing their computers (the only computers the NSA is charged with protecting are the government's). However, it would be in the interest of the NSA to lead those groups to believe their computers are "so secure not even the NSA could get into them" when in fact they have easily-exploitable holes.

      Ask yourself this question: why would the NSA release open source security software to the world?

  3. yes.... by teslatug · · Score: 4, Insightful
    'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software'
    Wasn't that the whole point? The existing software wasn't secure enough so they had to provide some software that would be.
  4. If I were a rich man..... by bogie · · Score: 5, Insightful

    It wouldn't surprise me and goes in line with their current effort of "advising" the government on how linux is evil. Remember Corel dropping linux? Yes the linux desktop was a tough market, but really there is no doubt it was a quid pro quo transaction.

    Also what's with MS giving its software away for Free to a different government every week? Its a clear pattern designed to make sure noone can possibly compete. How are they even allowed to do this? I mean its not like they are some cash strapped competitor with no market share looking to get an edge. They are a convicted monopolist who somehow continues to walk between the raindrops and "get away with murder" right out in the open!

    --
    If you wanna get rich, you know that payback is a bitch
  5. Microsoft: threat to national security by coyote-san · · Score: 4, Insightful

    I'm not surprised Microsoft lobbied the NSA....

    I'm surprised they listened. Didn't Alchin, senior Microsoft executive, recently testify (in the anti-trust case, IIRC) that Microsoft software is so poorly designed and/or implemented that full disclosure of the API would inevitably result in the death of many Americans? (That is, after all, what "national security" ultimately comes down to.)

    Maybe Microsoft has a point that the NSA's work with SELinux hurts the proprietary software manufacturers, but by Microsoft's own testimony it should be out of the running for all future contracts anyway. I don't care about certification, when a senior exec testifies in court that using his product poses a threat to national security I want the procurement officials to pay attention!

    (On a related note, I WILL be asking the Congressional candidates this election cycle what they plan to do about the Federal software procurement cycle in light of senior Microsoft executives admitting that the quality is so poor that it threatens the national security. Microsoft has made it's values clear - $40 billion in the bank is more important than lives - and I want to make sure that my representatives make our values as a country clear. I don't want to force governments to only use OSS software, but I have no patience for excuses from companies sitting on cash reserves larger than the GDP of many nations!)

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  6. "American"? by Wolfier · · Score: 5, Interesting

    Have anyone noticed this buzzword used by every Microsoft lobbying effort after 9/11 just to trying to give the probably fake impression of Microsoft being "patriotic"?

    Somebody has to wake up.

  7. Re:Government competition by EvilTwinSkippy · · Score: 5, Insightful
    I refute your statement thus:

    First - there is no product from Microsoft that is in direct competition. There will be no product for the forseeable future.

    Second - The NSA would require the source code for whatever system in deploys. It would have to component test all of the subsystems, and ensure that no new bugs are introduced with new features. This flies in the face of the Upgrade Early, Upgrade Often mentalility an M$. (NASA users 486's in the space program, not to be cheap, but because they are a known quantity.)

    Third - What the government produces, all competitors share equally. What microsoft produces, it keeps to itself.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  8. So much for non-Microsoft desktops for the DoD by Mastos · · Score: 4, Insightful

    In the Department of Defense, desktops and servers have to go through a NSA lockdown of the operating system before they can go into production. If you wanted to run linux on your desktop, the first question they ask is what does the NSA say about it.

    While there are lockdown procedures for Linux from what I understand, having an NSA secure version of linux would have gone a long way to validating the os from the information assurance people. I hate to be forced to use Winx for _security_ reasons. :(

    Don

  9. Re:No. by FreeUser · · Score: 5, Interesting

    Shouldn't it be the other way around?

    No.

    Correct. The NSA shouldn't be telling anyone what to do. Their mandate is to collect information and provide security advice to other agencies and, where authorized, the private sector. They are not a governing body. Ditto on the last sentence for the FBI, the CIA, and various other black-op agencies running around grabbing people out of their homes in the middle of the night and confiscating their material wealth without due process in the name of the ongoing War on [insert your favorite cause here].

    On who pays the fiddler orders the tune..

    Only partially correct. If we truly believe in democracy and "one person, one vote", then the amount of influence we wield on our government should be proportional to the number of people we represent, not the amount of taxes we pay or, more commonly, the quantity of bribes, relabelled "campaign contributions" we stuff into the pockets of our so-called representatives.

    But, even if it were 100% correct that the amount of taxes we pay should dictate the amoutn of influence we wield on our government, it should be pointed out that Microsoft almost never declares a profit on their tax returns (last year it was a 19 cent/share loss IIRC, as for tax purposes they do report those stock options which, conviniently, don't appear on the SEC filings), so Microsoft actually doesn't pay any taxes at all.

    Given your reasoning, I should have much more influence on the NSA than Microsoft does. Unfortunately, that is not the case and one of the main reasons, perhaps the main reason, that democracy in the United States is falling to pieces.

    --
    The Future of Human Evolution: Autonomy
  10. Should the Government Compete w/ Private Industry? by Skjellifetti · · Score: 4, Insightful

    Years ago the University Ag Campus where I went to school had a meat shop where you could get cheap beef/poultry/pork, etc. These were animals that had been raised on the Ag Campus farms for research and teaching and were no longer of use in whatever project. But they got into hot water with the Krogers supermarket chain because they were a gov't entity competing with private enterprise. NSA's Linux enhancements are no different. It isn't clear to me that MS is in the wrong here. Gov't should not be writing GPLd software that cannot be used in proprietary applications. A BSD style license would be much better. And such software efforts should be relegated to research only and not be attempts to build production ready software.

    --
    FreeSpeech.org
  11. To serve and protect whom? by Dan+Crash · · Score: 5, Insightful

    When you think about it, the government's only real job is to defend the rights and freedoms of its citizens.

    But wasn't that *exactly* what the NSA was doing by working on Security-Enhanced Linux? Defending your rights and freedoms by making sure the computers on which they depend are more secure? Should they be entrusting this job to corporate America, instead?

    Second thing: What should happen to software that the government creates? Should it never be released to the public, left to sit and wallow as a waste of our tax dollars? Aren't we better off by having more choices in the marketplace instead of less?

    (Wow -- every sentence a question.)

    --
    He who refuses to do arithmetic is doomed to talk nonsense.
    1. Re:To serve and protect whom? by DavidTC · · Score: 5, Insightful
      What the hell is the point of that? The NSA employees hundreds of computer security experts. Outsourcing is possibly the stupidist possible suggestion you could make.

      Working on security is half the NSA's job. (The other half being working on encryption.) They chose to work on the security of Linux, because they use it. Because they want to see their changes incorperated into the kernel (So they don't have to keep updating it.), they gave it back to the community. They didn't just decide to start a computer programming business for no reason, they want security in their OSes and they use Linux. (Possibly because that's code they know doesn't have backdoors.)

      This isn't the NSA trying to compete with MS, this is the NSA trying to make things simpler for itself by putting security, as default, in the OS it uses, so it doesn't have to patch the source each time, and more people will look at the code and find mistakes. (The NSA doesn't fall for security though obscurity. They are well aware the best way to make something security is to hand a copy to a million people and ask them to break it.)

      --
      If corporations are people, aren't stockholders guilty of slavery?
  12. US Gov simply cannot release stuff under GPL. by phkamp · · Score: 4, Informative
    It's really very simple:

    To release source code under the GPL, you have to hold the copyright to the code.

    The US Government (in this case represented by NSA) cannot hold a copyright, the law does not allow for it.

    No copyright, no GPL, end of story.

    But I have no doubt that M$ whined too.

    --
    Poul-Henning Kamp -- FreeBSD since before it was called that...
    1. Re:US Gov simply cannot release stuff under GPL. by phkamp · · Score: 4, Informative
      Here is the actual chapter and verse:

      17USC 105. Subject matter of copyright: United States Government works

      Copyright protection under this title is not available for any work of the United States Government, but the United States Government is not precluded from receiving and holding copyrights transferred to it by assignment, bequest, or otherwise.

      --
      Poul-Henning Kamp -- FreeBSD since before it was called that...
  13. infrastructure by SethJohnson · · Score: 5, Insightful



    Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.

    By providing a free operating system, the US govt. is NOT 'interfering with the rights of its citizens any more than:

    1. The public libraries interfere with the private bookstores' rights.
    2. Police officers interfere with private security firms' rights.
    3. Public water fountains interfere with bottled water vendors' rights.
    4. Free public skateparks threaten private Van's-owned parks.

    I think it's high-time the US govt. supported an open-source OS project. Though backwards in its perspective on human rights, China is lightyears ahead in its thinking on this subject. If we had a national open-source OS that was used in every government office and available to citizens for free, it would be a dozen times more powerful of a punishment than any wrist-slapping the DOJ is going to give to MS for it's anti-trust crimes.

    Seth

    --
    $5 / month hosted VPS on linux = awesome!
  14. Not the whole story.... by giminy · · Score: 5, Interesting

    I sort of work on SE Linux. Our group is unsponsored by the NSA (thus far). Since we are unofficially working on it, though, we hear birds chatter sometimes. The rumor mill around our office has been saying that it is not the case that Microsoft has done anything. What happened? A party, whose name shan't be mentioned, because we have not been told their name (we shall call them the Party), was given an SE Linux contract by the NSA. The NSA it seems didn't understand the GPL so well (or some lawyer of theirs who hammered out the contract didn't). The NSA contract said that the Party working on the contract could have propietary code, and could patent ideas used to achieve goals on the project. Much work was done on SE Linux in the mean time by the Party, but patents/etc are held on certain parts of the code by the Party, and therefore cannot be released under GPL. The quotes you see in this article heading make perfect sense to me in this context. The NSA didn't understand the GPL. And yeah, I would complain too if I couldn't have the complete source to my kernel...

    Yes I hate Microsoft, but this article is kind of ridiculous...it uses some vague quote to make microsoft look bad. This is not the way to win the war.

    --
    The Right Reverend K. Reid Wightman,
  15. It's the applications, stupid by Animats · · Score: 4, Informative
    Most of you miss the point about SELinux. It's not an attempt to build something NSA would consider a secure system. It's a prototype on which apps can be written which might, someday, run on a system with mandatory security policies.

    Writing server-type apps to live within the constraints of a mandatory access policy is tough. (Look at how much crap runs as root because people can't make it live within the UNIX permission structure, which is far less restrictive.) But it's the only approach that works, because the applications aren't trusted.

    If you want to help, make some major application, like a mail program, work under SELinux, with as little trusted code as possible. Somebody was doing this for an FTP server, but those are of limited use. A mail server on SELinux would actually be useful.