Richard Stallman Speaks About Back Doors After NSA Documents Leak

An anonymous reader writes "Companies such as Microsoft, Facebook, Apple, and Google are scrambling to restore trust amid fresh litigation over the PRISM surveillance program. Richard Stallman, the founder of the Free Software Foundation and a newly-inducted member of the 2013 Internet Hall of Fame, speaks about not only abandoning the cloud, which he warned about 5 years ago, but also escaping software with back doors. 'I don't think the US government should use operating systems made in China,' he says in this new interview, 'for the same reason that most governments shouldn't use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.'"

As usual. Stallman was right all along.

His record for being correct is rather unusual.

Re:As usual. Stallman was right all along.

No, his record for being correct is not unusual.

It's pathetic.

And by that I mean that it is pathetic that you need to be a pessimist and paranoiac to even get halfway to predicting government and industry trends.

We need to work towards a world where Stallman is wrong more often.

Re:As usual. Stallman was right all along.

What I respect about Stallman is his persistence. He just keeps hammering home the same message, over and over again, decade after decade. As opposed to politicians or talking-heads, he doesn't budge nor compromise. And then, ten or twenty years later, people realise he was right all along. And what does he do? He keeps hammering on the same message still, because people still didn't act, even when they know exactly what they ought to do. I think that is what makes him unusual.

Re:No surprises

Your point about source code is interesting enough on the surface, but how many organizations compile Windows from source code?

I'm not convinced that what's in the [quasi-public] source code matters a lot when pretty much everyone runs the distributed binaries. Those are the things that need to be analyzed from a security perspective, along with the rest of the functional system that ends up in place. C'mon, you don't test food for poison by obtaining the recipe.

Skype NSA surveillance from Microsoft

I remember Microsoft's denials about intercepting Skype, yet the PRISM leak shows they can fully intercept everything:

http://gizmodo.com/what-is-prism-511875267

There are two worlds here, companies that cooperated with NSA illegal spying and those that didn't. They chose their sides, they chose the side against the constitution. That's not my side, I need to secure my data against NSA and its corporate allies.

Skype leak shows they can intercept voice communications, the files you sent, the text messages, the video of your conversations, the lot, and it's a live intercept, so its a live connection too. I bet they can even turn on the camera and mic remotely on Skype.

Then we find out Stuxnet is confirmed as NSA. So no doubt where all those zero day exploits came from, Microsoft themselves:

http://www.guardian.co.uk/world/2013/jun/28/general-cartwright-investigated-stuxnet-leak

So all the scary hackers out there making Stuxnet? They're the NSA itself.

I don't trust this Windows box in front of me currently, my server is being moved out of the USA, this Windows box is next.

Re:Abandoning the cloud ?

[RobertNotBob]

Tom,

With all due deference to a slashdotter with a 3 digit UID, I'd like to point out the danger of your last statement.

Primarily, the risk is that your smaller, side-projects may indeed pan out to be your primary revenue stream in the business environment of the future. But the consolidation affect is at least as dangerous. The conclusions that can be drawn by a talented analysts from the sum total of your small, seemingly insignificant data leaks can be staggeringly powerful. And if you think that your company is not worth the time of a talented analyst, then you may not have been paying attention to the cultural make-up of our current competitors in the world today. -- They take the time to analyze everything they can.

Now, I don't want to go off on a rant... but I did want to throw that out.

...

That said... Sure. Holiday pics fit nicely into a cloud.

Re:Abandoning the cloud ?

[SirGarlon]

In an era when almost everyone either deals with offshore companies or has immigrant friends or neighbours, the assurance that "only foreign communications are examined" doesn't give much comfort.

In an era where the NSA lied about the existence of the program, lied about the level of oversight, lied about the effectiveness of the program, and lied about what data was collected, ANY assurance from the executive branch doesn't give much comfort.

Re:GNU/Linux is made in the USA

[WaffleMonster]

But equally there are thousands of really talented programmers who examine the source code very thoroughly, many of whom contribute back.

Not really, most of each of thousands of projects have at most a few core developers and extraneous people who occasionally submit patches to fix specific itches. There is no "A team" scouring all open source for vulnerabilities from the simple fact such vulnerabilities most certainly do exist as innocent bugs and have not been reported by such teams.

To illustrate this point the linux kernel is developed by armies of smart people yet an automated tool found a laundry list of shit that has been around for years nobody noticed.

http://www.coverity.com/library/pdf/linux_report.pdf

If there were back doors then there is a high chance that they would have been detected.

There is no difference between a backdoor and a vulnerability. The logic that deliberate backdoors would be detectable in source code when we know from experience innocent bugs having the same effect as a backdoor have a proven track record of not being detectable is simply wishful thinking and wrong.

Plus anyone really paranoid about it CAN go and check the source code to make sure for themselves.

I suppose anyone can drain the earths oceans with an eye dropper as well.