Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Cryptographers Call For UK and US To Out Weakened Products

Posted by Unknown on from the instead-they-disappear dept.

Trailrunner7 writes "A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries' intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ 'have been acting against the interests of the public that they are meant to serve.' The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products."

11 of 105 comments (clear)

  1. Proprietary Routers by Anonymous Coward · · Score: 4, Insightful

    Let's start with these as they are of great importance and often fall behind with updates.

    Google search:

    cisco routers backdoor
    cisco routers rootkit

  2. Unlikely by AmiMoJo · · Score: 4, Insightful

    Does anyone really expect these criminal organizations, headed by the kind of people who set up a Star Trek style command bridge, are going to do the right thing? The only way to deal with these scum is to shut them down and start from scratch.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Likely outcome by return+42 · · Score: 5, Insightful

    I suspect the agencies will make a great show of reluctance, then reveal what they did to some protocols and algorithms -- those where the backdoors are most likely to be noticed, or have already been found, such as Dual_EC_DRBG. The crown jewels, those least likely to be noticed, will remain secret. Nothing to see here folks, move along.

    NSA and GCHG couldn't care less about the public interest. They have a mandate to spy on as much as possible on the off chance that it may prevent some terrorist act. They will continue to do so in any way they can unless the legislative bodies or courts in their respective nations rein them in. This seems moderately likely in the US, quite unlikely in the UK.

    1. Re:Likely outcome by FriendlyLurker · · Score: 5, Insightful

      on the off chance that it may prevent some terrorist act. .

      Oh, that must mean those terrorist organizations like Occupy Wall Street, - or any other community based activist group trying to agitate for improved conditions for the people. Must be why we are treated as the enemy.

    2. Re:Likely outcome by mrspoonsi · · Score: 4, Insightful

      It needs more people to be outraged by it, to what lengths are people willing to accept this kind of intrusion? If these spy agencies shipped all domestic post to a 3rd country, where it was opened, photocopied, stored then sent on its way, people would be doing a Bastille style take down, yet somehow because these letters (email) are electronic, and it does not need a huge complex of Stasi officers doing the actual work, then it is OK for most of the people?

      Well I say to those people, your liberty is gone, a form of government is in place which is open to internal corruption / blackmail, there is a massive abuse of power going on. Information is power, and the next President, well the NSA, FBI, etc might just have a file on said future president, all his little secrets, so the President is in their pocket so to speak.

      Remember, for a true democracy, government needs to be transparent.

    3. Re:Likely outcome by Walterk · · Score: 5, Interesting

      Interesting you raise the point about the "mandate to spy on as much as possible on the off chance that it may prevent some terrorist act".

      There is a very interesting article on the BBC blogs indicating just how useless MI5 has been at any sort of intelligence gathering, even the sort that's been painfully obvious over it's entire existence. It's opening gambit: "Maybe the real state secret is that spies aren't very good at their jobs and don't know very much about the world".

      http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER

      --

      "If anyone needs me, I'm in the angry dome."
  4. Re:hahhaha by F.Ultra · · Score: 4, Insightful

    No they think that the _should_ care about the public interest since that is why we have them. If they do not serve the public interest we should abolish them.

  5. Collective noun by wonkey_monkey · · Score: 4, Funny

    A group of cryptographers

    I believe the correct term is a crib.

    --
    systemd is Roko's Basilisk.
  6. Re:hahhaha by TheRaven64 · · Score: 5, Interesting

    The problem is that the NSA and GCHQ have dual mandates. They are responsible for both ensuring their respective countries are not vulnerable to attacks and for ensuring that they have techniques for attacking others. This means that when they discover a vulnerability in a piece of widely deployed software, they have conflicting requirements. If they publish it, then the systems that they're defending will be safer because it will be fixed, but if they don't publish it then the systems that they're attacking will remain vulnerable. This gets even worse when they start introducing intentional back doors (given how many Russian spies there were in these institutions during the Cold War, it's pretty much expected that there will be some Chinese spies in there now, so those back doors are almost certainly not secret).

    --
    I am TheRaven on Soylent News
  7. Re:Is it for real? by Antique+Geekmeister · · Score: 4, Informative

    They've apparently been interfering with open source and free software. (See John Gilmore's notes about the security agency hindered deveopment of IPsec, at http://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html )

  8. Re:hahhaha by Anonymous Coward · · Score: 4, Insightful

    How many truck bombs have been set off in your town? And if you think the long string of successful non-explosive days is thanks to the alphabet soup agencies, I have a lovely truck bomb preventing rock here I'd be willing to part with for a few thousand dollars.