Slashdot Mirror
US Government Pushed Many Tech Firms To Hand Over Source Code (zdnet.com)
An anonymous reader writes: Apple isn't the only company that has been asked to hand over the source code of its operating system. In an effort to find security flaws that could be used for surveillance or investigations, the U.S. government has made numerous attempts to obtain the source code from other tech companies. From the ZDNet report, "The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. The Justice Department wanted to draw outrage, painting Apple as the criminal. With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing 'most of the time.'"
U.S. Government confirmed for not giving a damn about U.S. citizens' civil rights. George Orwell will claw his way out of his grave just to tell us "I told you so! I told you so but you wouldn't listen!".
Vote for whoever the hell you want for POTUS; it literally doesn't matter.
...hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing 'most of the time...
Can some one explain to me how this behaviour by our [democratic] government, is very very different as compared to similar action taken by "those regimes" to the east? I mean, I do not see the difference here!
If an organization or individual wishes to license their code under an open source license, then that's great. But when someone is forced to hand over proprietary code to the government via secret tribunals, that's very very fucking bad.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Apple isn't the only company that has been asked to hand over the source code of its operating system.
I heard that even Linux had to hand over the source code of its operating system.
Can't help but guess the reason why they lose 'most of the time' is precisely because they don't need to be painted to the public as criminals - if a business is induced by the state to incur in practices most of its client-base would condemn, but these practices are done under cover of darkness, there's really no reason (other than an ethical one) to even attempt to fight such demands. And pragmatically, why would you spend money to defend your customers' rights when they were the same customers who elected officials that in turn stripped away those rights... (I'm being ironic - we all know law is ever changing and only through continuous scrutiny, even in lower courts such as the Apple case, can the people be defended from abuse of something that was initially considered fair).
It's becoming obvious that the government needs to be outright forbidden from doing just about anything except a few specific things, rather than merely not authorized. Just like there's hardly any difference between pointing a gun at someone and saying, "Wouldn't it be nice if I had more money?" as compared to saying "Your money or your life." -- nowadays there's very little difference between the government "asking" and the government demanding.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Being limited to a company and the government is still closed source.
Of course, you either knew that and are a troll, or are a complete moron.
Reading this along with the other article regarding FBI wants backdoor into Apple phones, I'm thinking law enforcement priorities getting skewed. Reminds me of back in the days when John Dillinger, Bonnie and Clyde were considered national threats when in reality they were just basic thugs that robbed banks. Larger criminals were the mob (which FBI did nothing about until Hoover died in 1970s) and a even more serious threat was the rise of Nazi Germany and Imperial Japan.
mfwright@batnet.com
Being limited to a company and the government is still closed source.
No.
The cesspool just got a check and balance.
Have they asked for the source code to Linux yet?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Yeah, but I'll bet the government sweetened the deal: "You give us your source code, we'll give you some juicy government contracts."
"Tastes better . . . lasts longer . . . "
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I think you're confused. Slashdotters don't want anyone to be above the law, especially not government nor corporations.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
How many punch cards would it take?
How long would the paper tape be?
yep, showing my age here...
No it isn't really.
At that point, corporations are only being forced to hand over what they already should have had to hand over to the US Library of Congress.
You're confusing the idea of "Open Source" and freeware.
A Pirate and a Puritan look the same on a balance sheet.
A) Almost all of the source code gotten by the government has been through purchase contracts in order to audit the code.
B) It would be remarkably fucking stupid to advertise what applications and OS'es we're looking for vulnerabilities in for offensive purposes.
C) Only slashtards and Apple Fanbois take the fascist attitude that oppressive mega-coroporations should be above the law.
I think it is completely right and proper for the government to require the source code for any software they purchase. It should be a standard part of all government contracts. Government has a responsibility to audit the code it is running in secure environments for security.
But forcing Apple to divulge its signing keys to a government that can't even secure its own highly sensitive background check records of personnel with government security clearances is a security threat to us all.
The US government repeatedly asked Linus Torvalds for the source code of Linux.
I heard they are pretty pissed off, something about being called "git" if I remember correctly.
the formula of the poisonous dispersants dumped into the Deepwater Horizon spill a few years ago, or the proprietary source code of Diebold voting machines. Or maybe they DID get the voting machine code and mess with it. Hmm.
As the writer of proprietary code that is critical to the security of millions of products, I'm more than happy for the code to be seen by more people. The company requires NDAs, but once that's in place, we don't have qualms and it's been shared with customers who care to ask, certification bodies and governments who want a look-see. Develop code on the understanding that it will be looked at by adversaries, friends and bureaucrats. When you aren't embarrassed to show it, your code is in a better place.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
It's all Objective-C which makes your eyes bleed.
When you need to look at the source code, in order to find exploitable bugs: hackers of - for example - Microsoft Windows and Office, have been very successful for ages now with finding vulnerabilities in those pieces of software, without ever having had access to the source code.
or did they?
Except they're not handing it over to anybody except the government.
And then any modifications the government makes, nobody else sees either.
So no, not really like open source at all.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Yes.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Because the government spends all their time looking at these companies, while completely ignoring the activities of certain large banks. Isn't HSBC still providing money laundering services for terrorists? Frankly, I'm amazed that the government has money to pursue this kind of thing while the SEC has 4 whole people, and they are paid to look the other way.
If telephones are outlawed, then only outlaws will have telephones.
I have a solution to this. Most of my code can never be read by the government, or anyone else I don't want reading it.
I've made that impossible, by writing it in -Perl-, with page-long regular expressions. :) Just try reading my recursive descent parser for almost-html embedded in almost-xml written as a 8,000 character regex, Obama.
As the writer of proprietary code that is critical to the security of millions of products, I'm more than happy for the code to be seen by more people.
It is only really good if the viewers of your code tell you of any security/... problems that they find. This will not be happening when the FBI/... takes your code, they will just use that knowledge to the detriment of your customers - not all of who are bad guys.
Considering that property seizures do have to be compensated, I wonder what the valuation on the iOS source code would be? And how long would Apple litigate, before handing it over, to set said value? There are after all, real, hard, numbers for iPhone sales over the years. And then there's extrapolated future sales to consider.
Imagine all the people...
They don't give a flying shit about terrorism, and everything about your intellectual property. The government wants to own all of your Intellectual Property, this is the end game.
"Why is handing over the source code a bad thing?"
It is not. That part of "secret trial" probably is.
On the other hand (AFAIK) that's not what it was requested to Apple.
"That's a nice product you have there. It would be a shame if something happened to it..."
So more people are being given access to source code, and more eyeballs make all bugs shallow. I call it a win.
Except when FISA courts are involved, they're looking for security bugs to exploit, not actually fix.
When China demands Windows source code isn't it universally acclaimed as a good thing because of the Big Bad US and how nationalism (as long as it's not the U.S.) is a wonderful thing?
No, it's not. You're factually incorrect with that whole "universally acclaimed" thing.
So more people are being given access to source code, and more eyeballs make all bugs shallow. I call it a win.
If the additional people given access to the source code are using it to find holes to use for their own purposes, and those bugs are not returned to the company, then it's a net decrease in security.
Yes, I know, you're just here to knock down strawmen, but someone might have actually taken this seriously.
This reminds me of that scene from Armageddon where Harry Stamper complains to NASA that they "stole the key to the patent office" so they could build one of his rigs for free. Though let's be honest... they're not after the code to get something free. They're after it to do static vulnerability analysis.
Many of my projects are closed source. I would be happy to release the source code... once I go back and fixup all those shameful kludges and quick and dirty hacks.
Maybe Apple is just embarrassed about their code? After the Microsoft sources leaked, it confirmed to me that being ashamed about the quality of code is probably the #1 reason Windows is still proprietary software.
Let me check: the American government is using using secret courts to steal IP from private firms, under the threat of detention, in order to facilitate spying on its own citizens. This is behavior I would expect to read of Soviet Russia, the GDR's Stasi, or some other corrupt, quasi-totalitarian state where the border security exists not to keep people out but to keep its populace in.
The ironic thing is that back in ~1992 that the Dept. of Commerce already warned about the the US's policy of encryption hindered the US more then it helped:
* https://www.gpo.gov/fdsys/pkg/...
A study was commissioned a few years later "A STUDY OF THE INTERNATIONAL MARKET FOR COMPUTER SOFTWARE WITH ENCRYPTION"
* https://epic.org/crypto/export...
In 2000, the "Revised U.S. Encryption Export Control Regulations" had this note:
* https://epic.org/crypto/export...
Good post. It also partially explains an observation that Obama and many others clearly are unfamiliar with, which is titled "American Exceptionalism".
The idea is that while most nations are ethnic groups who established geographical borders, the US is not. The US founding fathers, in the founding documents, declared that they were creating a new nation in order to have liberty and justice and ... . When the US government (including voters) fail to protect freedom and justice, they fail at precisely the goals that government was created to pursue. Not that we don't sometimes fail, we do, but we're -supposed- to do better, the US is founded, designed, as a nation of freedom, not a nation of German people or Japanese people or Czechs or Irish.
Obama mistakenly said "I'm sure Germans believe in German exceptionalism". No, Mr President, Germans know that Germany is the nation of Germanic people. They have not declared Germany to be the brightest beacon of freedom and democracy to the world, so they have no responsibility to do that. The German government's responsibility is to the German people. America is an exception to the common history because it wasn't created as an area for a specific ethnic group to live, it was created as a place for certain ideals to flourish. We therefore have a special responsibility to those ideals.
Why is handing over the source code a bad thing?
Because of all the "Fuck the FBI. Fuck the NSA." comments in it.
Have gnu, will travel.
Software copyright should not apply at all when complete source code is not available
-- 'The' Lord and Master Bitman On High, Master Of All
Nope. The gubmint likely SOURED the deal: "You give us your source code, and we don't send you to Gitmo!"
| NOYES >
Whoops, a little quantum superposition slipped in there.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Right Now is 2016. Right Now is also a song by Van Halen and most of the things they mention in the video are still going on. They were always going on, and everybody knew it. The first thing that leaped to my mind was this little cartoon at 3:40 in the video..
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
If it's not a Foreign Intelligence issue then why would it be under seal?
I do not recognize any FISA, FICA or the like, and I would PUBLISH any such documents without regard.
Source code will never be provided so get over it.
In my opinion the US government - in the person of its primary internal investigation agency - obtaining either a compelled downloadable security bypass hack or the source code to enable them to construct their own, would have committed a Fifth Amendment "Taking".
What would be taken would be the security reputation of the company, and thus the bulk of their current and future markets worldwide (ESPECIALLY foreign), for all future time - essentially all of the future value of the company. "Just compensation" would be the current value of that future revenue loss.
The general public, acting through the stock market, computes their best estimate of a price for that. It's called the "market capitalization" As of the close of trading today it was over 586 Billion US dollars.
So, IMHO, Apple's lawyers might want to make the following statement:
"SURE you can have your back door and our source code. And the rest of the company, if you want it. We'll deliver it as soon as your check for $586,340,000.00 (times the devaluation multiplier for the government printing or borrowing that much additional money, plus funds to cover any claims from our customers for damage from the exposure of their private data) clears."
Then they could distribute the money to their stockholders, set up the claims fund, and all go do something else, or retire. Meanwhile the government would be left with the "New FBI/NSA Apple", and the prospect of trying to sell its products to a sceptical world.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Most companies do some kind of code review and automated testing as well as user-interface studies. Compilers will be set to the highest level of warnings and even mark unused variables as errors and not warnings. Device drivers will be from third parties and have the similar standards. There won't be anything to be embarrassed about.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
> At that point, corporations are only being forced to hand over what they already should have had to hand over to the US Library of Congress. [emphasis added]
I assume you're calling out duties to participate in the "Cataloging in Publication" program of the Library of Congress?
There is no such obligation for copyright in general.
Picture if there were: Everything - every CHANGE to every website, every version of every application - would have to be sent to the Library of Congress. Every blog post. Every hand-written letter.
The Library of Congress is huge, but even it does not have the capacity to deal with that level of information, even if it wanted to.
It doesn't. So no. You don't have to send a copy of your software to the Library of Congress, if you don't want to.
When all of the eyeballs look for vulnerabilities and none of them will actuall disclose or report those then it's a bad thing..
With pure opensource everyone *could* look for vulnerabilities, and some do, and report the issues to the project.
they could sent whatever shit source code. Would some asshole in try to compile the code and see if it worked?
What about updates to the software?
Likely the NSA is looking for back-doors into closed networks, to steal designs from manufacturers, as to convey these to favored military contractors.
A company could also respond to any request like this like taking the 5th. The company could also advertise these kind of overtures from the gov like Apple(r) did.
You want our source code? They buy us out, and watch the company and its products fail.
I write my code in MUMPS and comment it in Cherokee.
+1. I was going to post the same.
I wonder how many government t paid trolls do we have here pushing the governments agenda? Who in their right mind believes it is ok for the government do demand your property when you haven't been accused of any crime? Who is on with them demanding to do it and not tell you what exactly they will be doing with it? Serious man, this is a joke. I'm tired of the US government contractors trolling all of my news. I would rather have them man up and threaten me for posting things rather than trolling their propaganda.
The only ones who made constructive comments (towards stronger security) were the ones you might expect not to.
My only experience with the FBI is of them waltzing into my standards meeting and demanding CALEA provisions be baked into the air interface, while I was busy specifying end to end crypto that would render it moot. Fun times. It was an open standards meeting. You could have been there too and enjoyed the show.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Modded offtopic? It must be a slow day for trolls.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
They are most likely not just looking for vulns in the software but to be able to inject them into the source code, recompile it and install it unbeknown to the target user. Kind of like what they were doing with the Cisco boxes.
Looks like a great case to veer away from US Owned/developed software
We need to have congress repeal the Patriot act. I bet dollars to doughnuts that most of those companies do not have enough cash to fight the government. I think Apple has plenty of resources. What we need is something like this to go to the Supreme court. I bet the Government would never want one of these patriot act seizures to make it that far as it would tumble down the pile of dominoes that the Patriot act actually is. I know that the Government came into the Windsor Public Library in Windsor CT and demanded the records of all the material that was being loaned by the library. The town librarians all refused to hand over the records. They stood their ground. They were threatened by the Government. When push came to shove and the case went to a federal court in NY NY. The librarians made the trip to NY NY and when they go there the Government decided to just drop the case. Why? I think because they don't actually want these cases to make their way into a real court and see the light of the constitutional day because none of them would ever past constitutional muster.
Paul E. Bahre
They forget they die too so they are concerned with this shit.
I can see Apple moving all software development to Iceland. Screw you DOJ!
the standard response should go screw yourself.
You may modify open source and keep your changes secret, but you must reveal the source of your modifications if you want to resell it directly as a package.
Depends which license we're talking about. With the GPL, no you may not modify the source and then keep your changes secret.
"Must reveal the source of your modifications": "I changed this. But you can't see it." That's not how it works.
GPL doesn't deal in direct and indirect, unless you go LGPL. The GPL itself is quite consistent.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF