Tuesday, July 9, 2013

Don't Forget to Take Your NSA-Approved Tracker With You When You Leave Your Home.

If you have an Android-OS smartphone, you should know that part of the code for that OS was developed by the NSA.

Because, of course, the American Stasi NSA only has your best interests at heart.

(H/T)

UPDATE: BadTux disagrees. He posted a comment, which is worth the read. I am copying it here:
Actually, in this case, the NSA-written code has been thoroughly vetted and does exactly what it is supposed to do -- it adds fine-grained security structures to Android so that virus programs cannot easily break out of their "sandbox" and compromise the rest of the operating system. We've been using a previous NSA contribution to Linux that does exactly the same thing, SELinux, for years.

The deal is that there are multiple different departments within the NSA. There is the department charged with spying on the world (and on Americans now, it appears), and there is the department charged with preventing *other* nations from spying on America. I have spent a large amount of time over the past fifteen years interacting with the second group of people, since I was one of the "Cryptopunks" who defeated the Clinton administration's proposal to put spy chips into every electronic device (the so-called "Clipper Chip", which we proved could be broken by foreign powers -- and furthermore, we proved that *any* such algorithm placed into end-user devices that had a "phone home" capabilities like that could be broken by foreign powers).

SELinux (and the related Android extensions) were written by the second group, the group charged with keeping foreigners from spying on America. The code has been vetted by people I trust, up to and including Linus Torvalds, who is not a person who suffers fools or government interference lightly. (Really. He's a total opinionated asshole. Which is why he is a software engineering god. If he thinks the code is good, it's good). We looked at that code and decided it added sufficient security enhancements to Linux that it was worth rolling into the mainstream Linux kernel. Which is no easy task, not with Linus Torvalds up there looking for a reason, any reason, to reject additional functionality for Linux. (He has to do that, otherwise the kernel would bloat to the size of Microsoft Windows). Every single line had to be proved necessary, and every single line had to be proved to do what it said it was doing. That's just how things work in Linux.

In other words: This notion of "NSA spy code in Android" is just paranoid garbage from utter technological incompetents who don't have a clue. Those of us who have looked at the code and vetted it know that it does what it says it does. The reality is that the NSA doesn't need spy code in Android. They have AT&T and Verizon to do their spying for them both via taps in the telco pipes and via the 911 GPS locator beacon that was mandated for every cell phone over a decade ago :).
I will `fess up to not trusting the NSA, but then again, I have the same feelings about all intel agencies. I don't know if the dividing line between what he describes as two sides of the NSA is as delineated as he implies. But the point he raises about the NSA not being able to just sneak code into Linux is a good one. (Unlike, say, Windows, where they may have done just that.)

1 comment:

  1. Actually, in this case, the NSA-written code has been thoroughly vetted and does exactly what it is supposed to do -- it adds fine-grained security structures to Android so that virus programs cannot easily break out of their "sandbox" and compromise the rest of the operating system. We've been using a previous NSA contribution to Linux that does exactly the same thing, SELinux, for years.

    The deal is that there are multiple different departments within the NSA. There is the department charged with spying on the world (and on Americans now, it appears), and there is the department charged with preventing *other* nations from spying on America. I have spent a large amount of time over the past fifteen years interacting with the second group of people, since I was one of the "Cryptopunks" who defeated the Clinton administration's proposal to put spy chips into every electronic device (the so-called "Clipper Chip", which we proved could be broken by foreign powers -- and furthermore, we proved that *any* such algorithm placed into end-user devices that had a "phone home" capabilities like that could be broken by foreign powers).

    SELinux (and the related Android extensions) were written by the second group, the group charged with keeping foreigners from spying on America. The code has been vetted by people I trust, up to and including Linus Torvalds, who is not a person who suffers fools or government interference lightly. (Really. He's a total opinionated asshole. Which is why he is a software engineering god. If he thinks the code is good, it's good). We looked at that code and decided it added sufficient security enhancements to Linux that it was worth rolling into the mainstream Linux kernel. Which is no easy task, not with Linus Torvalds up there looking for a reason, any reason, to reject additional functionality for Linux. (He has to do that, otherwise the kernel would bloat to the size of Microsoft Windows). Every single line had to be proved necessary, and every single line had to be proved to do what it said it was doing. That's just how things work in Linux.

    In other words: This notion of "NSA spy code in Android" is just paranoid garbage from utter technological incompetents who don't have a clue. Those of us who have looked at the code and vetted it know that it does what it says it does. The reality is that the NSA doesn't need spy code in Android. They have AT&T and Verizon to do their spying for them both via taps in the telco pipes and via the 911 GPS locator beacon that was mandated for every cell phone over a decade ago :).

    - Badtux the Linux Penguin

    ReplyDelete

House Rules #1, #2 and #6 apply to all comments. Rule #3 also applies to political comments.

In short, don't be a jackass. THIS MEANS YOU!
If you never see your comments posted, see Rule #7.

All comments must be on point and address either the points raised in the blog post or points raised by commenters in response.
Any comments that drift off onto other topics are subject to deletion.

(Please don't feed the trolls.)

中國詞不評論,冒抹除的風險。僅英語。

COMMENT MODERATION IS IN EFFECT UFN. This means that if you are an insulting dick, nobody will ever see it.