Rick Smith wrote:
> If the NSA approaches Microsoft to acquire their support of NSA's
> surveillance mission, then the information will have to be shared
> with a bunch of people inside Microsoft, and they're not all going
> to keep it secret.
Two people in Microsoft would need to know. Bill Gates, and the lead
programmer on the part of the product with the security or privacy
bug. The lead programmer would do it and keep quiet if "Bill"
personally asked him or her to. Nobody else would need to know, and
it's unlikely that anybody else would stumble on the bug (particularly
if the lead programmer does the maintenance on that part of the code).
The US Government was doing such things as early as 1919, when they
approached the head of Western Union. A messenger picked up all the
telegrams of the last 24 hours, daily, brought them to Herbert
Yardley's "Black Chamber", and returned them by the end of the day.
The entire operation was completely illegal. The same was done with
the Postal Telegraph company in 1920. (Puzzle Palace, pg. 11-12.) I
doubt very many employees were in on the secret.
I have a well-founded rumor that a major Silicon Valley company was
approached by NSA in the '90s with a proposal to insert a deliberate
security bug into their products. They declined when they realized
that an allegation of the bug NSA wanted (using a "large prime" that
was really composite) would be detectable and verifiable by customers
and competitors. (There have been allegations of NSA-induced bugs in
Crypto AG equipment, but the company just denies them and nobody has
proven they exist yet. This one would've been easier to find once
the allegation was made.)
Turning down the offer on verifiability grounds left them wondering
whether they really would have done it if it'd been possible to keep
the whole thing secret. The quid pro quo offered by NSA would be that
their products would have no trouble getting through the (at the time)
draconian export controls. Of course, there was no way to enforce the
deal either; "blowing the whistle" if NSA refused export permission
would have revealed the company's security products as untrustworthy,
probably kicking it out of the security market.
Anybody tested the primes in major products lately?
Did you ever wonder how certain companies' products got export licenses
when other similar companies just couldn't export?
How hard is it to factor a product of two primes when one of them isn't
really prime? (I.e. to factor a product of three primes?)
John
