11.5 C
London
Thursday, October 19, 2017

The only Utah ISP (and one of the few nationwide) standing...

Giving metadata or traffic monitoring not "necessary to protect the safety of Americans."    

Why you shouldn’t worry that the NSA is inside Android’s code

It's not difficult to jump to conclusions when you hear NSA, refining code, and Android in a single sentence, but that's exactly what a lot of people are doing. I'm referring to the "revelation" that Google has accepted code from the US National Security Agency (NSA), and included it in Android. Certainly, with PRISM hitting the headlines, it's a great time to get stuck into the NSA, but honestly, when that three-letter organisation starts meddling with something, it's not always for a bad reason. And it would be an especially dumb move for the nation's code breakers when it is pointed out that Android is an open-source project where anyone can review anyone else's code (at least, code that's contributed by developers like the NSA).

The NSA would be a laughing stock to place any back door in such plain sight. The NSA's own code falls under its contributions to the Security Enhancements for Android project, which it describes as one that helps to "identify and address critical gaps in the security of Android". If it at all sounds familiar, it's because the NSA has already done the same sort of thing with Linux in the form of Security-Enhanced Linux (SELinux). In fact, the NSA was one of the first developers for SELinux, and its changes have been already integrated into the Linux kernel for almost a decade. To those people who seem worried that NSA-written code might make its way into Android devices the world over: Don't worry, it's already been all over your Linux distributions for years. And speaking of years, let's go back farther. To 1975, in fact, to demonstrate that the spooks haven't always been trying to probe us. That was about the time that the Data Encryption Standard (DES), developed by IBM, was published.

The NSA's code-breaking sleuths had an interesting take on it once they got their hands on it.

They wanted to reduce the proposed key length from 64 bit to 48 bits — because, hey, why not if you're the biggest code-breaking organisation in the US? — but it also made some unexplainable-at-the-time changes to the substitution boxes.

These S-Boxes were just one part of the DES algorithm, and no one could immediately see why the NSA's changes would make much difference. Conspiracy theorists of course came forth with claims that perhaps the NSA was weakening the encryption standard. But after time, the opposite was found to be true when an IBM researcher revealed in 1994 that the NSA's changes had actually strengthened the algorithm against differential cryptanalysis — a technique of observing how subtle changes to an algorithm's input changes the output, and, from this, determining what the key material might be. And before it was eventually broken, as all encryption is once computers get fast enough, DES was like Linux and Android. It was everywhere.

As the go-to standard for encryption, it was used in military networks, government installations, and anything that fell in between the '80s to the early '90s that needed some form of protection. Evidence eventually pointed to the NSA doing the right thing, despite a decade of naysayers thinking the opposite. I wouldn't worry about the NSA getting all up in Android, especially when it's open source and there's the potential for severe embarrassment if it decides to pull a quick one. Go ahead and wonder whether it's intercepting our data ethically and legally, sure; but on these sort of projects, it's a good idea to have some code breakers on your side.

Virus removal squad: Ars readers talk security measures

Ars talks about the wholesale destruction of EDA computers, super-secure passwords.    

Estonia publishes its e-voting source code on GitHub

System architect says he welcomes "development and security of the e-elections."    

Prenda’s John Steele in LA: Two wrongs don’t make a Wright...

At last, John Steele speaks, describing a "pattern of fraud." Not his, though.    

Artist investigated after shining Kim Dotcom “light art” on US Embassy

"United Stasi of America" image shone onto walls of US Embassy for 30 seconds.    

Snowden holds court in Moscow airport, asks for safe passage

He had vast spying abilities: "That is the power to change people's fates."    

Myriad, fresh off Supreme Court loss, keeps on suing over gene...

Company has made $57 million with a testing monopoly it doesn't want to give up.    

Hearst TV station files suit to stop Aereo’s Boston expansion

"WCVB will be deprived of existing and potential revenue streams," suit alleges.    

Prenda fails to pay $455 appeal fee, leading to a $9,425...

Failure to pay means one of Prenda's first appeals is over before it started.    

NSA taps Skype chats, newly published Snowden leaks confirm

Microsoft worked with the government, producing both chats and e-mails.    

Teen jailed for alleged “terroristic threats” on Facebook now free on...

"Anonymous good Samaritan" donates the $500,000 needed for Justin Carter's bail.