Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux 576
darthcamaro writes "At the Linuxcon conference in New Orleans today, Linus Torvalds joined fellow kernel developers in answering a barrage of questions about Linux development. One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,' as the audience broke into spontaneous laughter. Torvalds also admitted that while he as a full life outside of Linux he couldn't imagine his life without it. 'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"
Re:Would probably be found (Score:5, Insightful)
That trust can take years to build up - but be detroyed in a heartbeat.
You'd think so, but somehow people still trust Windows, even though it most certainly has been compromised.
Re:Would probably be found (Score:5, Insightful)
Being compromised isn't the issue. The Linux kernel has been compromised as well.
The issue here, is that there is a backdoor being built-in deliberately. That could compromise trust.
Re:Would probably be found (Score:5, Insightful)
Yes, that's the conventional wisdom with open-source. But tell me: when was the last time you went inspect the code deep in the kernel? How many open-source code users do you think have the time, desire and ability - and probably paranoia - to go and inspect the code in *any* open-source project of reasonable size, let alone something as complex as the kernel?
I don't think someone could slip funny code in the main kernel tree - too many specialists reviewing the patches - but I'm convinced that if Canonical, SuSE or RH wanted to distribute a tainted kernel, they could do it undetected for a very long time, if not indefinitely.
Re:Would probably be found (Score:5, Insightful)
The issue here, is that there is a backdoor being built-in deliberately. That could compromise trust.
There is [americablog.com] that possibility [wikipedia.org]. Once again, this is a possibility we've known about for a while, and it hasn't caused people to leave Windows in droves. I think it's something most people just must not care about.
Re:Would probably be found (Score:5, Insightful)
If anybody were somehow forced to submit a backdoor, it would be very easy to just tip off a random fellow developer to "discover" it.
Re:Would probably be found (Score:5, Insightful)
It's unlikely that such a backdoor, should it exist, would be coded so obviously, since the source is published. Instead, it would more likely be in the form of a subtle buffer overflow that results in previlige escalation or such, such that when found, it could simply be labeled as a bug rather than an backdoor... plausible deniability.
No (Score:2, Insightful)
*If* such a mechanism was coded in, the nature of open source would mean it would be found by others.
The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:
a) The code will be audited, and while this is true for the Linux kernel it may not be true for *insert small open source project with few developers here*.
b) You're relying on the audit to look in the right place, i.e. it's one thing to compromise the Linux network stack, and quite another to compromise *insert convoluted X11 protocol no one has touched in years here*.
c) You're relying on the fact the auditors can actually identify the fault in the code. Given that a backdoor can be inserted as easily as putting a = sign where an == sign belongs and given the quality of entries in the Underhanded C Contest [xcott.com] I would say that not nearly every coder is competent at identifying nefarious code. Not to mention the number of exploitable bugs that exist at large.
d) You're assuming the source code matches the binaries, and while people may be routinely looking at your code, the vast majority of projects not built from source are NOT decompiled and checked against their source to see if someone hasn't tainted the binaries.
Having auditable code does not magically make you safe.
Re:Would probably be found (Score:5, Insightful)
*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.
If it was obviously a deliberate back door, sure. Which is why the clever hacker/government-agency would be a lot more subtle -- rather than a glaring "if (username == "backdoor") allowRootAccess();", they'd put a very subtle [mit.edu] mistake into the code instead. If the mistake was detected, they could then simply say "oops, my bad", and it would be fixed for the next release, but other than that nobody would be any the wiser. Repeat as necessary, and the visible results might not look too different from what we actually have.
Some people ... (Score:5, Insightful)
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.
No, it might not (Score:5, Insightful)
The Pragmatics of the Truth (Score:5, Insightful)
One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,'
That's actually quite a cunning answer: possibly, regardless of his answer to the back-door request (I hope the answer was something like "No, fuck you"), like others in comparable situations have hinted at, maybe he's being held accountable to some kind of on-going government "Non-disclosure clause" concerning such a request/conversation.
But can body language and gestures be held up to the same legal gagging? I'm sure no legal precedent been held for that yet, and Linus probably is aware of that.
A cunning, cunning way of answering the question.
Re:Would probably be found (Score:5, Insightful)
Do you compile your programs from source and check that it is the last valid version from the project or do you install rpm or deb binary packages? Even if the actual project is vetted, it is near impossible to validate everything that comes though the automatic updates. This is definitely a point of failure, since you only need one person, the person that has access to the signing keys and the update server. So you trust canonical, red hat, SuSe to be fully vetted? Open source is better than closed source vendors, but in the end, if you download binaries you are in the mercy of the person who built them.
Re:Would probably be found (Score:5, Insightful)
You don't even need to have something to hide; you just need to anger the wrong people at the wrong time. What the government thinks is 'bad' is not necessarily what you think is 'bad,' so you're always in danger, no matter how unimportant you believe yourself to be.
Re:Would probably be found (Score:4, Insightful)
What people fail to understand is that proper security reviews are more than "let's just take a look at the code and make sure that it's not sending email to the NSA." You also can't perform a proper review with a bunch of hobbyist coders, you need highly-trained experts. Every single line of code needs to be checked, double checked, and triple checked against every single other line in the code to make sure that there isn't anything that could possibly compromise the security of the system. These failures are always subtle and usually unintentional.
This is best summed up with an example. Any idiot can look at the code and say "wait a second, this code copies the decryption key and sends an email to the NSA!" Only a very methodical search with a lot of people can say "hey, we've determined that this implementation of this specific part of this specific algorithm probably doesn't have a large amount of randomness over a long period of time. It likely decays such that the complexity is reduced to such and such a number of bits after such and such an amount of time and in these specific situations. This is a problem!"
Re:Some people ... (Score:4, Insightful)
... can't tell the difference between humour and reality.
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.
I don't know if you've been following the news lately, but when it comes to backdoors a lot of the "tinful paranoia" of years past has turned out to actually be true. Statistically speaking it is no longer such a certainty that it's just paranoia anymore. The true tinfoil cynic might say that agencies like the NSA are actually depending on "serious tech people" discounting stuff like this as tinfoil paranoia.
Yes (Score:5, Insightful)
The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:
The difference is that with a closed source OS, if the other devs with access to the code find the backdoor, they can be ordered by the company to STFU or lose their jobs. The NSA only needs to compromise (either legally or illegally) the head of the company and that also gets them every single dev with access to the source.
There's no way for even Linus at his most shouty to completely control what other Linux devs discover. (And, as the previous poster noted, that makes it easy for Linus to tip off another dev on the sly to publicly "discover" and patch the "bug", without exposing Linus to legal issues from not cooperating with the NSA.)
Given the difference between "effortless to compromise" and "insanely difficult to compromise", which would you pick as the safest?
Re:Would probably be found (Score:5, Insightful)
How many open-source code users do you think have the time, desire and ability - and probably paranoia - to go and inspect the code in *any* open-source project of reasonable size, let alone something as complex as the kernel?
There's a whole industry evolved around finding exploitable holes in Windows, and there's no source available for that at all[1]. You can be sure the bad guys have given it a thorough going over and if there was a generic hole (I doubt you could slip an "if password = NSA then accept" style patch by the gatekeeper so it would need to be subtle and generic) it would be found. Admittedly this is not ideal but as soon as the bad guys use their exploit it will be effectively disclosed and then fixed.
[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...
Re:Would probably be found (Score:5, Insightful)
Re:Would probably be found (Score:5, Insightful)
You seem to assume that there are no criminals at all part of "the NSA". Considering the number of employees they have with most having fairly complete access it is almost certain that there are criminals with access to a lot of NSA data.
if Linux was asked, the MS were asked (Score:5, Insightful)
If the Govenrment asked for Linux, then certainly they asked for Windows, and whereas I trust Torvalds, I don't trust Microsoft - not in a nasty way, just in the sense that they're a very large company over whom the Government has a great deal of power and where very large companies typically are not morally motivated. I don't mean that in a nasty sense, I just mean there's so many people, taking a moral stance - e.g. accepting a cost for a benefit you personally do not see - is in practical terms very, very unlikely.
So I think I have to assume there is a backdoor in Windows. In fact, it's hard to imagine anything anyone could say to reassure me. If the NSA said it was not so, I'd laugh. They twist words with the pure purpose of deception. If MS said so, I'd be thinking they were legally compelled, such that they could not even say that uch a request had occurred. The NSA surely now have a problem, in that I absolutely cannot trust their word - and indeed I cannot see how that trust can be re-established. If there was a full disclosure, that would be a start, followed by a credible reform programme. I don't think either even remotely likely; and by that, I rather think the NSA has either sealed its doom, or *our* doom. The NSA has gone too far. Either they will be replaced, in which case the problem is addressed, or, if they are not replaced, then *we* have a problem, because the NSA is too powerful to remove (and violates all privacy and security).
So, what do you know? turns out this *will* hurt MS sales, because now I *have* to move to Linux. I've been thinking about it for a while, but the cost of learning a new system to do only exactly what you can do already means where I'm very busy, it hasn't happened; but now there is a *need* for me to do, privacy.
Re:Would probably be found (Score:5, Insightful)
It is foolish to assume that the people working for the government are perfect angels who could never mean you any harm; this has never been true and never will be true.
Re:Would probably be found (Score:5, Insightful)
What a lot of people fail to recognise is that the people in charge of governments and the state tend to have the mentality and vindictiveness of very small children. Unfortunately, they also have an adults guile. Assumming that small children will behave rationally, reasonably, or for the common good is not a legitimate strategy.
Re:Would probably be found (Score:5, Insightful)
What if it was your neighbor reading your mail? Would you still shrug it off?
Re:Would probably be found (Score:5, Insightful)
But if the NSA can get in, then it is only a matter of time before someone else figures out how. Whether or not I trust the NSA barely even matters, because I certainly don't trust this next entity.
This is why I prefer something the NSA can't get into: there's probably nobody else who can either. The NSA's cracking efforts hold considerable value for that reason: they can, and should, be letting us know when our machines are not secure enough. The problem arises when they fail to do this, which seems to have been the case in recent years.
Re:Would probably be found (Score:3, Insightful)
Few people are more expert on C and the x86 memory architecture than the Linux kernel devs, and none are more expert on Linux than the kernel devs themselves.
But I can tell you're one of 'those' people, who can't conceive that people are capable of learning and becoming experts without some certificate granting jerkoff/circlejerk club to sanctify their alleged expertness with a wax stamped piece of paper.
"hey, we've determined that this implementation of this specific part of this specific algorithm probably doesn't have a large amount of randomness over a long period of time."
An algorithm doesn't, by definition, have any randomness, so it's clear you yourself don't know what the fuck you're talking about, and are not such an expert. "Random number generator" code doesn't actually generate random numbers, it mixes deterministically numbers from a probabilistic source, which ideally has a normal distribution, but generally doesn't, and thus uses a spreading function (of a specific class: trapdoor function) that is designed to make it computationally expensive and/or information expensive (needs a long run of output), to approximate a normal distribution from it's input(s).
And the Linux and BSD random number "generators" (though filter or conditioner is a more apt name), are two of the most well studied and audited filters. Besides the kernel developers, there are many independent, professional auditors who have reviewed the Linux crypto code, and granted various criteria certifications for specific versions of it.
And despite both these groups, professional auditors and kernel developers, spending serious time, effort and money on validating the security of Linux and BSD, security defects are still found from time to time, sometimes in very old code. There really is no "highly-trained experts" capable of completely proving the security of these kernels, ignoring the near-impossible task of proving hardware secure (can always make a more sensitive SQUID), and you are certainly not anything like the experts who DO audit them.
Re:Some people ... (Score:5, Insightful)
Re: Would probably be found (Score:2, Insightful)
Since what the NSA is doing is criminal they are criminals by deffinition.
Are you fine with China getting in and snooping? (Score:5, Insightful)
How about just the UK and France? Both have a "special relationship" with the USA, so can easily be getting the same information on how to snoop on your stuff as the NSA do.
So are you fine with the UK government, a foreighn power, snooping through your e-mails?
No?
THEN WHY THE FUCK IS IT OK FOR THE NSA TO SNOOP THROUGH MINE?
Morons.
You even say of your spying agencies "Well, I expect the agency to be spying on foreigners, but NOT to spy on me!!!". Except where they're spying on you, in which case "It's OK for them to spy on me".
Re:Slip the backdoor into a precompiled GCC instea (Score:5, Insightful)
Seems we need reminding of this classic [bell-labs.com] by Ken Thompson... there are no changes in the distributed source code of either project
Someone would have found it with a debugger. Sure, they could change the compiler to insert code into a debugger to hide the patch. But this rapidly gets so complex and error-prone that the bloat would be noticed and it would fail to spot all debuggers and patch them all. It's an interesting theoretical attack, but not practical in the long run.
Re:Would probably be found (Score:5, Insightful)
I think the fact that people (myself) actually don't care is that most of us (99.99%) wouldn't have a problem, since we're not doing anything illegal. I know that it is still wrong, but i just don't care
No, you only think that you're not doing anything illegal. You have no concept of just how many laws cover every single thing you do. Or, for that matter, don't do. Legal experts know better. So do the people who monitor the street cameras when you step off the curb prematurely.
THAT is the problem. If someone for whatever reason decides that they don't like you, they can pull that data and metadata and use it as supporting evidence for whatever transgressions they deem suitable to nail you for. At a minimum they can make your life difficult in a thousand ways (no-fly lists, for example). In extreme cases, you could be labelled an "Enemy Combatant" and wake up in Gitmo. Especially if someone "accidentally" tagged the data with aggravating information.
The problem with "Innocent People Have Nothing To Hide", as I've said before, is that you aren't the one that gets to decide what makes people "innocent".
I've resisted (Score:1, Insightful)
Re:Would probably be found (Score:5, Insightful)
Re: Would probably be found (Score:4, Insightful)
Hah. Assume they are. What god complexes people have to assume they are worthy of the NSA snooping on them. Be a good person and you have nothing to worry about. Government agencies have snooped on their citizens for decades, remember the analog phone system? Digital cellular still uses the same backbone.
And, of course, advances in technology have had no effect whatsoever on how cheap, per person, surveillance is over the past few decades. None at all, nope, you still have to be radical enough to get three guys wearing headphones and looking real intense allocated to listening to you. Idiot.
Re: Would probably be found (Score:5, Insightful)
Read the constitution.
Backdoors... (Score:4, Insightful)
Re:Would probably be found (Score:5, Insightful)
People get very mad when an average person spies on them (check out that surveillance man http://www.youtube.com/watch?v=CONgeNlxVug [youtube.com])
But govt doing the same thing is ok in most people's book. Look at many cities and the CCTV cameras everywhere, nobody has much issue with those, but if a private citizen points a camera at someone, that's terrifying / criminal to people.
Re: Would probably be found (Score:5, Insightful)
judges are pissed NSA lied to get their okay (Score:5, Insightful)
Judges have ruled that the NSA could do these things - when the NSA lied to the judges about what they were doing and how. Some of those judges are pretty pisses off now that they know how the subpoenas were abused, so I wouldn't think think those rulings definitively say what NSA is doing is in fact legal. The judges who made the rulings don't think they approved what was actually going on.
Re:Would probably be found (Score:5, Insightful)
Where in the article does it say that he declined?
legal != ok, UK not busting US pot smokers (Score:5, Insightful)
It's ILLEGAL for the NSA to spy on Americans, and for good reason. That doesn't mean it's OKAY for them to spy on everyone else, but at least it's LEGAL.
As a US citizen, I'd rather China spy on me than the NSA. The reason is because China isn't going to try to "bust" me on a minor and erroneous charge. For example, there is a porn star named Ann Howe aka Melissa who started in porn when she was 20. She looks young, so several people have been busted for "child porn" for having pics of her when she was 20-25 years old. I don't want my government spying on my internet usage because my government will charge me with child porn based on a chick in her twenties. The Chinese government doesn't give a shit what porn I see. Therefore yes, it's less bad for a government to spy on foreigners - even when I am the foreigner.
Re:Would probably be found (Score:5, Insightful)
You seem to assume that there are no criminals at all part of "the NSA".
The NSA itself is comprised of criminals. From the agent who accesses data he has no legitimate right to, to James Clapper who lies about it to Congress. The NSA is a criminal organization.
Re:judges are pissed NSA lied to get their okay (Score:5, Insightful)
Judges have ruled that the NSA could do these things - when the NSA lied to the judges about what they were doing and how. Some of those judges are pretty pisses off now that they know how the subpoenas were abused, so I wouldn't think think those rulings definitively say what NSA is doing is in fact legal. The judges who made the rulings don't think they approved what was actually going on.
This happened because to become a judge, one must generally be a "believe in the system" type. This is why judges will automatically take the word of a police officer over yours, being impressed by the fact he/she is a "sworn officer", because this type of mentality doesn't consider that cops and other members of government could lie to get what they want. So now it finally bit the judge(s) and made them look bad, feel a little angry? It's been doing that to regular citizens for a long time now.
Re:judges are pissed NSA lied to get their okay (Score:5, Insightful)
Secret rulings by secret courts never were never legitimate in the first place.
What, no bench warrants? (Score:4, Insightful)
If a judge feels he was deliberately misled, then he could issue a bench warrant for the arrest of the person who misled him. He could put the man on the stand and compel his testimony.
Apparently, the judges are only pissed enough to say they are pissed.
Re:Would probably be found (Score:4, Insightful)
The State is nothing more nor less than a bandit gang writ large
-- Murray Rothbard
Re:Would probably be found (Score:5, Insightful)
The point I was trying to make was that the GP referred to "the government", almost as though it were a monolithic entity.
When civil servants in the DoD break the law, it usually involves stuff like accepting bribes for contract steering, timecard fraud, etc. And most of the civil servants in the DoD didn't do that stuff. It's annoying, and they definitely deserve some jail time, but it's kind of a normal part of life that's to be expected.
When civil servants in the NSA or CIA to bad stuff, it can (and has) involved spying on all Americans, kidnapping, and torture. My point is that I think we should treat NSA/CIA criminals as probably more dangerous to our country than most DoD wrongdoing.
Re:Would probably be found (Score:5, Insightful)
From the latest Linux Foundation report [linuxfoundation.org]: Kernel: 2.6.30 Number od developers: 1,150 Number of known companies: 240
3,300 eyes is a lot of eyes (apologies to any kernel devs who have lost an eye or are blind.) And that is only the count of the actual contributors. There are many more who look at it, and write code for it, that don't submit their code at all, or don't have their code accepted into the kernel proper.
Before you make such a ridiculous statement, please learn about the Linux Kernel development process. Nothing, and I mean nothing gets into the kernel without highly skilled devs reviewing it first. Sure, they could make a mistake, but saying that it might happen because nobody is really looking is ridiculous.
It all depends... (Score:5, Insightful)
From the description of the study, it seems to me that people who have formed an opinion won't change it just because they see a single piece of potentially falsified or misleading evidence. For example (looking at one of the experiments), if someone has an opinion on joblessness in the US - which might bring in factors of job stability, hours worked or attainment of a living wage - seeing a single graph on number of employed people in recent years does not allow us to conclude that joblessness has been reduced under Obama, unless you have a very primitive interpretation of "joblessness".
The only damning conclusion is that some academics are so arrogant that they assume test subjects must be faulty if they don't immediately believe the academic's interpretation of some data presented to them.
Learning math, and being shown that an equation is incorrect, one readily accepts that. Things like unemployment, climate change, etc., aren't about concrete objective things, but instead are really various facets of one's ideology. Ideology, like religion is hard to change and pretty much for the same reason. It is not based on knowledge, but instead on belief.
That can be good or bad, depending on how it is used, but most often, it turns out to be bad. Ideologies often force us to characterize others by stereotypes, not individuals. What is happening in the US Congress and many parts of the world politically, is all based on people holding on to their ideologies and not not listening to the other side. Holding to ideologies instead of the underlying principles leads to the notion of if you aren't with me you are against me and that ultimately leads to disaster for a society by concentrating the power in the hands of a few at the expense of many.
One thing is for certain, you don't change people's ideology with facts. Facts appeal to the rational, logical part of our psyche. Ideology, on the other hand is an emotional response and like love is often anything but logical.
Re:Would probably be found (Score:5, Insightful)
Good people allowing bad things to happen because they believe the lies that the bad things are actually good, allowing their consciences to be eased. If you saw one thing that was evil, and did nothing, you are as complicit as the evil people the rest of us believe are running those organizations.
Liberty takes eternal vigilance. Anything less, walks us slowly down the path of tyranny. We've walked down that path so long that people crying for liberty seem like the loons while those people who are usurping liberty look like our saviors.
And the tyrants always cloak their deeds in legality.
People like you, who did nothing, saw nothing, are the ones I hate the most. You allowed evil in the false premise that it was "good" . But I understand, you were just following orders.
Re:Would probably be found (Score:4, Insightful)
"Criminal" means that what is done does not comply with the law and is not sanctioned by a ruling body.
I agree, but I'd add "legitimate" to the second condition. Congress does not have the authority to authorize generalized surveillance as it is specifically prohibited by the 4th amendment. Since nothing else authorizes the NSA to eavesdrop, they are commiting crimes just as surely as if I were to eavesdrop on your email.
The three branches of government are above the law by definition and necessity.
Absolutely false.
The executive branch is tasked with enforcing the law. It can only do so by means of potentially-lethal force, which is otherwise illegal
That potentially lethal force is legal because it is authorized by the Constitution which has been ratified by the people. Similarly, NSA eavesdropping is not legal because it is specifically prohibited by the very same Constitution.
There will not be any accountability for the NSA's actions
Of course not, because there is no longer any rule of law in the US.
You can joke about serious matters (Score:5, Insightful)
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission.
I agree it is a joke but making a joke does not mean there is nothing serious being communicated. The best jokes are usually about topics that are very serious. Maybe it was a joke and nothing more (I certainly hope so) but without more information you cannot actually be certain either way. If he was asked to put a back door in that would hardly be a surprising revelation.
Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.
You think the idea of a backdoor in linux is not a serious tech topic? Besides it's only paranoia if "they" are not actually after you. Recent revelations about the NSA and other government activities clearly demonstrates that being concerned over government snooping is actually quite reasonable.
Re:Would probably be found (Score:0, Insightful)
It's also why, things like prejudice and bigotry are so hard to eradicate, because they, too are ideological positions.
I would argue the opposite: that "colorblindness" is ideological. There are centuries of observations and nearly a century of standardized testing that indicate differences between races, and yet differences are denied without any supporting evidence and this ideology is maintained by inventing explanations to discount empirical facts that contradict the opinion.
Re:Would probably be found (Score:2, Insightful)
Windows has a good reputation
That is something I never thought I would hear someone say slashdot.