Former NSA (National Security Agency) analyst and representative of Internet rights watchdog EPIC (Electronic Privacy Information Centre) Wayne Madsen warned privacy groups Friday that a growing number of proprietary commercial software applications may have backdoors allowing the security services to carry out surveillance activities.
Speaking to privacy groups as well as cryptography and security experts at the International Forum on Surveillance by Design at the London School of Economics, Madsen warned that this is an area of growing interest for security services such as the NSA. "A lot of manufacturers play ball with the NSA," said Madsen. "This is an area that the NSA is moving into a lot and we have to be really careful about it."
Until recently the US government strictly controlled the strength of cryptography in software exported to different countries, in order to protect the government's ability to access and monitor communications data. The regulations were relaxed after pressure from industry but Madsen believes that this may have driven the NSA to find ways to carry out surveillance. "They're not going to give in over exporting strong cryptography without getting something in return," he says.
The NSA carries out the US government's intelligence gathering operations. It is known to gather information from Internet traffic. It is possible for programmers to put secret capabilities into the code used to build programs that are difficult to detect. Software companies including Microsoft have in the past been accused of colluding with the NSA to provide backdoors into their applications.
Open source software, which publishes the underlying source code with a finished application, is by contrast entirely transparent. This has caused some foreign governments including the French administration to take an interest in open source solutions.
According to Madsen, evidence of the FBI's controversial Carnivore email surveillance tool shows that NSA technology is finding its way into other law enforcement departments. He predicts that similar surveillance tools may be applied to other technologies including biometrics and smart cards and used track the movements of individuals. "These are new intelligence targets," he says. Madsen warns that government agencies often have a significant role in the development of standards for new technologies.
The London forum saw presentations from a host of experts on government surveillance technology including Duncan Campbell, famous for his work on Echelon, and Tony Bunyan of Statewatch.
Take me to Surveillance.
Is commercial software at risk? To have your say online click on the TalkBack button and go to the ZDNet News forum.