Forgot your password?
typodupeerror
Encryption Security Microsoft Open Source

FSF Responds To Microsoft's Privacy and Encryption Announcement 174

Posted by Soulskill
from the no-trust-without-verification dept.
An anonymous reader writes "Microsoft announced yesterday their plans to encrypt customer data to prevent government snooping. Free Software Foundation executive director John Sullivan questions the logic of trusting non-free software, regardless of promises or even intent. He says, 'Microsoft has made renewed security promises before. In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure. A lock on your own house to which you do not have the master key is not a security system, it is a jail. ... If the NSA revelations have taught us anything, it is that journalists, governments, schools, advocacy organizations, companies, and individuals, must be using operating systems whose code can be reviewed and modified without Microsoft or any other third party's blessing. When we don't have that, back doors and privacy violations are inevitable.'"
This discussion has been archived. No new comments can be posted.

FSF Responds To Microsoft's Privacy and Encryption Announcement

Comments Filter:
  • Who cares? (Score:2, Insightful)

    by Anonymous Coward on Friday December 06, 2013 @09:58AM (#45618011)

    Who cares if the software is non-free? That's not even the issue.

    "Microsoft announced yesterday their plans to encrypt customer data to prevent government snooping. "

    And I bet Microsoft will just hand over the encryption keys / passwords to the NSA.

  • by Anonymous Coward on Friday December 06, 2013 @10:00AM (#45618017)

    Gutsy, they're basically pissing on the entire box-package software development industry, and no small number of hardware/firmware companies, when they say you can't trust closed-source.
    It's right of course, but if truth and justice mattered enough to the people who make decisions about how large corporations and governments are run we wouldn't be in this mess now would we?

  • Re:Who cares? (Score:5, Insightful)

    by Chrisq (894406) on Friday December 06, 2013 @10:00AM (#45618023)

    Who cares if the software is non-free? That's not even the issue.

    You are correct, the issue is that it must be open source and build-able from source.

  • Predictable (Score:3, Insightful)

    by donscarletti (569232) on Friday December 06, 2013 @10:01AM (#45618031)

    So, Microsoft finally does something no geek could object to and the FSF's response is "even if this looks like a good thing, this can't be a good thing because it's proprietary". It just makes me wonder why they bother making a statement; it's proprietary, it always is and it always has been.

  • Re:Predictable (Score:4, Insightful)

    by Sockatume (732728) on Friday December 06, 2013 @10:09AM (#45618081)

    "Without access, you can only take them on trust" would seem to be the FSF's actual argument. I don't honestly believe that people would actually compile all their tools from source code they've reviewed personally to check for security holes, but at least represent their argument accurately.

  • by MikeBabcock (65886) <mtb-slashdot@mikebabcock.ca> on Friday December 06, 2013 @10:12AM (#45618097) Homepage Journal

    Welcome to the good fight -- the FSF has been at it for a long time, and now the EFF realizes that you can't have freedom without knowledge. That is after all why we believe in a free press in the west, right? Whether the press lives up to its obligations or not, the idea is that without full disclosure, people cannot make good decisions.

  • Re:Predictable (Score:5, Insightful)

    by MikeBabcock (65886) <mtb-slashdot@mikebabcock.ca> on Friday December 06, 2013 @10:15AM (#45618123) Homepage Journal

    No, Microsoft *claims* to do something nobody could object to -- you're missing the whole point of the statement.

    If Microsoft told you they were implementing security and it turned out they were using DES with a key hashed from the word 'Scroogled', would you be pleased? What if they're using good encryption but the keys never rotate? What if the keys rotate but they're on a fixed loop of 16 keys? How would you know?

    As an everyday non-programmer, a casual user wouldn't know the difference either way. If however that user is on a fully open source operating system, they at least know that -some- others using that system have had a peek under the hood and still trusted it.

  • Re:Predictable (Score:3, Insightful)

    by foma84 (2079302) on Friday December 06, 2013 @10:19AM (#45618147)
    Yes, I immagine that from an anti-open perspective it does sound like that.
    Good thing that you don't actually need to be particularly pro-open to see that they have a point. No closed software can be considered secure, ever; no steps to assure more security "regardless of promises or even intent" can change that.
    "Even if this looks like a good thing, this can't be a good thing because it's proprietary". How can you disagree? They bother making the statement, because it's their mission, and to warn off non tech-savvy people who might fall for it.
  • by twocows (1216842) on Friday December 06, 2013 @10:21AM (#45618167)
    Not just that, but what the FSF spokesman is saying here is essentially right (though I think they could do with a bit less imagery, it makes it seem like they're just pushing their agenda, not that I disagree with it). How are we supposed to verify that Microsoft is even keeping its promise if we don't have access to the source? They could just be paying it lip service and not really doing anything about it. Or, they could be incompetent (MS, incompetent? what a novel idea). Or they might just make a token attempt at getting things "kinda sorta" secure (or at least looking secure). Again, how can we trust that they're following through? If it was free software, there's the capacity for anyone to audit it and make sure it's secure (and if it's not, there are more ways to deal with it than "annoy MS until they fix it").
  • Re:Predictable (Score:4, Insightful)

    by marcello_dl (667940) on Friday December 06, 2013 @10:21AM (#45618169) Homepage Journal

    > So, Microsoft finally does something no geek could object to...

    A PR exercise, you mean?

    Did I get it wrong or the NSA or some other agency can force a business to reveal its costumers' data AND keep silent about it?
    If so, every privacy and encryption statement should include this fact. It doesn't? Then it's a PR exercise.

    Do you NOT object to PR exercise about something as delicate as online security? I do.

  • Re:Predictable (Score:5, Insightful)

    by Jawnn (445279) on Friday December 06, 2013 @10:25AM (#45618211)

    So, Microsoft finally does something no geek could object to...

    I see what you did there. You tried to insert a faulty premise to support your argument. Any geek worth the title understands that any encryption technology that can not be vetted is, by definition, not trustworthy. So this latest PR stunt by Microsoft is just that, a PR stunt.

  • Re:Who cares? (Score:2, Insightful)

    by Anonymous Coward on Friday December 06, 2013 @10:28AM (#45618243)

    Who cares if the software is non-free? That's not even the issue.

    You are correct, the issue is that it must be free software and build-able from source.

    FTFY.

  • Re:Who cares? (Score:5, Insightful)

    by jones_supa (887896) on Friday December 06, 2013 @10:30AM (#45618265)

    And I bet Microsoft will just hand over the encryption keys / passwords to the NSA.

    Things like these are still a step forward, as NSA has to actually ask for the keys from companies, instead of just passively snooping everywhere it wants to.

  • by jbmartin6 (1232050) on Friday December 06, 2013 @10:43AM (#45618397)

    we are going to do everything we can within current technical and legal bounds to address this for them

    My point is that they are not doing everything they can, they are instead they are pursuing a cosmetic measure that will make no real difference to what customers are concerned about. How about, for example, providing me with the ability to use my own keys that are never stored on a MS system?

  • by mi (197448) on Friday December 06, 2013 @10:45AM (#45618421) Homepage

    must be using operating systems whose code can be reviewed and modified without Microsoft or any other third party's blessing

    Though I agree, that a corporation can be forced by an authoritarian government to put a backdoor into their product, I don't believe, open-source software is immune against backdoors either.

    There are scores [stackexchange.com] of people with commit-access to Linux kernel, for example. If the NSA — or its counterpart from any other rich country in the world — put their mind to it, they could use any one (or more) of them to weaken the security functionality in there.

    It does not need to be obvious — making the /dev/random's output slightly less random, for example, may reduce the time it takes to tap an ssh or ssl connection with this host from many years down to days. Same goes for PGP-keys generated on the affected host... Nor does it need to involve blatant coercion — the committer may simply receive a patch by e-mail with a fix to some other bug or an improvement, and fail to spot the weakening.

    It could, in fact, have already been done years ago for all we know. Who knows, if this little problem [slashdot.org] was not deliberately introduced? And even if it was not — who knows, whether various security agencies exploited it from 2006 to 2013 the way Alan Turing et al exploited mistakes of the German radio-operators during WW2 [wikipedia.org]?

    Is it easier to plant a backdoor into an open-source project than a closed-source one — and keep it there for a useful period of time? I'm not at all sure, what I'd bet on, to be perfectly honest. Both can done and, by all appearances, both have been done...

  • by t'mbert (301531) on Friday December 06, 2013 @10:51AM (#45618463)

    Let's face it: as far as we know, the door lock manufacturers also have a master key to all our houses. The schematics and design of the lock are not publicly available, and most people lack the skills to know if the schematics they are looking at are secure or not. It's the same with an OS. And while I *could* take the lock apart and figure out how it works, I still wouldn't know if my particular lock were secure or not, because I have not seen enough locks to know if this particular one is good or not.

    Anytime this condition arises, we replace our own lack of knowledge with a trust in experts. We have to defer the judgement of security worthiness to an expert we trust, in which case we are again disinter-mediated from knowing if the lock is actually secure or not. We all trust *someone* with very specific knowledge to help us make decisions, whether that be medical, scientific, security or otherwise, and in each of those cases, we can find examples of where the expert has let us down.

  • Re:Who cares? (Score:5, Insightful)

    by Chrisq (894406) on Friday December 06, 2013 @11:01AM (#45618547)

    Right. Because No Such Agency would never be able to find a way to read data encrypted by an open source program. Why, that's a magical band-aid for everything!

    It makes things more difficult for them. Instead of having a neat backdoor they either have to insert obfuscated code, which could be detected or replaced at any time or convince people to use weak algorithms. Being open source people can select any algorithm they want - AES, Twofish, Serpent, Elyptic Curve, or rot13. The chances are that not all of them will be compromised. (if they all are then open or closed source doesn't matter - you're screwed either way)

  • by Lawrence_Bird (67278) on Friday December 06, 2013 @11:14AM (#45618643) Homepage

    It really is arrogant of FSF to imply that a user trusting one or a small group of individuals running an opensource project is somehow better off and more secure than microsoft.

    Unless a user audits the code, compiles the code (with a known to be good compiler) and manages all elements of the server and routing, there is NO assurance of security or privacy. And never mind the fact that few users even compile from source anymore.

    Offtopic: why am I being sent to the beta site to post comments? Very annoying as it does not remember my login credentials and noscript is reporting XSS issues.

  • Re:Trust (Score:4, Insightful)

    by mjtaylor24601 (820998) on Friday December 06, 2013 @11:32AM (#45618823)

    As far as I can tell, the counter-arguments against FSF's position boil down to "well I trust {Microsoft, Google, Apple, Oracle} anyway, so there!" and "who cares if you can trust your computing infrastructure anyway, get over it!" If you have something more to add to those illuminating arguments, please do so.

    In fairness I think the counter argument is a little more nuanced than you're representing it. It's more along the lines of: non-programmers are in no position to verify that things have been done correctly even if the program is open source. And even experienced programmers can't, as a practical matter, be expected to meticulously review the millions of lines of code that goes into the various programs they use, nor are they likely to build all of their own software from source all the time. So realistically, even if the software is open source you still have to trust some else to verify it. All open source does is change who the person is that your'e trusting from Microsoft to $YOUR_FAVOURITE_FREE_SOFTWARE_GROUP.

    Now perhaps you trust the general open source community more than you trust Microsoft (or Google or Apple or whoever). That's perfectly fine. But I can certainly see how a reasonable person could look at that position and go "why should I trust random strangers on the internet if I'm not willing to trust Microsoft?". Now perhaps that's not good argument. But I think it's at least a little bit more substantive than the strawman you've presented.

  • Silly question (Score:5, Insightful)

    by Runaway1956 (1322357) on Friday December 06, 2013 @11:48AM (#45618975) Homepage Journal

    How would I find out, personally, that Linux Mint is sharing keys with the NSA? The likelihood that I would personally discover that secret is somewhere between slim to none. I can't read code well enough, nor am I likely to spend the time necessary to read every line of code in the programs.

    My assurance stems from,

    1. Thousands (at least) of other end users actually do peruse the code, looking for errors, back doors, exploits, etc.

    2. My OS comes from a "trusted source" - one which I personally trust.

    Yes, there is a weakness in there. That weakness is, I have to trust someone. At the same time, there is a strength hidden right beside the weakness. I get to CHOOSE who I trust.

    What, exactly, has convinced you that you can actually trust Microsoft? Has MS invited you to personally examine their code, to satisfy yourself that there are no exploits in their system? No? I didn't think so.

    Linux, on the other hand, invites me to read any or all of their source.

    You choose what you want, I'll choose what I want, thank you very much.

  • by whoever57 (658626) on Friday December 06, 2013 @12:53PM (#45619625) Journal

    Let's face it: as far as we know, the door lock manufacturers also have a master key to all our houses. The schematics and design of the lock are not publicly available, and most people lack the skills to know if the schematics they are looking at are secure or not.

    Flawed comparison. In fact, locks are much more like open-source software.

    Locks can be disassembled and people can review the design. Much like open source software, most people would not be able to tell if a lock design was secure, but enough independent experts can disassemble a lock and review its security.

    Yes, you are reliant on experts for the truth about lock security, but you are not reliant solely on the manufacturer's assertions, which is the case with clsoed-source software.

  • by whoever57 (658626) on Friday December 06, 2013 @12:59PM (#45619685) Journal

    Unless a user audits the code, compiles the code (with a known to be good compiler) and manages all elements of the server and routing, there is NO assurance of security or privacy. And never mind the fact that few users even compile from source anymore.

    Security isn't a binary function. Open source is more secure than closed source because many independent people can download the source and review it, many people can build binaries, etc..

  • by jafac (1449) on Friday December 06, 2013 @01:41PM (#45620087) Homepage

    If this NSA kerfluffle has amounted to anything, it is a validation of the idea that "Security through obscurity" is as invalid as we've all been told - since the 1980's.

The only thing cheaper than hardware is talk.

Working...