@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Date: Mon, 18 Dec 1995 11:08:46 -0800 Sender: Ernest Hua <•••@••.•••> Subject: Re: (resend) cj#341> CIA, drugs and spying trapdoors > It reminds me of a story I read in the SF press a few months prior to the > Nicaragua elections in which the Sandinista's supposedly lost. It seems an > NSA team raided an East Bay company that writes the vote-counting software > used almost everywhere. The NSA was purportedly checking for trapdoors -- > to keep us all safe. What more perfect opportunity to _emplant_ a > trapdoor, when you've got the software all taken apart on the auditor's > table? Needless to say, no one audited the Nicaragua voting equipment for > trapdoors. Word on the street is they're damn difficult to detect anyway, > if properly installed. Let's not get way too ahead of ourselves, shall we? While I would not trust the NSA (or CIA or FBI) with a 10-foot pole on the issue of trapdoors, it would be a serious mistake to insist that a detailed audit is a good time to quickly insert some snippet of code to enable some trapdoor. Inserting new, unintended code into a program you are not necessarily familiar with is very difficult to do right. Even the NSA does not have super-brilliant and absolutely infallible software engineers. Then there is the question of source code controls which just about every serious software developer has in some form or another these days. It's kind of hard to sneak something in if you know what it looked like in the previous release, and you did not authorize that change. There are lots of other reasons and I could go on forever. Not that I am advocating that the NSA would NOT try to insert a trapdoor, but you've got to be more careful about arbitrarily raising suspicions where it's not that technically plausible. It is much easier to insert trapdoors with the help of someone on the inside. An audit session is just not all that good of an opportunity. Ern @@@@@@@@@@@@@@@@@@@@@@ Dear Ern, The main point really, for me, was simply the realization that systematic vote-manipulation (with computerized counting) is just a matter of installing intruder software. The NSA/CIA or whichever obviously has the access, resources, and capability to accomplish such an intrusion, by one means or another. Yes they would undoubtedly use an inside agent, and the "audit" may have been incidental -- but it illustrated how wholesale access to a premises (with the employees locked out?) could be arranged when necessary. Conceivably, the "audit" might have provided the opportunity to retro-infect all backup copies, to be in synch with code developed earlier by the inside agent, plus the opportunity to clean up any tracks that may have been left lying around. I'm not putting this forth as an allegation or even a theory, it's just a speculative possibility. But it does give one pause, when you think back to all the media hype the U.S. created around those elections, the embarrasment they would have suffered if the Sandinista's had won, and the unliklihood that a majority of Nicaraguans would really have voted for CIA-backed candidates. Yours, Richard @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by Richard K. Moore (•••@••.•••) Wexford, Ireland •••@••.••• | Cyberlib=http://www.internet-eireann.ie/cyberlib ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
Share: