Does Windows still have NSA backdoor?

Hi,

Someone just re-posted to a link-sharing site the old
Duncan Campbell article from 1999 about the NSA backdoor or
trapdoor into Windows. It's now almost 8 years later, but
the question is, does such a backdoor still exist?

Thanks.

Here's the article...

How NSA access was built into Windows

Duncan Campbell 04.09.1999
Careless mistake reveals subversion of Windows by NSA.

A CARELESS mistake by Microsoft programmers has revealed that special
access codes prepared by the US National Security Agency have been
secretly built into Windows. The NSA access system is built into every
version of the Windows operating system now in use, except early
releases of Windows 95 (and its predecessors). The discovery comes
close on the heels of the revelations earlier this year that another US
software giant, Lotus, had built an NSA "help information" trapdoor (1)
into its Notes system, and that security functions on other software
systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago
by British researcher Dr Nicko van Someren. But it was only a few weeks
ago when a second researcher rediscovered the access system. With it,
he found the evidence linking it to NSA.
....

Re: Does Windows still have NSA backdoor?

"Flarky" writes:

>Hi,

>Someone just re-posted to a link-sharing site the old
>Duncan Campbell article from 1999 about the NSA backdoor or
>trapdoor into Windows. It's now almost 8 years later, but
>the question is, does such a backdoor still exist?

And if you followed the thread of that article...
Windows has two keys. Only senior management knows if one or both are
shared with NSA. There was never any evidence that a backdoor existed, so
your question is like asking "does bill gates still beat his wife".

Re: Does Windows still have NSA backdoor?

On 14 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
<1168782618.265470.44240@v45g2000cwv.googlegroups.com>, Flarky wrote:

>Someone just re-posted to a link-sharing site the old
>Duncan Campbell article from 1999 about the NSA backdoor or
>trapdoor into Windows.

Yeah, old legends never die. Did you try a search at groups.google.com
looking in the "alt.folklore.urban" newsgroup?

>It's now almost 8 years later, but the question is, does such a
>backdoor still exist?

You want to think about that. Those who _know_ aren't going to tell
you - because it would be highly classified information. Not only would
they not tell you, they wouldn't even hint one way or the other. It's
supposed to be a secret, and it wouldn't be a secret if every klown in
the world had a friend who heard from a secret source that it's actually
there. Further, since revealing secret information is a federal felony,
do you really think anyone who knows would risk jail time to tell you?

You _could_ ask at a university or company that has the windoze source
code, but there are two problems - first, anyone who can actually view
the source code has signed a Non-Disclosure-Agreement, and would violate
that to tell you. Second, do you really think anyone - even the typical
idiot programmer hired by microsoft - would be st00pid enough to hang a
sign on the source code saying "NSA Back Door". They can't program worth
a damn, but even the lamest mystery writer knows that you use code words
that have nothing to do with the actual secret - that's been a common
trick since the Old Testament.

While it is illegal to "reverse engineer" (the actual term would be to
"disassemble") software in the United States (and microsoft would bring
legal action if you did), it's not illegal elsewhere, and foreign
government agencies don't care about laws anyway. Have you heard of
that many foreign governments refusing to use windoze? Outside of China,
France, Germany, and several smaller nations like Peru who may or may not
have other reasons for rejecting the crap that comes out of Redmond, can
you think of any? Don't you think they'd LOOK?

By the way, you may also want to look at your browser, and determine
whose algorithms it is using when you go to a secure website - one that
causes that cute little padlock icon, that begin with "https:" rather
than just "http:". (Oh, crap - they've got your credit card number too!)
Maybe you want to look at RFC4772 - any search engine will find it:

4772 Security Implications of Using the Data Encryption Standard
(DES). S. Kelly. December 2006. (Format: TXT=68524 bytes) (Status:
INFORMATIONAL)

And in case you are wondering, no - the world is not restricted to only
use windoze on their computers. You may have heard that there is an
alternative - maybe you've even seen a Macintosh (which doesn't run
windoze). Maybe you've even heard that there are other alternatives.
There is one called Linux - see http://www.distrowatch.com - but you
probably won't want to use that either, because it has hooks in the
code for something called SELinux - maybe if you used a search engine,
you might even find out what that is - or I could save you a few seconds
at google by giving you a URL to look at: http://www.nsa.gov/selinux/

Old guy

Re: Does Windows still have NSA backdoor?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On 14 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
><1168782618.265470.44240@v45g2000cwv.googlegroups.com>, Flarky wrote:

>>Someone just re-posted to a link-sharing site the old
>>Duncan Campbell article from 1999 about the NSA backdoor or
>>trapdoor into Windows.

>Yeah, old legends never die. Did you try a search at groups.google.com
>looking in the "alt.folklore.urban" newsgroup?

>>It's now almost 8 years later, but the question is, does such a
>>backdoor still exist?

>You want to think about that. Those who _know_ aren't going to tell
>you - because it would be highly classified information. Not only would
>they not tell you, they wouldn't even hint one way or the other. It's
>supposed to be a secret, and it wouldn't be a secret if every klown in
>the world had a friend who heard from a secret source that it's actually
>there. Further, since revealing secret information is a federal felony,
>do you really think anyone who knows would risk jail time to tell you?

>You _could_ ask at a university or company that has the windoze source
>code, but there are two problems - first, anyone who can actually view
>the source code has signed a Non-Disclosure-Agreement, and would violate
>that to tell you. Second, do you really think anyone - even the typical
>idiot programmer hired by microsoft - would be st00pid enough to hang a
>sign on the source code saying "NSA Back Door". They can't program worth
>a damn, but even the lamest mystery writer knows that you use code words
>that have nothing to do with the actual secret - that's been a common
>trick since the Old Testament.

>While it is illegal to "reverse engineer" (the actual term would be to

The courts have ruled that it is perfectly legal to reverse engineer,
unless you have signed a specific contract ( not license, contract) not to
do so, and then it is a violation of the contract, not violation of the
law.


>"disassemble") software in the United States (and microsoft would bring
>legal action if you did), it's not illegal elsewhere, and foreign
>government agencies don't care about laws anyway. Have you heard of
>that many foreign governments refusing to use windoze? Outside of China,
>France, Germany, and several smaller nations like Peru who may or may not
>have other reasons for rejecting the crap that comes out of Redmond, can
>you think of any? Don't you think they'd LOOK?

>By the way, you may also want to look at your browser, and determine
>whose algorithms it is using when you go to a secure website - one that
>causes that cute little padlock icon, that begin with "https:" rather
>than just "http:". (Oh, crap - they've got your credit card number too!)
>Maybe you want to look at RFC4772 - any search engine will find it:

>4772 Security Implications of Using the Data Encryption Standard
> (DES). S. Kelly. December 2006. (Format: TXT=68524 bytes) (Status:
> INFORMATIONAL)

>And in case you are wondering, no - the world is not restricted to only
>use windoze on their computers. You may have heard that there is an
>alternative - maybe you've even seen a Macintosh (which doesn't run
>windoze). Maybe you've even heard that there are other alternatives.
>There is one called Linux - see http://www.distrowatch.com - but you
>probably won't want to use that either, because it has hooks in the
>code for something called SELinux - maybe if you used a search engine,
>you might even find out what that is - or I could save you a few seconds
>at google by giving you a URL to look at: http://www.nsa.gov/selinux/

> Old guy

Re: Does Windows still have NSA backdoor?

Moe Trin wrote:
> Yeah, old legends never die. Did you try a search at groups.google.com
> looking in the "alt.folklore.urban" newsgroup?

There are strange things with this "legend". A short time after it
occured, that this "NSA-key" was found (I think it's not an NSA key BTW),
I had a lecture for the IHK Ulm, Germany. The person who had the lecture
before was from Cisco.

I confronted him in public with the claim, that U.S. government is
enforcing the big US companies for inserting back doors in their
equipment. I recommended Free Software for implementing security systems
because of this. A provocation, of course.

And then the strange thing happend: he approved in this public speech,
that they're enforced to do so, and he excused Cisco by not being the
only company who is enforced to do this, but all big companies in the US
are enforced to insert back doors for the government, he said to the
audience.

I don't know if he is right or he himself just was trapped into an UL.
But I'm not very sure since then, that this is an UL only ;-)

Appendix: The Federal Republic of Germany is preparing a law just now,
which makes it possible to insert a backdoor / trojan horse
into each citizen's PC.
The Federal Bureau of Investigation already uses such a back
door software, http://www.newscientist.com/article.ns?id=dn1589

Maybe using Free Software will be the only way to be secure from such
"legal investigations".

Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz

Re: Does Windows still have NSA backdoor?

Volker Birk writes:

>Moe Trin wrote:
>> Yeah, old legends never die. Did you try a search at groups.google.com
>> looking in the "alt.folklore.urban" newsgroup?

>There are strange things with this "legend". A short time after it
>occured, that this "NSA-key" was found (I think it's not an NSA key BTW),
>I had a lecture for the IHK Ulm, Germany. The person who had the lecture
>before was from Cisco.

>I confronted him in public with the claim, that U.S. government is
>enforcing the big US companies for inserting back doors in their
>equipment. I recommended Free Software for implementing security systems
>because of this. A provocation, of course.

>And then the strange thing happend: he approved in this public speech,
>that they're enforced to do so, and he excused Cisco by not being the
>only company who is enforced to do this, but all big companies in the US
>are enforced to insert back doors for the government, he said to the
>audience.

>I don't know if he is right or he himself just was trapped into an UL.
>But I'm not very sure since then, that this is an UL only ;-)

>Appendix: The Federal Republic of Germany is preparing a law just now,
> which makes it possible to insert a backdoor / trojan horse
> into each citizen's PC.
> The Federal Bureau of Investigation already uses such a back
> door software, http://www.newscientist.com/article.ns?id=dn1589

Did you actually read that report before posting it? It is a trojan, a
piece of malware that they are potentially using. It is not part of the
operating system, and is thus not a backdoor.

>Maybe using Free Software will be the only way to be secure from such
>"legal investigations".

Not Free, OpenSource.


>Yours,
>VB.
>--
>"Pornography is an abstract phenomenon. It cannot exist without a medium
>to propagate it, and it has very little (if anything at all) to do with sex."
> Tina Lorenz
>

Re: Does Windows still have NSA backdoor?

Post removed (X-No-Archive: yes)

Re: Does Windows still have NSA backdoor?

Sebastian Gottschalk writes:

>Unruh wrote:

>> Did you actually read that report before posting it? It is a trojan, a
>> piece of malware that they are potentially using. It is not part of the
>> operating system, and is thus not a backdoor.

>Once you're allowed to legitimately insert it into every of your downloads
>and then install it on your computer, they have added their own backdoor.

Which is NOT what the article was talking about. They were talking about a
standard trojan, delivered in email or web download.
The legal standing of inserting such a trojan into every machine is highly
dubious.


>Beside that, they could also force Microsoft to deliver it as an important
>update via Windows Update. Due to Automatic Update running by default, this
>actually concludes as a backdoor in the OS (which, from my perspective, has
>already been abused multiple times with DRM updates, WGA and MSRT).

They could take every 10th citizen out and shoot them as well. They will
not, not least because of the legal situation.


>>>Maybe using Free Software will be the only way to be secure from such
>>>"legal investigations".
>>
>> Not Free, OpenSource.

>Both free and open source. What's the point of having open source if you
>don't have the freedom to use it in an appropriate way? Just take a look at

We are talking about security here. NOt a philosophy of computer product
distribution.

>the license of the current PGP software products (you may read the source,
>you may compile it, but you may not run those binaries).

Highly dubious legally unless they have you sign an explict contract saying
so. It goes beyond the powers of copyright licensing.

So you have the part of the "license" which makes such a claim?

Re: Does Windows still have NSA backdoor?

On 14 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
, Unruh wrote:

>(Moe Trin) writes:

>> While it is illegal to "reverse engineer" (the actual term would be to
>
>The courts have ruled that it is perfectly legal to reverse engineer,
>unless you have signed a specific contract ( not license, contract) not to
>do so, and then it is a violation of the contract, not violation of the
>law.
>
>>"disassemble") software in the United States (and microsoft would bring
^^^^^^^^^^^^^^^^^^^^

I realize you are not a lawyer permitted to practice in the United States,
but please provide a cite to back up your claim that is is perfectly legal
IN THE UNITED STATES

>legal action if you did), it's not illegal elsewhere

perhaps in Canada - certainly in several countries in the EU. But please
read the entire paragraph before making blanket statements.

Old guy

Re: Does Windows still have NSA backdoor?

Post removed (X-No-Archive: yes)

Re: Does Windows still have NSA backdoor?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On 14 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
>, Unruh wrote:

>>(Moe Trin) writes:

>>> While it is illegal to "reverse engineer" (the actual term would be to
>>
>>The courts have ruled that it is perfectly legal to reverse engineer,
>>unless you have signed a specific contract ( not license, contract) not to
>>do so, and then it is a violation of the contract, not violation of the
>>law.
>>
>>>"disassemble") software in the United States (and microsoft would bring
> ^^^^^^^^^^^^^^^^^^^^

>I realize you are not a lawyer permitted to practice in the United States,
>but please provide a cite to back up your claim that is is perfectly legal
>IN THE UNITED STATES

>>legal action if you did), it's not illegal elsewhere

>perhaps in Canada - certainly in several countries in the EU. But please
>read the entire paragraph before making blanket statements.

Try
http://www.chillingeffects.org/reverse/faq.cgi

Question: Is reverse engineering legal?

Answer: Reverse engineering has long been held a legitimate form of
discovery in both legislation and court opinions. The Supreme Court has
confronted the issue of reverse engineering in mechanical technologies
several times, upholding it under the principles that it is an important
method of the dissemination of ideas and that it encourages innovation in
the marketplace. The Supreme Court addressed the first principle in Kewanee
Oil v. Bicron, a case involving trade secret protection over synthetic
crystals manufacturing by defining reverse engineering as "a fair and
honest means of starting with the known product and working backwards to
divine the process which aided in its development or manufacture." [416
U.S. 470, 476 (1974)] The principle that reverse engineering encourages
innovation was articulated in Bonito Boats. v. Thunder Craft, a case
involving laws forbidding the reverse engineering of the molding process of
boat hulls, when the Supreme Court said that "the competitive reality of
reverse engineering may act as a spur to the inventor, creating an
incentive to develop inventions that meet the rigorous requirements of
patentability." [489 U.S. 141 160 (1989)]

Congress has also passed legislation in a number of different technological
areas specifically permitting reverse engineering. The Semiconductor Chip
Protection Act (SCPA) explicitly includes a reverse engineering privilege
allowing semiconductor chip designers to study the layout of circuits and
incorporate that knowledge into the design of new chips. The Competition of
Contracting Act of 1984 allows the defense industry to inspect and analyze
the spare parts it purchases in order to facilitate competition in
government contracts.

****************************8

The article also discusses reverse engineering in software cases, and the
effects of various laws (DMCA for example) in operating against these
precedents and laws, but the principles remain.


> Old guy

Re: Does Windows still have NSA backdoor?

Unruh wrote:
> Did you actually read that report before posting it?

Yes.

> It is a trojan, a
> piece of malware that they are potentially using. It is not part of the
> operating system

Yes, I know.

> and is thus not a backdoor.

Of course it implements a back door. It is not shipped with the
operating system, though. I just mentioned this trojan horses, because
they show, that the state indeed wants to know, what's on different
persons' PCs, and don't stop at nothing.

> >Maybe using Free Software will be the only way to be secure from such
> >"legal investigations".
> Not Free, OpenSource.

I really don't care, if you're a fan of RMS or of ESR.

Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz

Re: Does Windows still have NSA backdoor?

On 16 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
, Unruh wrote:

>Try
>http://www.chillingeffects.org/reverse/faq.cgi
>
>Question: Is reverse engineering legal?

Ran it past one of the company lawyers - he just laughed and said he
wouldn't be on the defence team. He also remind me of the hoops that
Compaq had to jump through when they were attempting to clone the IBM
PC - you may or may not know that the IBM technical reference books
(purple binder) came with schematics and the source code listings of
the BIOS. Microsoft did not do the same, and Compaq had to hire them
to create a Compaq-DOS even though the entire executables (IBMBIO.COM,
IBMDOS.COM and COMMAND.COM) were less than 78k of 8086 code total.

Old guy

Re: Does Windows still have NSA backdoor?

"Moe Trin" wrote in message
news:slrneqr16k.i9t.ibuprofin@compton.phx.az.us...
> On 16 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
> , Unruh wrote:
>
> >Try
> >http://www.chillingeffects.org/reverse/faq.cgi
> >
> >Question: Is reverse engineering legal?
>
> Ran it past one of the company lawyers - he just laughed and said he
> wouldn't be on the defence team. He also remind me of the hoops that
> Compaq had to jump through when they were attempting to clone the IBM
> PC - you may or may not know that the IBM technical reference books
> (purple binder) came with schematics and the source code listings of
> the BIOS. Microsoft did not do the same, and Compaq had to hire them
> to create a Compaq-DOS even though the entire executables (IBMBIO.COM,
> IBMDOS.COM and COMMAND.COM) were less than 78k of 8086 code total.

Your company needs a better lawyer: Primary cases in the matter are Atari
Games v. Nintendo (975 F.2d 832) and Sega v. Accolade (977 F.2d 1510). Both
hold that reverse engineering is legal. Further the issue was revisited
subseqent to the passage of the DMCA, with the same result, see Sony v.
Connectix (203 F.3d 596). This isnt to say that you cannot contract not to
reverse engineer, you can give away by contract just about any right (save a
few such as life and liberty), but that is an issue of the specific
contract.

Re: Does Windows still have NSA backdoor?

"Dave" writes:


>"Moe Trin" wrote in message
>news:slrneqr16k.i9t.ibuprofin@compton.phx.az.us...
>> On 16 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
>> , Unruh wrote:
>>
>> >Try
>> >http://www.chillingeffects.org/reverse/faq.cgi
>> >
>> >Question: Is reverse engineering legal?
>>
>> Ran it past one of the company lawyers - he just laughed and said he
>> wouldn't be on the defence team. He also remind me of the hoops that
>> Compaq had to jump through when they were attempting to clone the IBM
>> PC - you may or may not know that the IBM technical reference books
>> (purple binder) came with schematics and the source code listings of
>> the BIOS. Microsoft did not do the same, and Compaq had to hire them
>> to create a Compaq-DOS even though the entire executables (IBMBIO.COM,
>> IBMDOS.COM and COMMAND.COM) were less than 78k of 8086 code total.

??? Complete garbling of history. The bios was listed in the books. Phoenix
recreated the bios, not by copying it-- that would violate copyright law--
but by having one team carefully go through the bios and write a set of
specifications as to what each function in the bios did. They then had
another team write a bios to those specifications, being very careful to
ensure that that second team was kept ignorant of what was actually in the
IBM version. The ideas (specifications) are not protected by copyright law.
The actual expression of those ideas is.

But of course none of this has anything whatsoever to do with reverse
engineering, which is legal as well. Reverse engineering is taking an
object, or code or whatever and by examining it, determining what the
specifications are that make it work as it does. In the IBM case, it was
written in a book for all to see. No reverse engineering necessary.



>Your company needs a better lawyer: Primary cases in the matter are Atari
>Games v. Nintendo (975 F.2d 832) and Sega v. Accolade (977 F.2d 1510). Both
>hold that reverse engineering is legal. Further the issue was revisited
>subseqent to the passage of the DMCA, with the same result, see Sony v.
>Connectix (203 F.3d 596). This isnt to say that you cannot contract not to
>reverse engineer, you can give away by contract just about any right (save a
>few such as life and liberty), but that is an issue of the specific
>contract.

Agreed. He is thoroughly confusing copyright law and reverse engineering,
which has more to do with trade secrecy law, since under both copyright and
patent law, the way the thing accomplishes its task is supposed to be
public knowledge.

Now, some companies try to get the best of both trade secret law and
copyright law, but sticking "no reverse engineering clauses" into their
copyright licenses. But they are irrelevant there, since reading never
violates copyright, and all you need to do to reverse engineer software is
read it and understand it. It is like trying to sell a book and saying that
any attempt to understand the contents of the book violates the copyright
license under which you are given the book.

Re: Does Windows still have NSA backdoor?

On 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
, Unruh wrote:

>"Dave" writes:

>>"Moe Trin" wrote in message

>>> Ran it past one of the company lawyers - he just laughed and said he
>>> wouldn't be on the defence team. He also remind me of the hoops that
>>> Compaq had to jump through when they were attempting to clone the IBM
>>> PC

That came from the company lawyer - I have no qualms with his statement.

>>> you may or may not know that the IBM technical reference books
>>> (purple binder) came with schematics and the source code listings of
>>> the BIOS. Microsoft did not do the same, and Compaq had to hire them
>>> to create a Compaq-DOS even though the entire executables (IBMBIO.COM,
>>> IBMDOS.COM and COMMAND.COM) were less than 78k of 8086 code total.

That was my own memory

>??? Complete garbling of history.

So I mis-attributed - Compaq did run into problems as well.

>>Your company needs a better lawyer:

The company appears to think otherwise. I have no idea one way or the
other - he has the papers, I don't. As an employee, I think I'll follow
his advice - don't you agree?

Old guy

Re: Does Windows still have NSA backdoor?

"Moe Trin" wrote in message
news:slrneqvk6i.dgq.ibuprofin@compton.phx.az.us...
> On 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
> , Unruh wrote:
>
> >"Dave" writes:
>
> >>"Moe Trin" wrote in message
>
> >>> Ran it past one of the company lawyers - he just laughed and said he
> >>> wouldn't be on the defence team. He also remind me of the hoops that
> >>> Compaq had to jump through when they were attempting to clone the IBM
> >>> PC
>
> That came from the company lawyer - I have no qualms with his statement.



> >>Your company needs a better lawyer:
>
> The company appears to think otherwise. I have no idea one way or the
> other - he has the papers, I don't. As an employee, I think I'll follow
> his advice - don't you agree?

I seem to recall that you are across the pond. As such, I would not expect
your company's lawyer to be admitted to a US jurisdiction (although he
might, one never knows.) So Im not so sure that "he has the papers."

In anycase, you can follow whosever advice you choose. However, as a
lawyer, I thought I should point out a clear mis-statement of the law,
particularly when it was stated with color of authority. As shown in the
cases I cited and you snipped, the courts in the US have consistently held
reverse engineering to be legal, contrary to what your company's lawyer
appears to believe.

Re: Does Windows still have NSA backdoor?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
>, Unruh wrote:

>>"Dave" writes:

>>>"Moe Trin" wrote in message

>>>> Ran it past one of the company lawyers - he just laughed and said he
>>>> wouldn't be on the defence team. He also remind me of the hoops that
>>>> Compaq had to jump through when they were attempting to clone the IBM
>>>> PC

>That came from the company lawyer - I have no qualms with his statement.

>>>> you may or may not know that the IBM technical reference books
>>>> (purple binder) came with schematics and the source code listings of
>>>> the BIOS. Microsoft did not do the same, and Compaq had to hire them
>>>> to create a Compaq-DOS even though the entire executables (IBMBIO.COM,
>>>> IBMDOS.COM and COMMAND.COM) were less than 78k of 8086 code total.

>That was my own memory

>>??? Complete garbling of history.

>So I mis-attributed - Compaq did run into problems as well.

>>>Your company needs a better lawyer:

>The company appears to think otherwise. I have no idea one way or the
>other - he has the papers, I don't. As an employee, I think I'll follow
>his advice - don't you agree?

Nope. If you suspect an employee is incompetent as his job, following him
is a bad idea. The external world does not care why you screwed up (eg
just following orders), just that you did.


> Old guy

Re: Does Windows still have NSA backdoor?

On Thu, 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
, Dave wrote:

>I seem to recall that you are across the pond.

I have NO idea how you came to that conclusion - certainly not by reading
what I've posted here.

>As such, I would not expect your company's lawyer to be admitted to a US
>jurisdiction (although he might, one never knows.) So Im not so sure that
>"he has the papers."

I'm under NDA, which is why I don't post from the company address space,
or use a company username, but the individual is plying his trade from a
company facility here in Arizona, although corporate is in New York.

>However, as a lawyer, I thought I should point out a clear mis-statement
>of the law, particularly when it was stated with color of authority. As
>shown in the cases I cited and you snipped, the courts in the US have
>consistently held reverse engineering to be legal, contrary to what your
>company's lawyer appears to believe.

I'd rather doubt that I'd get into this area, as I'm a network admin, not
one who would ordinarily be doing such any more. In the early 1990s, I was
cautioned very explicitly about some design work I was doing, and was
taken off a project in California because of certain knowledge I had of
"the way to do things" relating to that design.

Old guy

Re: Does Windows still have NSA backdoor?

ibuprofin@painkiller.example.tld (Moe Trin) writes:

>On Thu, 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in article
>, Dave wrote:

>>I seem to recall that you are across the pond.

>I have NO idea how you came to that conclusion - certainly not by reading
>what I've posted here.

>>As such, I would not expect your company's lawyer to be admitted to a US
>>jurisdiction (although he might, one never knows.) So Im not so sure that
>>"he has the papers."

>I'm under NDA, which is why I don't post from the company address space,
>or use a company username, but the individual is plying his trade from a
>company facility here in Arizona, although corporate is in New York.

>>However, as a lawyer, I thought I should point out a clear mis-statement
>>of the law, particularly when it was stated with color of authority. As
>>shown in the cases I cited and you snipped, the courts in the US have
>>consistently held reverse engineering to be legal, contrary to what your
>>company's lawyer appears to believe.

>I'd rather doubt that I'd get into this area, as I'm a network admin, not
>one who would ordinarily be doing such any more. In the early 1990s, I was
>cautioned very explicitly about some design work I was doing, and was
>taken off a project in California because of certain knowledge I had of
>"the way to do things" relating to that design.
> Old guy

Pretty vague, but it sounds like they were worried about copyright
infringement,not reverse engineering.If you know how someone esle expressed
their ideas in code, then you coding something similar could bring in
those expressions used in others code, and make your code infringing.

Re: Does Windows still have NSA backdoor?

"Moe Trin" wrote in message
news:slrner0blk.ocs.ibuprofin@compton.phx.az.us...
> On Thu, 18 Jan 2007, in the Usenet newsgroup comp.security.misc, in
article
> , Dave wrote:
>
> >I seem to recall that you are across the pond.
>
> I have NO idea how you came to that conclusion - certainly not by reading
> what I've posted here.

My mistake. Ive been lurking here for a while and thought I had read you
make comments to that effect. After reviewing my spool, I cannot find the
comments I thought I had seen. Perhaps I had confused you with someone
else. In anycase, my apologies.

> >As such, I would not expect your company's lawyer to be admitted to a US
> >jurisdiction (although he might, one never knows.) So Im not so sure
that
> >"he has the papers."
>
> I'm under NDA, which is why I don't post from the company address space,
> or use a company username, but the individual is plying his trade from a
> company facility here in Arizona, although corporate is in New York.

Then he does "[have] the papers," although, based on his comments that you
have relayed, I am less than comfortable with his knowledge of IP law.

> >However, as a lawyer, I thought I should point out a clear mis-statement
> >of the law, particularly when it was stated with color of authority. As
> >shown in the cases I cited and you snipped, the courts in the US have
> >consistently held reverse engineering to be legal, contrary to what your
> >company's lawyer appears to believe.
>
> I'd rather doubt that I'd get into this area, as I'm a network admin, not
> one who would ordinarily be doing such any more. In the early 1990s, I was
> cautioned very explicitly about some design work I was doing, and was
> taken off a project in California because of certain knowledge I had of
> "the way to do things" relating to that design.

Fair enough, but are you sure it was because you had knowlede of "the way to
do things" or because you had been exposed to the particular expression of
something in the past? To show a violation of copyright does not require
intentional copying, it is enough to show similarity (and depending on the
court, it may not matter how vague that similarity is) and an exposure to
the original at some time (whether one conciously remembers or not). That
is why the "Chinese Walls" are so important in cases such as the Compaq-IBM
one you mentioned earlier, to make sure that the people writing the new
version have not had any exposure to the original, essentially making sure
that people are reverse-engineering and not copying.