Posted by Charles II on July 15, 2013
A conspiracy theory developed around the case, with allegations that “back doors” had been inserted into the software so that whomever the Justice Department had sold it to could be spied upon.
Now, this is of historical curiosity only. But now a much more credible and threatening suggestion has been made. Steve Blank, Forbes:
Today every desktop and laptop computer has another way for the NSA to get inside.
Starting in 1996 with the Intel P6 (Pentium Pro) to today’s P7 chips (Core i7) these processors contain instructions that are reprogrammable in what is called microcode. Intel can fix bugs on the chips by reprogramming a microprocessors microcode with a patch. This patch, called a microcode update, can be loaded into a processor by using special CPU instructions reserved for this purpose. These updates are not permanent, which means each time you turn the computer on, its microprocessor is reset to its built-in microcode, and the update needs to be applied again (through a computer’s BIOS.).
The microcode is distributed by 1) Intel or by 2) Microsoft integrated into a BIOS or 3) as part of a Windows update. Unfortunately, the microcode update format is undocumented and the code is encrypted.
perhaps the NSA, working with Intel and/or Microsoft, have wittingly have put backdoors in the microcode updates.
The downside is that 1) backdoors can be hijacked by others with even worse intent. So if NSA has a microcode backdoor – who else is using it? and 2) What other pieces of our infrastructure, (routers, smartphones, military computers, satellites, etc) use processors with uploadable microcode?
Now, this is just a suggestion, not a fact. But it points to a serious potential problem. Even if you approve of NSA spying, do you approve of some unknown party who has compromised the encrypted keys having total control of your computer?
There are consequences well beyond what may happen to NSA capability, and tentative confirmation of Blank’s conjecture. Arvin Ganesan, CNN:
For the Internet companies named in reports on NSA surveillance, their bottom line is at risk because European markets are crucial for them. It is too early assess the impact on them, but the stakes are clearly huge. For example, Facebook has about 261 million active monthly European users, compared with about 195 million in the U.S. and Canada, and 22% of Apple’s net income came from Europe in the first quarter of 2013.
Europe was primed for a backlash against NSA spying because people care deeply about privacy after their experience of state intrusion in Nazi Germany and Communist Eastern Europe.
on July 11, The Guardian reported that Microsoft helped the NSA and FBI bypass its own encryption to access its users’ data, based on documents from Edward Snowden
Transparency is an important first step. Its absence only exacerbates a trust deficit that companies already had in Europe. And trust is crucial. Google’s chief legal officer recognized this on June 19 when he said, “Our business depends on the trust of our users,” during a Web chat about the NSA scandal. (emphasis added)
We’ve known about the dangers of backdoors at least since 1974 and Promis. It should have been obvious how dangerous this sort of thing is, especially given how dependent our entire economy is on computers and the Internet.
BTW, this points out that even encryption of communications is no guarantee of privacy. Until we regain respect for the Fourth Amendment, and have a government that understands that it’s in everyone’s best interests that they not know everything, one can predict that the downward spiral will not be broken.
9 Responses to “Broken Promis”
Sorry, the comment form is closed at this time.