Canada
Related: About this forumThe strange connection between the NSA and an Ontario tech firm
Last edited Mon Jan 20, 2014, 12:01 PM - Edit history (1)
At the heart of digital security is the concept of encryption making information indecipherable to anyone who doesnt have the right passcode.
And since 1995, any software developer building encryption for technology they intended to sell to the American or Canadian government has had to consult something called the Cryptographic Module Validation Program. Its a list of algorithms blessed by the CMVP that are, according to the government agencies that publish it, accepted by the Federal Agencies of both countries for the protection of sensitive information.
Theres only one problem. For more than six years, one of the central items listed in the CMVP an algorithm for generating the random numbers that form the foundations of an encryption scheme has had a glaring and well-known backdoor, a means of rendering the encryption totally ineffective.
This has been known since 2006, said Steve Marquess, co-founder of the OpenSSL Software Foundation. Why the heck was this officially blessed? A lot of my colleagues and a lot of people in the cryptography community are asking that question.
http://www.theglobeandmail.com/technology/business-technology/the-strange-connection-between-the-nsa-and-an-ontario-tech-firm/article16402341/
Lint Head
(15,064 posts)people. What is the connection to Canadian software companies having such power over American privacy? Is there some kind of subversion going on because Canadian law is different from American law when it comes to doing business across borders? Just asking. It could be innocuous.
Are there no American software companies capable of doing US business?
arikara
(5,562 posts)American companies are routinely contracted to handle sensitive Canadian government data which by law then makes all the information available to their homeland security.
They did this kind of things for decades with their echelon program too. One of my friends who used to work for the phone company told me decades ago to never say anything over the phone that I didn't want to have overheard.