<i>As a result, DUAL EC DRBG has been incorporated into a range of products, including those from security company RSA, in operating systems such as Microsoft Windows,and in a version of OpenSSL (a tool commonly used to facilitate website encryption). The integration of the standard with operating systems was significant because, by changing the default method by which the operating system encrypted communications traffic, an intelligence agency could decrypt data now encrypted using DUAL EC DRBG.</i><p>Dual_EC was never the default in Microsoft Windows, and you'd have to put effort into building a version of OpenSSL that used it. The article is overstating its case here.<p>Dual_EC was famously the default for some versions of RSA BSAFE, and RSA BSAFE seems to have acknowledged accepting money from the USG to set that default. But BSAFE's licensors used it primarily to mollify RSA's patents, which expired over a decade ago. Lots of vendors that license BSAFE don't use it for anything meaningful. OpenSSL is much, much more popular in closed-source enterprise tools than BSAFE is.
A side read, but somewhat related. By NY times "The closing of the Canadian Mind".<p><a href="http://www.nytimes.com/2015/08/16/opinion/sunday/the-closing-of-the-canadian-mind.html?_r=0" rel="nofollow">http://www.nytimes.com/2015/08/16/opinion/sunday/the-closing...</a>
This article doesn't mention warrants at all. Are those even a consideration of these laws?<p>Can a Canadian government agency simply say "Gimme this info" to Canadian businesses with no oversight or accountability?<p>Also, the C-13 provisions regarding a crime under foreign law reeks of US involvement. However, it's also a restriction on Canadian sovereignty, making the nation beholden to any crazy law anywhere in the world. (or simply broadening the ability for selective enforcement to pull in any reason they can think up)
Speaking of weakening wireless communication, what ever happened to the Gemalto sim card revelations? This was big news 6 months ago then it just disappeared.<p>As far as I know, no recall ever happened. So we are all still using the compromised sim cards?
If it were the case that the telecom company is providing the government decrypted information, wouldn't they be giving the government an already-encrypted information if I were to use a VPN app like expressVPN on my smartphone?