US government pushed tech firms to hand over source code

&quot;&quot;&quot; IBM referred to a 2014 statement saying that the company does not provide &quot;software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.&quot;<p>A spokesperson ... did not comment further on whether source code had been handed over to a government agency for any other reason. &quot;&quot;&quot;<p>I&#x27;m glad the author pressed them further (&quot;for any other reason&quot;). So many times we see such statements like this from companies but nobody bothers to ask the obvious (to me) follow-up question.

It&#x27;s not a secret that Microsoft provides Windows&#x27; source code to some governments. Here are some reports from the same ZDNet:<p><a href="http:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;microsoft-opens-source-code-to-russian-secret-service&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;microsoft-opens-source-code-to-...</a><p><a href="http:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;does-microsofts-sharing-of-source-code-with-china-and-russia-pose-a-security-risk&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;does-microsofts-sharing-of-sour...</a>

The source code alone is less problem than the private keys.<p>If the agencies have private keys of the creators of your OS, who then signed the &quot;signed updates&quot; you&#x27;ve got?<p>Example, recently from Microsoft:<p>In their forums: &quot;Is Update KB3103709 Fake?&quot;<p><a href="http:&#x2F;&#x2F;answers.microsoft.com&#x2F;en-us&#x2F;protect&#x2F;forum&#x2F;protect_other-protect_start&#x2F;is-update-kb3103709-fake&#x2F;c9fea314-1469-4d6f-b22f-d1fa0c11c503?auth=1" rel="nofollow">http:&#x2F;&#x2F;answers.microsoft.com&#x2F;en-us&#x2F;protect&#x2F;forum&#x2F;protect_oth...</a><p>On their site: &quot; Try searching for what you need This page doesn’t exist.&quot;<p><a href="https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-gb&#x2F;kb&#x2F;3103709" rel="nofollow">https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-gb&#x2F;kb&#x2F;3103709</a>

&gt; &quot;There is zero chance that someone could rewrite the [hard drive] operating system using public information,&quot; said one of the researchers.<p>hmm... <a href="http:&#x2F;&#x2F;spritesmods.com&#x2F;?art=hddhack" rel="nofollow">http:&#x2F;&#x2F;spritesmods.com&#x2F;?art=hddhack</a>

Serious question, would source code be useful to a government agency? Is there enough knowledge and expertise that exists outside of the organization that builds the software to be able to make much use of software as complex as iOS?

Related: There&#x27;s currently a proposal (&quot;Reg AT&quot;) from the CFTC (which regulates futures trading in the US) that would require all algorithmic traders to provide routine access to their source code, without a court order.<p>[1] <a href="http:&#x2F;&#x2F;www.sidley.com&#x2F;news&#x2F;2015-12-14-investment-funds-update" rel="nofollow">http:&#x2F;&#x2F;www.sidley.com&#x2F;news&#x2F;2015-12-14-investment-funds-updat...</a>

All it takes is one brave soul to gain standing and the entire FISA system goes belly up in a real court. As long as everyone cooperates the farce goes on. Generally people who work at big companies and get these NSLs (likely lawyers) are unlikely to be that person.

I&#x27;m actually not so concerned about this, provided no signing keys are given out. OS vulnerabilities being discovered are a risk I&#x27;m willing to take.<p>Can always run linux and level the playing field.

I have to say it, this wouldn&#x27;t be a problem it they wrote free software instead. Security by obscurity was never a good way to go.

I guess if it&#x27;s all Open Source they have a problem.