Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday July 04 2017, @08:19AM   Printer-friendly
from the here-nsa-take-my-source-code dept.
Kaspersky Willing to Hand Source Code Over to U.S. Government

Kaspersky Lab is willing to go to extreme lengths to reassure the U.S. government about the security of its products:

Eugene Kaspersky is willing to turn over computer code to United States authorities to prove that his company's security products have not been compromised by the Russian government, The Associated Press reported early Sunday.

"If the United States needs, we can disclose the source code," said the creator of beleaguered Moscow-based computer security company Kaspersky Lab in an interview with the AP.

"Anything I can do to prove that we don't behave maliciously I will do it."

Also at Neowin.

In Worrisome Move, Kaspersky Agrees to Turn Over Source Code to US Government

Over the last couple of weeks, there's been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it's getting what it wants.

On Sunday, the CEO of security firm Kaspersky Labs, Eugene Kaspersky, told the Associated Press that he's willing to show the US government his company's source code. "Anything I can do to prove that we don't behave maliciously I will do it," Kaspersky said while insisting that he's open to testifying before Congress as well.

The company's willingness to share its source code comes after a proposal was put forth in the Senate that "prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab." It goes on to say, "The Secretary of Defense shall ensure that any network connection between ... the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed."

Jeanne Shaheen, a New Hampshire Democrat tells ABC News, that there is "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." The fears follow years of suspicion from the FBI that Kaspersky Labs is too close to the Russian government. The company is based in Russia but has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate. "As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts," an official statement from Kaspersky Labs reads.

Source: Gizmodo


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by jmorris on Tuesday July 04 2017, @12:26PM (6 children)

    by jmorris (4844) on Tuesday July 04 2017, @12:26PM (#534774)

    Closed source software only came about as an accident of compilers and a severe monoculture in processor arches.

    In a sane world copyright would only cover binaries as derived works, source would be the thing protected. Every customer would get a copy and we would all be super Gentoo "Ricers" compiling a local copy of the binary (when needed) during the installation process. You could look at it, make local changes, etc. but you could no more pass around the source to Quicken than you can pass around the current binary only copies. But most important, what it does would be knowable and keeping software running as the underlying hardware and OS changes over time would be possible beyond the short time the original author cares enough to expend the effort.

    Remember, copyrights and patents are permitted to promote advancement in Science and the Useful Arts. Keeping it secret defeats that purpose.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by jcross on Tuesday July 04 2017, @01:11PM (3 children)

    by jcross (4009) on Tuesday July 04 2017, @01:11PM (#534786)

    I don't know, another advantage of binaries is that they help keep "trade secrets". Of course they can be decompiled, but at least there's some barrier to discovery of your private algorithms. That would also have been a bigger deal back in the day when programs were smaller and did clever things to conserve resources, and a single algorithm might have value. Nowadays programs are so bloated with glue code that can't be usefully extracted from the original project that I think what you're proposing could work. The only issue is distributing a build environment, or having one that's standardized enough, and also that the binary might be a good deal smaller and saves the workload of compiling a huge product. Something tells me Quicken would take some time to build from scratch.

    • (Score: 2) by jmorris on Tuesday July 04 2017, @05:23PM (2 children)

      by jmorris (4844) on Tuesday July 04 2017, @05:23PM (#534844)

      I'm sure they love protecting their secrets. But where is the public interest in that? Remember "Intellectual Property" is a lie, RMS is dead right on that one. We grant Copyright and Patents, for limited times, as a cold transaction to improve progress in Science and the Useful Arts. If they get the protection of the government monopoly grant AND keep it secret it is a loss for everyone else.

      Plus forced publication has other benefits. The horrid state of IT security long since became a national security problem. Publication would force commercial vendors to at least bring their standards up to the levels of the Open Source community. Imagine if routine product reviews also included commentary on the quality (or lack thereof) of the source. Would YOU buy an accounting or ERP system if the reviews said things like "horrid mess of barely legible VB" or "we could find multiple security exploits in a half hour of poking around in this fetid bog of .net splicing together a half dozen different other platforms, frameworks and languages that was obviously congealed over a decade of neglect by multiple corporate overlords as it was passed from one charnel house to another, accreting bits of other defunct products, poorly stuffed together by contract code monkeys in every time zone who knew they wouldn't have to deal with the mess in a year." Much more useful than only looking at the final user interface.

      • (Score: 2) by jcross on Tuesday July 04 2017, @05:46PM (1 child)

        by jcross (4009) on Tuesday July 04 2017, @05:46PM (#534853)

        I couldn't agree with you more about closed-source running counter to the public benefit, and thankfully the market does seem to be transitioning away from it. Of course the new kid on the block would be SaaS, which just doubles down on the secrecy. I'd love to be in a position to diss on that with a clear conscience, but unfortunately it pays my bills at the moment.

        • (Score: 0) by Anonymous Coward on Wednesday July 05 2017, @04:45PM

          by Anonymous Coward on Wednesday July 05 2017, @04:45PM (#535261)

          don't be a hooker.

  • (Score: 0) by Anonymous Coward on Tuesday July 04 2017, @06:34PM

    by Anonymous Coward on Tuesday July 04 2017, @06:34PM (#534870)

    In a sane world, all software would be Free Software. What you describe is still non-free proprietary user-subjugating software because it doesn't respect the users' four freedoms, and so it remains intolerable.

  • (Score: 2) by frojack on Tuesday July 04 2017, @06:57PM

    by frojack (1554) on Tuesday July 04 2017, @06:57PM (#534887) Journal

    You could look at it, make local changes, etc.

    The net result would be the same as we currently have. 99.44% of computers would be running standardized versions from the original providers or companies specializing in knock-offs.

    Look most people can't follow a recipe to make a chocolate cake, or fix a plumbing leak. You want to turn them all to coders?
    And nobody in their right mind would pass around the source code of Quicken. Its utter garbage.

    --
    No, you are mistaken. I've always had this sig.