[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSA, ITAR, NCSA and plug-in hooks.

On Wed, 15 Nov 1995, Bill Stewart wrote:

> >>Does anyone know the ostensible justification for this?  
> Isn't the NCSA government-funded?  If so, they've probably got
> less slack in what they can get away with than private citizens;

I think that government-funding does give a certain degree of control --
the control that comes with the budget axe.  Private citizens
alternatively, get to face a different type of tool. 

They get to face stuff like RICO provisions, which "effectively" -- as
they are presently used, rather than as they were written and intended to
be used -- tend to allow the government to "influence" private citizens. 

> the NSA's got more leverage over their funding, especially if
> "Supercomputer Applications" are often military or civilian-govt.

I doubt that the NSA approves the NCSA's budget.

Far more likely would be for the NSA to use a rogue programmer at the
NCSA.  Someone who might hide some very damaging code into one of the
existing applications without anyone (else) knowing about it. 

I could even see an independent doing this simply to profit from it.  I
could see someone doing something like that.  It's no different really
than the "free" programs that were given away years ago which appeared to
be useful but actually contained "poison code". 

> Not only do they have to worry about ITAR as law, they have to
> worry about their continued cash flow.

Like I said, I don't believe in the "grand conspiracy" model.  I tend
toward "contained" enterprises. 

All the more reason though, NEVER to use black-box code, and all the more 
reason for public open review of code.  NSA and ITAR aside ... safe 
computing is safe computing and is in everyone's collective interest.

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.