The NSA has asked Linus Torvalds to inject covert backdoors into the free and open operating system GNU/Linux. This was revealed in this week’s hearing on mass surveillance in the European Parliament. Chalk another one up of the United States NSA trying to make information technology less secure for everyone.
The father of Linus Torvalds, Nils Torvalds, is a Member of the European Parliament for Finland. This week, Nils Torvalds took part in the European Parliament’s hearing on the ongoing mass surveillance, and brought a revelation:
The United States security service NSA has contacted Linus Torvalds with a request to add backdoors into the free and open operating system GNU/Linux.
Nils Torvalds’ revelation was presented in an episode which started (at 3:06:58) by me pointing out to the Microsoft representative in the panel, that in a system like GNU/Linux, built on open source, you can examine the source code to see that there aren’t any back doors. In Microsoft’s systems, this possibility is absent, since the source code is secret to outsiders.
My question to the Microsoft representative was whether she’d be allowed to disclose if there are deliberate back doors in their systems, in the event that there are. She never responded to that question, but obviously, she didn’t have to. From other sources, we know that the NSA always prohibits the private companies they force into cooperation from disclosing any of it.
Nils Torvalds spoke after me, and starting at 3:09:06, he said,
When my oldest son [Linus Torvalds] was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, [but] everybody understood that the NSA had approached him.
The story does not tell us how Linus Torvalds responded to the NSA, but I’m guessing he told them he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open, and all changes to it are reviewed by many independent people. After all, that’s the whole point of open source code, and the reason that open source is the only kind you can trust when it comes to security.
Still, it’s very interesting to hear confirmation that the NSA has tried to attack Linux at its lead developer, too.