I often discuss with customers the suspicion and rumours about Windows XP and other versions of Microsoft or other commercial software being designed to permit eavesdropping by governments. I recently came accross interesting facts in a cryptography discussion.
While Enigmail integration to Mozilla was being discussed, an enhancement proposed in 1999 was brought to light and comment #138 highlights some quotes from the Interception Capabilities 2000 report published by the European Parliament at the time (1999!).
Some quotes ought to help us decide which encryption and software to trust:
From the 1940s to date, NSA has undermined the effectiveness of cryptographic systems made or used in Europe.[…]NSA arranged to rig encryption systems sold by Crypto AG, enabling UK / USA agencies to read the coded diplomatic and military traffic of more than 130 countries.[…]The purpose of NSA’s interventions were to ensure that while its coding systems should appear secure to other cryptologists, it was not secure.[…]in 1995, when NSA became concerned about cryptographic security systems being built into Internet and E-mail software by Microsoft, Netscape and Lotus. The companies agreed to adapt their software to reduce the level of security provided to users outside the United States. In the case of Lotus Notes,which includes a secure e-mail system, the built-in cryptographic system.[…]It follows that almost every computer in Europe has, as a built-in standard feature, an NSA workfactor reduction system to enable NSA (alone) to break the user’s code and read secure messages uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years.
Old news ? I think so, but it’s just an example of how governements and corporations can do something different than they tell their citizens and customers.