Bundeswehr Says Microsoft Software Verboten 274
deran9ed writes: "The German foreign office and Bundeswehr are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets. Article in German, English article"
Re:In other news ... (Score:2)
The terrorists dream...
I_LOVE_YOU_2.TXT.vbs:
END IFRe:Give me a break (Score:2)
As for MS or MacOS - you get the OS itself with localized version - and they're applications which Apple or MS written with localized version. If you'll install for example Quicken - you'll get it by default in
Um... (Score:2)
My question is, why doesn't someone with a Source License check this out? And if they have, are they allowed to tell us?
Windows source code isn't available to the general public, but a lot of people out there can get their hands on it. Anyone with access to it wanna pipe up and tell us?
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Ohwell... (Score:2)
Besides, it's not at all common for countries to throw up barricades to trade in order to boost their own industries.
Good for them, maybe Germany will actually build some software that competes on the market as a result.
Re:Like StarOffice? (Score:2)
Re:Like StarOffice? (Score:2)
Re:Like StarOffice? (Score:2)
I thought that was pretty obvious. I guess not.
Re:The rest of the EC will follow. (Score:2)
Re: icq is echelon encarte (Score:2)
Re:Um... (Score:2)
Love that NSA... :) (Score:4)
The NSA sure stays busy, what with putting backdoors in Windows [slashdot.org] and securing Linux [slashdot.org].
Next thing you know we'll have a Congressional panel on why the NSA is being so... um... un-American [slashdot.org].
---
Re:It looks to me like... (Score:2)
Re:Trouble is... (Score:2)
Yep. The US will use just about any tactic they can get away with to get big contracts for US companies overseas. For instance, the US told Australia that it had to buy submarine combat systems from US companies, instead of a competing European bid, because they wouldn't participate in joint exercises with these submarines if the subs used the non-US software. This, despite the fact that they happily conduct these kind of exercises with their NATO allies, who, shock horror, design their own submarines, tanks, helicopters, and planes, all with their own non-US combat systems.
Like most countries, the US believes in free trade when it suits.
International Treaties on backdoors? (Score:2)
I wasn't aware of any international treaties that placed limits on espionage activities - the only international treaties I can think of that relates to activities of spies are the Geneva convention (what you can do with spies once you catch them), and the Berne Convention (if they're diplomats, they've got diplomatic immunity). What are you referring to?
Re:Give me a break (Score:4)
Besides, that German company may very well be SuSE...
Re:Trouble is... (Score:2)
Can you name a major country that doesn't? Seriously, the Germans do it, the French have been caught a few times recently, the Japanese have been caught a few times. The list goes on.
-
Re:Trouble is... (Score:2)
The US passes it's information on to Canada, and the rest of our allies.
So if they aren't guilty by deed, they're certainly guilty by association.
-
Re:Trouble is... (Score:3)
Perhaps you should stop relying on the German news agencies for coverage of German government excesses.
-
Re:Um... (Score:4)
I would bet that it is buildable. But see Reflections on Trusting Trust [bell-labs.com].
That paper applies to GCC too, of course.
Re:Give me a break (Score:2)
------------------
Re:Trouble is... (Score:2)
At least, there hasn't been any report about such scandals here or in other country's news media, unlike many reports of such behaviour about the US secret service.
Given the fact that the German secret service is probably (surely) far less competent than their American counterparts and the additional fact that German news media are very critical of our government and love to dig up such stories, it seems that Germany is not among them.
Not yet.
------------------
Re:Trouble is... (Score:2)
That still doesn't make it right since the very same things that Woolsley critizies are done by the US as well.
------------------
Re:Trouble is... (Score:2)
------------------
Re:Translation of Spiegel Article plus comments (Score:2)
Even "farts in the general direction of Microsoft" would have been appropriate.
------------------
Trouble is... (Score:4)
A former CIA director explained that this is done for moral reasons [cryptome.org], but his article sounds awfully bigot to me...
It should be expected that Echelon and similar technology that the NSA has access to will be used in a similar manner.
------------------
Translation of Spiegel Article plus comments (Score:5)
http://www.spiegel.de/netzwelt/politik/0,1518,123
Enemy Software
German Army bans Microsoft Software
In fear of US secret services, the German foreign ministry and the German army are planning to close security holes. Instead of American software, federal computers will run German software in the future. [German software? There is no German operating system that I know of. DPA has a competent staff of tech writers, but I doubt they got this right.]
Original article by Deutsche Presse Agentur [an independent, but huge commercial German press agency].
(Image caption: In danger of spies - the German army shoots against Microsoft.)
Computers that are used in security-sensitive areas shall not run Microsoft software anymore. According to German government security advisors, the American secret service NSA has full access to the complete source codes of the US company and is thus able to read even encrypted [Microsoft] files. Because of this, the German ministry of defense uses encryption technologies offered by the local companies Siemens and Telekom [the formerly state-owned, now largest telephone and internet provider].
Meanwhile, the ministry of foreign affairs has halted plans to use video conference technology to communicate with their embassadors and foreign offices. During a Telekom presentation in Berlin at the beginning of March, State Secretary Gunter Pleuger was informed that for technical reasons, every satellite transmission is routed to the American city Denver, Coloroda.
Pleuger thinks the detour to the USA is a security risk. "Then we could do our conferences in Langley right from the start" joked a staffer of the Pleuger office. Langley, Virgina, is the location of the US secret service CIA.
------------------
Re:Backdoors? (Score:3)
Outlook, on the other hand, is not a backdoor, it tends to "backdoor" the user. This is using "backdoor" as a verb, in the sense of prisons, or porn put out by Seymour Butts.
--
Re:Wha? us and them (Score:2)
Re:Give me a break (Score:2)
Re:Don't count on it. (Score:2)
Re:Give me a break (Score:2)
If I wanted the ultimate secure OS for a PC-based server, I would want to use OpenBSD. But too bad, it's developed in Canada...
Re:Can you tell us the name of your employer? (Score:2)
Suffice it to say that we used to be an engineering organization with an engineer/physician CEO. Now our Siemens CEO is a marketing dude, and our marketing department, dancing on their puppet strings, are creating our engineering *specs*. Gaaagh!
We were best of breed, the most respected company of our type. And we got bought out by number eight in a field of nine competitors.
It's time to get my resume in order...
Re:Give me a break (Score:2)
Overreaction (Score:2)
Re:Protectionism (Score:2)
Re:Translation of Spiegel Article plus comments (Score:2)
Re:Like StarOffice? (Score:2)
Well, the Army's new berets are going to be made in China.
Founding New York (Score:2)
:-)
Re:Oh Please, This Is Just German Nationalism (Score:2)
I have to use M$ crap at work so actually things are not so great for me...
--
You think being a MIB is all voodoo mind control? You should see the paperwork!
Did anyone notice the link on the bottom? (Score:2)
I guess their problems with NT were't as bad as many people here would like to believe.
Re:Oh Please, This Is Just German Nationalism (Score:2)
I am always shocked when I hear that another government has standardised on some american product or another. Even if the products made in your own country are somewhat inferior why would you give away the tax dollars collected from your own citizens to a foreign corporation? Besides I am finding it hard to believe that a country which can make BMWs could not produce quality software.
Re:Um... (Score:2)
The tradition was started by the NSA i believe (Score:2)
Also consider that MS' might build something into their OS so it can be switched off remotely (maybe if they think you didn't buy the licence, or you didn't update often enough). Also it becomes harder and harder to keep control over your computer once you installed an MS OS or MS applications. Already you have to turn off automatic updates. The system actively resists some tampering with system files (yeah, it's for the best of the user, but even someone who knows what he is doing can't turn it off). Well an obscure blackbox wich doesn't allow for tampering isn't what makes a happy security expert. He prefers a modular and well structured overseeable system (not an easy feat with todays OSes). I think a version of Linux would be a good start, but maybe some people at Siemens did some lobbying (that is to be expected, although american politicians call it bribery when it happens outside of the US, of course none of that happens in the US at all, and G. W. Bushs plans to distibute money to his rich friends are for the best of USA, but i digress
Re:Um... (Score:3)
If it is possible to utilize a backdoor, then it is just as possible to use the latest exploit, and they would be better off hiring decent admins.
Hiding hole built into as much software as microsoft has shipped is not trivial.
Its also possible that the german government wants to stimulate its software industry, the US has had policies like this for many years to give american companies advantages.
The first reason could give linux a chance, but the second would most likely be a proprietary solution.
Hell of it is... (Score:2)
Re:Um... (Score:2)
You're making the incorrect assumption that Microsoft has opened up its source code so that people can trust it. This is not correct. As I recall, even the best of customers gets access to only 95% of the source code, which casts further suspicion. Also, they specifically disallow any organization outside the United States from looking at their source code.
If they are harboring secret code for the NSA, but are trying to address growing customer demand for a peek at their source, their current policy is exactly what you'd expect.
From CNet: "Microsoft lists the main benefits of the program to customers as follows: one, augmenting the ability to debug and optimize customers' internal applications; two, improving troubleshooting of deployed Windows environments; and three, increasing understanding of Windows to promote long-term success of the customer's organization."
Re:Translation of Spiegel Article plus comments (Score:2)
I dont know what is scarier, Microsoft, or the German army shooting Microsoft. If not for Germany, we'd all be spaking english right now
Oh Please, This Is Just German Nationalism (Score:4)
I believe that they can't simply bar American software for various trade legalities. So they need to use "security concerns" as a cover to justify this. It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country.
Re:Gesundheit (Score:2)
Another oddity is why would they just come out of the blue and state these transmissions are going to Denver?
Read the Omega File. The NWO headquaters will soon be under Denver International Airport. It also says that Germany is set to be a key player in the coming of the New World Order, and that they were heavily involved with Grey aliens in WWII. It all makes sense thanks to conspiracy theories!
Re:Give me a break (Score:2)
Hmmm, ever heard of SuSE? Nothing stops them from making a DGSE-linux in cooperation with SuSE, sort of analogous to the NSA's security enhanced linux... (Was DGSE the german foreign intelligence agency or do I even have the right country? oh well, what ever acronym is right the point is the same) Now does this mean that they'll release a new linux binary called /usr/local/bin/sniffgermansecrets? doubt it. but if they find and release fixes for kernel bugs and whatnot, hey, that's a win...
--
News for geeks in Austin: www.geekaustin.org [geekaustin.org]
Re:Wha? (Score:2)
NSA->State Dept
FBI->DOJ
Well there has to be some sort of oversight such that
(diagram removed because it was 'lame')
And I'm sure that oversight can coordinate a little information exchange between the NSA and the DOJ. I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now. I think it's just some European nationalism thrown in to cover up the fact that someone in the IT dept. fucked up and now they need an alternative.
It's fairly obvious where Deutsche Telekom hails from, but I didn't know Siemans was a German company... I suppose asking them to use NSA Linux is out of the question =) Anyone have any insight into what design decisions they'll be making?
--
Peace,
Lord Omlette
ICQ# 77863057
Re:It looks to me like... (Score:2)
Re:Trouble is... (Score:2)
Re:Well, it's a start (Score:2)
Re:Heh. (Score:2)
Re:Heh. (Score:2)
Re:Oh Please, This Is Just German Nationalism (Score:2)
Re:Unsafe Secrets? (Score:2)
Re:Like StarOffice? (Score:2)
Re:Oh Please, This Is Just German Nationalism (Score:2)
Re:Inventions german or british? (Score:2)
Re:Like StarOffice? (Score:2)
Re:Like StarOffice? (Score:2)
Re:Oh Please, This Is Just German Nationalism (Score:4)
Germany (Score:2)
But the article talks about secure servers, I just see the "front end" not the secure servers, and from those that I have seen, they are running Suns.
I wonder who is winning on this? SuSE?
i thought this was good news... (Score:2)
The two companies [Siemens and Deutsche Telekom] have supplanted Microsoft (and anything else American) and will be producing a secure, home-grown system that the German military can be confident in.
So basically, instead of having a proprietary American software running a major military organization, they'll have proprietary German software running a major military.
To whom does the NSA report? was: Wha? (Score:3)
From the NSA web site [nsa.gov]:
The National Security Council, a group of appointed senior officials, assists the President in formulating foreign policy and intelligence priorities. The Director of Central Intelligence (DCI) directs and coordinates the diverse activities of all the U.S. intelligence organizations. The IC has representation from many intelligence agencies, including intelligence functions in the DoD, Departments of Justice, Treasury, Energy, and State, and the CIA. While not a military organization, NSA is one of several elements of the IC administered by the DoD."Then came the Holy One, blessed be He, and slew the angel of death, that killed the shohet that slaughtered the ox that drank the water that quenched the fire that burned the stick that beat the dog that bit the cat that ate the goat my father bought for two zuzim."
Nah. (Score:2)
Bullshit (Score:2)
Right. Let's install RedHat instead...
German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.And then we're going to help Mulder crack his biggest case!...
Bullshit deux (Score:2)
Right. Let's install RedHat instead...
German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.
And then we're going to help Mulder crack his biggest case!...
Re: (Score:2)
Backdoors? (Score:4)
Re:Backdoors? (Score:5)
Like the classic sig file says:
"I picked up a Magic 8-Ball (tm) the other day and it said 'Outlook not so good.'
I said, 'Sure, but Microsoft still ships it.'"
;-)
Re:Oh Please, This Is Just German Nationalism (Score:2)
I don't think the Bundeswehr really wants to switch from american software to software written by a bunch of Russians, Indians etc. I worked at Siemens Austria (I am a Slovak) and our team was two Slovaks, one Hungarian and our boss was from Iran. Now I work for another austrian company and the situation is not very different.
I think they will develop some security modules by their own staff and that will pretty much be it.
Re:Wha? (Score:3)
Let's not forget the whole NSA backdoor key in Win2k [www.iol.ie] debacle. There were, of course, reports from Microsoft denying that this was a key for the NSA. There is, at least, sufficient doubt to make it impossible to rule out the presence of a delibrate NSA backdoor.
Even if that weren't enough, one could argue that such a backdoor, if found, might be (or possibly has already been) classified as a bug instead of a backdoor.
Re:Um... (Score:2)
Bugged software (Score:2)
PS: Believe it or not, Siemens really does have a Staines office (Siemens Building Technology [siemens.co.uk]). If only Wang had an office in Cologne.
Re:Translation of Spiegel Article plus comments (Score:2)
Suse is a German company.
Re:Give me a break (Score:2)
But at least you can examine, or modify the source code for 98% of SuSE. The other 2% of SuSE, you don't have to install.
With SuSE being a German company, they might be less inclined to spy on their own government -- or, the government migtht be able to cooperate/coerce SuSE in various ways.
Re:Um... (Score:2)
I wonder.
It seems from all accounts I've read about MS letting others peek at their source, they specifically want it to be only so that you can consult the source. For instance, to make your board able to work with Windows. Or to see how Windows works, to get your enterprise app to work with it. etc.
MS specifically doesn't allow you to modify it. Therefore, it might not be buildable in order to preclude non-authorized binaries from ever comming into existance, and possibly getting passed around, even finding their way outside of the licensed organiation into the wild, etc. Imagine the possibilities.
Of course, the only way that MS could convince me to my satisfaction that there were no backdoors would be: (1) I get to analyze the code, and (2) I get to build the code and compare binaries to those that have been in circulation for years. Part 2 requires that I have access to the original compiler tools, configuration settings, etc. so that I can generate identical binaries. This is a pretty high bar in order to make a convincing argument that there are no backdoors. Of course, item 1 alone is a pretty high bar on my part. I would have to have a darned good reason to expend the effort to audit the (presumably) horrible MS code. Even if MS met item 2, the cost to me of item 1 might make it cheaper to go with open source. Even doing item 1&2 on open source.
Re:Overreaction (Score:2)
I can see why MS is so tight lipped about their source. Even in the US. Even with legal recourse. If their source code escaped, imagine the consequences. Okay, Company X, and it's employee Cmdr Taco are found guilty of violating MS's NDA. They are to pay $200 billion in damages. C'mon, do you really think that any company besides MS could afford such a judgement? The damage is done. Period. No amount of money can undo it.
Bottom line: MS is NOT going to do "whatever it takes" to earn back people's trust. Even if MS truly has nothing in their source to hide.
(another topic: even if they have no NSA back doors to hide, they might have other secrets to hide in their source. Anticompetitive features. Code to sabatoge competitors. Undocumented features to benefits only MS apps. Code that violates other's patents or copyrights. Admittedly, this last one is quite a stretch.)
Re:Let them review the code (Score:2)
MS would never allow their source code outside the US. Who would they complain to if foriegn power violated the NDA? Imagine even inside the US where MS has the legal system in their pock..er.., um.., I mean, on their side. If a US company violated MS NDA, no amount of money in a legal judgement could make up for it. Period. Damage is done. So given the absence of any legal recourse, why would MS release source code outside of the US?
Re:Oh Please, This Is Just German Nationalism (Score:2)
The east notwithstanding, the German economy is actually in pretty good shape at the moment.
"It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country."
Uh, I'm certainly no security expert, but even I can recognize the most basic principles of trust in a system. There does not even need to have been a rumour of backdoors - the more basic principle is that you're using a system that you simply DO NOT KNOW can be trusted, in an application where complete trust is imperative. The fact is, Germany simply has no way of knowing if MS systems can be trusted, and if you are the person responsible for implementing security in such a sensitive system, and you choose systems whose trustworthiness is inherently unknown, you should have your ass fired on the spot. The fact that the US goverment has spying backdoors in most major communications technologies exported from the states certainly should tell you that MS systems most likely *can't* be trusted. But even without this background knowledge, you know that the MS system is less than 100% trustable. When you absolutely need 100% trustable, then anything less cannot be accepted.
You do have a point, and I'm sure that part of the reasoning is to encourage the use and development of home-grown stuff. But those "security concerns" are more than just a useful excuse for this - they are probably very valid concerns too.
I've thought this for years (Score:2)
Wha? (Score:4)
Re:dis6runtled post (Score:2)
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Give me a break (Score:3)
In case you were thinking that this is somehow a "win" (whatever that is) for Linux, think again: They are going to home-grow their secure solutions using a German software company.
This is the same thing our United States military does. They contract with American-owned companies for custom software solutions (like the recent Windows Datacenter custom system for running Battleships and aircraft carriers, or the NSA's development work on a secure Linux system.)
Can't Slashdot just stop focusing on Microsoft for even one minute? Please?
Oh well.... life goes on
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Re:Oh Please, This Is Just German Nationalism (Score:2)
This would be true if they wanted to implement an across the board ban on all M$ or all American software in Germany ( makes you wonder what they'd have left? ) - or impose trade sanctions against all american or M$ software. However, the policy decisions of what one business or govt. agency is going to use for its own software is not prohibited by trade sanctions - that would just be ridiculous. If it were the case a govt. would have to have equal numbers of computers made by american, japanese, russian ( god forbid ), and other companies just to keep it fair. They don't need to cook up such an outrageous story just to cover what comes down to an IT dept. decision of buying local stuff instead of american.
Re:International Treaties on backdoors? (Score:2)
Re:International Treaties on backdoors? (Score:2)
Well, there is no evidence that has been made public, yet. I was under the impression that it was the german govt. which made this claim - not some website, and the fact that the article is gone or not has no bearing on this. Assuming that the german govt. really did make this statement and is intending to follow through on it. It seems unlikely that a very influencial world govt. would make such an "outrageous" statement unless they had some good reasons to believe it was true. The fact that they have not specified what those reasons are yet means nothing.
Also given that the NSA released such a large number of microsoft weaknesses recently suggests that even if there were no NSA/CIA designed holes in M$ products, they have obvioulsy spent a good deal of time investigating what was there without their own contributions, and would naturally have been in a marvellous position for years to take advantage of same.
Why should they want to publish these backdoors that they themselves have discovered and (potentially) been using then? Well probably because they figure that these back doors and security weaknesses aren't so well hidden that many people outside the US couldn't find them and exploit them, and they'd rather see the vastly computer-dependant US economy be more secure rather than have easy access to foreign interests. Just a trade-off that makes sense in the long run.
Re:International Treaties on backdoors? (Score:2)
Re:Wha? (Score:3)
Re:Translation of Spiegel Article plus comments (Score:2)
Untrue. Siemens-Nixdorf has had their own version of SVR4 for a long time now. It's called "Reliant UNIX" these days, but was known as "SINIX" for most of its history. It runs on the old Pyramid/Siemens workstations and servers. Not very well known in the states, but you can usually tell sysadmins who've touched it by the way they start cringing when it's mentioned.
Re:Gesundheit (Score:2)
Re:Denver? (Score:2)
Re:It looks to me like... (Score:2)
Are you by any chance referring to the SuSE A.G. in Nueremberg?
You're right, this sounds awfully suspicious, but remember there has been a lot of bad feelings over the Echelon program lately, especially considering the fact that US companies suddenly come up with a better deal just as some EU company is about to sign a major contract (as for example Boeing vs Airbus when some Arab airline wanted to upgrade it's fleet). Germany, being an industrial powerhouse, was most incensed by this suspicion of industrial espionage sanctioned by the US government, and Germans being historically paranoid about eavesdropping, this is not a surprising reaction.
MartConsider this (Score:2)
Yesterday someone posted a connection between Microsoft & CoS [slashdot.org]. The Germans have good reason for their decision, especially considering that the disk-caching and defragmentation utilities shipped in NT & 2K were developed by a company founded by a Scientologist [execsoft.com]. Germany and CoS are not good friends (read more on google [google.com])
The internet has spawned interesting phenomena such as rtmark [rtmark.com], which seeks to subvert worldwide corporatization by arranging contributions to fund legal anti-corporate activities. It's about time for someone to conduct similar efforts toward confirming back doors in OS software.
Until then, we all have to wonder whether this is paranoia from the intelligence community, or reality.
If you love God, burn a church!
dis6runtled post (Score:3)
besides... last uname -a I did showed FreeBSD
Gesundheit (Score:4)
Siemens is a mega corporation [http], so its going to be neat to see how this plays out on other European countries using Microsoft based products, as well as the governments of Germany and America's trust in each other (remember with a company like Siemens, its not like its a mom and pop company ranting off.) Germany is a very powerful force within the European Union as well so chances of this rubbing off into other countries will likely take place in the not-to-distant future.
Another oddity is why would they just come out of the blue and state these transmissions are going to Denver? Out of all the places (for a conspiracy theorist to mention) in the US Denver and not someplace like Washington. Well here are the only places I know offhand capable of capturing, sorting info in the Colorado area along with respective information: ITS [bldrdoc.gov], NSA orders [fcc.gov] (keep in mind these are publicly accessible websites and known locations)
I wonder if MS would comment on this article or will they ignore it. This isn't the first time MS has been accused of having backdoored software.
(In fact here ya go enjoy... gov doc a [usgs.gov], gov doc b [ignet.gov], Slashdot's prior MS/Backdoor article [slashdot.org])
Also its not the first time someone in the European Union has accused the United States of odd actions involving espionage. There was also something along the lines of ECHELON being by the U.S. used to promote industrial espionage in order to beat the EU to a large (billions of dollar large) aerospace deal with Saudi Arabia.
Anyways...
Well here's the babelfishified version of the German article:
crummy translation...
vroom vroom [speedygrl.com]
The rest of the EC will follow. (Score:2)