Posted by: Ken Harthun
Password, Secure Computing, Security, Security management
According to USA Today, The NSA and its British counterpart, the Government Communications Headquarters (GCHQ) have cracked encryption codes and have inserted secret “back doors” into security software through covert partnerships with technology companies and ISPs.
Perhaps I’ve gotten numb over all of this because I am not surprised.
Our friends at LastPass, however, want to make it very clear that they will have nothing to do with these shenanigans. In fact, they will shut down their service before cooperating with the government goons. Here’s an excerpt from a September 10 blog post:
With news that the United States National Security Agency has deliberately inserted weaknesses into security products and attempted to modify NIST standards, questions have been raised about how these actions affect LastPass and our customers. We want to directly address whether LastPass has been or could be weakened, and whether our users’ data remains secure.
In short, we have not weakened our product or introduced a backdoor, and haven’t been asked to do so. If we were forced by law to take these actions, we’d fight it. If we were unable to successfully fight it, we would consider shutting down the service. We will not break our commitment to our customers.
This is right in line with the way I feel about covert government operations and is one of the big reasons I will continue to stick with LastPass. They conclude with this:
We have built a tradition of being open and honest with our community, and continue to put the security and privacy of our customers first. We will continue to monitor the situation and change course as needed, with updates to our community when necessary.