Linked by Thom Holwerda on Wed 15th Dec 2010 23:34 UTC, submitted by Oliver
OpenBSD Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). [...] It is a baseless accusation the reason for which I cannot understand."
Thread beginning with comment 453782
To read all comments associated with this story, please click here.
I am very skeptical...
by kop316 on Thu 16th Dec 2010 05:08 UTC
kop316
Member since:
2006-07-01

In the original e-mail, Mr. Parry said:

"My NDA with the FBI has recently expired"

The fact that he calls it an NDA tells me that he does not even know that the FBI grants you a security clearance. A security clearance from a government agency is much different then an NDA from a private company.

In the government, your security clearance expiring means that you no longer have access to classified information, but it does not mean you can now tell classified information. Doing so will get you in a lot of legal trouble; whether your "NDA" is valid or not.

Now lets say that he did have a security clearance, and merely just told De Raadt it was an NDA to avoid confusion.

Information like this would certainly be classified. If his story does check out, he will get into a LOT legal trouble with the US government for leaking classified information.

Considering that his has not been a quiet incident and I have yet to see a response from the US government; I very much doubt the validity of this story.

Reply Score: 4

RE: I am very skeptical...
by rebel787 on Thu 16th Dec 2010 08:08 in reply to "I am very skeptical..."
rebel787 Member since:
2007-01-13

Skepticism's been booted out of me and in it's place ... an empty cup. Anything's possible.

Reply Parent Score: 2

RE: I am very skeptical...
by darknexus on Thu 16th Dec 2010 08:54 in reply to "I am very skeptical..."
darknexus Member since:
2008-07-15

Considering that his has not been a quiet incident and I have yet to see a response from the US government; I very much doubt the validity of this story.


At the risk of sounding like a conspiracy theorist, there would be no better way to validate the story than for the government to act and, assuming they were trying to get back doors into OpenBSD, would be a sure fire way to get the majority of user to stop using it and there by rendering all their hard work useless. On the other hand, by strategically ignoring this even if it is true, they would essentially have deniability without actually having to deny anything, as well as casting extreme doubt on the validity of this guy's accusations. Granted that would be more subtlety than most recent administrations have shown, but hey, anything's possible especially with our world-police-wannabe government. Of course, the entire thing could be complete shite. I'm not ruling either possibility out at this stage.

Reply Parent Score: 5

RE[2]: I am very skeptical...
by kop316 on Thu 16th Dec 2010 14:11 in reply to "RE: I am very skeptical..."
kop316 Member since:
2006-07-01

In the original e-mail, he starts it off with "My NDA with the FBI has recently expired". This is saying "now that I am no longer obligated to keep FBI secrets....". For this to be true, he did at one point comply with the fact that he couldn't tell people about what he did, and now thinks he is legally allowed to do so.

The "NDA" he signed would not allow him to talk about the information for the rest of his life. I highly doubt the FBI would let him think that he is free to tell information just because his "NDA" expired.

The person either has a serious misunderstanding of how government "NDA"s work and just got himself into a lot of legal trouble; or he is fabricating the story.

Reply Parent Score: 2

RE[2]: I am very skeptical...
by Valhalla on Thu 16th Dec 2010 14:26 in reply to "RE: I am very skeptical..."
Valhalla Member since:
2006-01-24


Of course, the entire thing could be complete shite. I'm not ruling either possibility out at this stage.


Yep, the reason I didn't discard this out of hand was that the guy gave his name and he named names and dates. Unless he is an attention-whore/compulsive liar, what would his motives be in spreading misinformation? To discredit OpenBSD and himself in the process? The code audit will (hopefully) set the record straight. Meanwhile we can all just speculate, but like DarkNexus I'm not ruling anything out at this stage, the world certainly is crazy enough for this to be true.

Reply Parent Score: 2

RE: I am very skeptical...
by LighthouseJ on Thu 16th Dec 2010 13:39 in reply to "I am very skeptical..."
LighthouseJ Member since:
2009-06-18

To dovetail what you said, I think the government requires you to sign a lifetime NDA anyway, so if your clearance lapses, that only governs you access to data, not your ability to disseminate it.

Reply Parent Score: 1

RE: I am very skeptical...
by Tuishimi on Thu 16th Dec 2010 14:49 in reply to "I am very skeptical..."
Tuishimi Member since:
2005-07-06

Did anyone check wikileaks?

Just kidding!

Reply Parent Score: 2

RE[2]: I am very skeptical...
by AndrewZ on Thu 16th Dec 2010 15:37 in reply to "RE: I am very skeptical..."
AndrewZ Member since:
2005-11-15

I think the first step should be to validate Gregory Perry's claims that he was actually involved in something. For instance can he produce an actual copy of the 'NDA'? Can he show pay stubs? Can he name names in the FBI? Etc.

Alternatively, someone should file a Freedom of Information Act motion with the US government and see if there is substance to this claim.

This would help rule out a lot of conspiracy possibilities.

Reply Parent Score: 3

RE[2]: I am very skeptical...
by olefiver on Thu 16th Dec 2010 17:11 in reply to "RE: I am very skeptical..."
olefiver Member since:
2008-04-04

Since it's OpenBSD one should use the new OpenLeaks ;)

Reply Parent Score: 2