I read on BloombergBusinessweek that the National Security Agency has been busy in the open source world and contributed security-related code to Google's Android operating system. This is like a vampire donating to a blood bank.
Apparently the NSA's contribution is called "Security Enhancements for Android" and it is designed to "isolates apps to prevent hackers and marketers from gaining access to personal or corporate data stored on a device." Wow. The NSA really cares about our privacy ...
Bloomberg says that they obtained a 2011 presentation by the NSA that declared that the program's top was to “Improve our understanding of Android security.”
What's so sad about this is that the NSA may well have made a valuable contribution to Android but given the furore over the agency's domestic and international intelligence gathering programs and lack of transparency (which is a nice way of saying they behaved like devious, lying bastards) the only conclusion any sane person can come to is that their "contribution" was, in fact, motivated by something other than giving to the open source community.
"Hold hard" you might say, "Surely what they contributed was open source so its intention and capabilities can be evaluated and assessed for subterfuge?"
Sure, but that presumes that the chunk of NSA code doesn't do something that we don't understand. Perhaps the code's structure allows some kind of analysis that reveals usage patterns or simply flags ownership of an NSA-tagged Android device.
The reality is that in allowing code contributions by the NSA Google has opened a can of worms that isn't going to go away by anyone, Google especially, claiming the code is "clean."
Bloomberg's article states:
Jeff Zemlin, the executive director of the Linux Foundation, says the NSA didn’t add any obvious means of eavesdropping. “This code was peer-reviewed by a lot of people,” he says.
Call me paranoid but when the NSA gets involved in any area of computing it makes me want to start wearing a tinfoil hat and look over my shoulder.