This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/commentisfree/2013/sep/06/nsa-surveillance-revelations-encryption-expert-chat

The article has changed 7 times. There is an RSS feed of changes available.

Version 0 Version 1
Explaining the latest NSA revelations –Q&A with internet privacy experts Explaining the latest NSA revelations –Q&A with internet privacy experts
(about 4 hours later)
Today, beginning at 3pm ET | 8pm BST, the Guardian's James Ball, who reported on the latest NSA and GCHQ revelations, and cryptology expert Bruce Schneier, who wrote about the implications, will take your questions on the new revelation that the US and UK governments can crack much of the encryption protecting personal data, online transactions and emails – as well as the ongoing debate over surveillance. Today, beginning at 3pm ET | 8pm BST, the Guardian's James Ball, who reported on the latest NSA and GCHQ revelations, and cryptology expert Bruce Schneier, who wrote about the implications, will take your questions on the new revelation that the US and UK governments can crack much of the encryption protecting personal data, online transactions and emails – as well as the ongoing debate over surveillance. Toss your questions below and as you wait for a response, re-visit yesterday's stories:
Post your questions in the comment thread below, then check back later to read James and Bruce's responses. • How US and UK spy agencies defeat internet privacy and security
In the meantime, re-visit a few of yesterday's stories:
• How US and UK spy agencies defeat internet privacy and security
• How internet encryption works • How internet encryption works 
• The US government has betrayed the internet. We need to take it back• The US government has betrayed the internet. We need to take it back
The Q&A is now live:
First Question: 
Can we trust open source? Of course it is more transparent than properietry, but if NSA has been influencing standard documents, what is stopping them penetrating free software?
Do we have evidence supporting/denying contamination of open source?
Answer: 
James Ball: Because the NSA and GCHQ have been influencing standards, and working to covertly modify code, almost anything could potentially have been compromised. Something as simple as – hypothetically – modifying a basic random-number-generator could weaken numerous implementations of open-source code.
That said, anything done to open source projects, particularly popular ones, will have to be subtle, as anyone can audit the code. So I do believe they’re more trustworthy/dependable than other things. But almost nothing is certain, and we see quite regularly bugs/vulnerabilities discovered in major open source projects that have lain undiscovered for months.
Question:
Is there any reason to believe that these back doors have also been built into hardware?
Answer: 
Ball: There’s every reason to think this. The Washington Post mentioned in passing last week the use of ‘implants’, and the New York Times’ take on this story made reference to efforts against “encryption chips”.
Question:
How hard do you think it will be to get people to take security seriously when people are willing to type so much personal data into Facebook/Google+ etc?
Answer:
Ball: I think we need more awareness of privacy and security generally, and I think as generations grow up net-native (as today’s teens are), that’s taking care of itself. I don’t think people who volunteer information to a strictly-controlled network on Facebook (or webmail, etc) are automatically willing to share that same information with their governments. That’s a large part of what the whole privacy and security debate the NSA files are fueling is about, I think.