Several years ago, in a nod to Linux creator Linus Torvalds, software developer Eric S. Raymond coined a phrase that he called Linus's Law:

"Given enough eyeballs, all bugs are shallow."

So goes the standard argument in favor of open source that more "eyeballs" make for better quality control and better security. It has become the rallying cry for open-source enthusiasts, particularly in the aftermath of Edward Snowden's revelations last year about NSA spying and government infiltration of technology. Reports surfaced that Microsoft, Google, Yahoo, and other tech heavies were compromised. According to the open-source narrative, the Snowden documents proved that commercial software couldn't be trusted.

"There have long been rumors in the networking community about possible backdoors in major networking vendors' firmware and network stacks," Nicholas Merrill, executive director of The Calyx Institute, told Enterprise Networking Planet in an interview last year. "I would suggestthat people strongly consider open-source solutions since their source code is open for peer review and auditing."

Government snoops, however, apparently have no qualms about attempting to hide vulnerabilities in plain sight. For instance, during a keynote panel discussion at this year's LinuxCon, Linus Torvalds was asked if the federal government had ever asked him to insert a backdoor into the Linux kernel. Torvalds verbally told the audience "No" while nodding his head yes.

Additionally, among the Snowden leaks was confirmation that the NSA had inserted a self-serving vulnerability into a pseudorandom number generator and then worked to get it adopted as an international standard.

Certainly, although it has been confirmed that the US government pressures and works with commercial vendors to insert backdoors into their software, so too apparently do they participate in open-source efforts. After all, if open-source development is "open" to everyone, it's just as open to the government and others who wish to weaken software security.

Other factors demonstrate that Linus's Law is just plain false. In his 2003 book Facts and Fallacies of Software Engineering, Robert L. Glass levies numerous criticisms against the "law," writing that, according to research, the law of diminishing returns is at work when it comes to code review. Specifically, that having more than two to four code reviewers is not particularly useful.

"[W]e shouldn't think that a Mongolian horde of debuggers, no matter how well motivated they are, will produce an error-free software product," writes Glass, "any more than any of our other error removal approaches will."

Glass goes on to point out that no scientific evidence exists to show that open source is safer, more reliable, or less buggy. He also observes that the bugs found by the many "eyeballs" may not be the most serious. Other commentators have explicitly posited that security bugs are among the least likely to be found in open-source software because security review is more boring and more difficult than tending to features.

See more here:
Opinion: TrueCrypt, the NSA, and the Myth of Open-Source Security

PRINCETON With little more than two months before he closes the book on a 16-year Congressional career, U.S. Rep. Rush Holt (D-12th Dist.) discussed the challenges in store when it comes to preserving civil liberties in the 21st century.

Before a crowd of nearly 100 ACLU members, Holt and ACLU of New Jersey Executive Director Udi Ofer traced a history of the revocation of civil liberties throughout Holts time in the House.

Holt, who announced earlier this year that he wouldnt seek a ninth term in Congress, didnt pull any punches, openly criticizing his affirmative votes on the Patriot Act in 2001 -- hands down the worst vote Ive cast so far in Congress, he said -- and the Authorization for Use of Military Force in 2003 a close second.

We shouldnt sacrifice our liberties for the sake of security. Thats a false choice, Holt said. Its not the loss of privacy that is so upsetting. It is that the government would treat all of us as suspects first and citizens second.

Since those votes, Holt has remained critical of the use of surveillance at the federal level, frequently calling the situation a surveillance state during Mondays discussion.

He detailed his own experience with the NSA when, as chairman of the House Select Intelligence Oversight Panel, NSA leaders unquestionably and unequivocally lied to him when he asked about surveillance.

There is some reason for secrecy but theres no justification for systematically and deliberately lying to people charged with the oversight, said Holt, a Hopewell Township resident.

And while he acknowledged that Edward Snowden unquestionably broke a significant law by leaking evidence of the NSAs domestic surveillance, he said Snowden should have leniency in any prosecution and probably should be pardoned."

He has done a great service. The more I hear him interviewed, theres a little bit of self-righteousness there, but this was done for patriotic reasons, Holt said. He did not do this casually or stupidly. It was quite thoughtful."

Turning to current events, Holt criticized Gov. Chris Christie and New York Gov. Andrew Cuomos policy of mandatory quarantines for medical workers returning from trips to treat Ebola patients in West Africa.

View original post here:
U.S. Rep. Holt discusses NSA spying, Ebola quarantine at ACLU forum in Princeton