Sunday, September 08, 2013

Can I have the version without backdoors and built-in defects?

Last week, The Washington Post reported that the NSA has gotten hardware and software vendors to implement backdoors and exploitable design defects in their products. In one case, the NSA learned that an unnamed country had placed an order with an unnamed U.S. vendor for networking hardware, and the vendor agreed to install NSA-designed backdoors in that hardware.

Despite the fact that the NSA has no business doing mass interceptions of Internet communications and phone calls that both originate and terminate in the U.S., I'm not terribly worried about the NSA using backdoors into my network hardware and software. However, the problem with backdoors and intentional design defects is that anyone that can find them can use them. By making its job of penetrating networks easier, the NSA has also made hackers' and foreign countries' jobs of penetrating those same networks easier. They've compromised everyone's data security. This is what's called an unintended consequence, but it's very real.

The NSA may very well have also compromised the U.S. Government's own security. Consider that compromised hardware and software may be in use at U.S. defense contractors, and that those "engineered defects" could be exploited by China, Russia and who knows who else. That's why it's so important that companies not give in to the NSA's demands to build backdoors and design defects into their hardware and software, and that the NSA not make the requests in the first place.

No comments: