Aardvark Daily

Please visit the sponsor!

Back-doors, do you have one?

For those who aren't familiar with the term, a back-door is a bit of code which can be built into a program so as to allow knowledgeable people to bypass the normal security mechanisms that control access.

In years gone by, it wasn't unheard of for programmers to include back-doors in their software so as to allow "quick and easy" access to client systems, for the purpose of diagnosis or upgrade. In an era when computers and software were almost a "black art", this wasn't a problem, since few others had the knowledge or skills required to exploit such an opening.

Today however, things are a whole lot different and it's a very brave developer or software vendor that knowingly ships code with such a weakness.

Despite this, there is a growing belief that many of the packages we rely on for our every-day work and leisure activities with computers have back-doors in them, and that the key to these back doors are in the hands of governments and their national security agencies.

Of course everyone loves a good conspiracy theory and it would be tempting to dismiss such talk of "big brother" as just the allegations of someone with an active imagination who is also suffering a little paranoia.

However, in these days of the War Against Terror (WAT), we've already seen numerous examples that sometimes it's the governments who are paranoid and it's the people who really should be concerned about the abuse of their privacy.

For example -- the use of hard encryption is now being cracked down on in many Western nations. Yes, you can use it -- but if you refuse to hand over your decryption keys when asked/demanded to by the authorities, you can find yourself spending a long time in prison for your defiance.

And now, in this piece running on CNN it's claimed that the Chinese hackers who attacked Google did so by exploiting a similar government-mandated back-door facility that is built into GMail.

Should we be worried?

Several years ago, speculation was rife that Microsoft's Windows also carried a back-door facility, designed to allow US security organisations to effectively access any Windows-based computer in the world, as soon as it went online.

Microsoft denied the allegations, but not everyone was convinced and the Google revelations may well revive the debate in respect to Microsoft's compliance with US-government demands for unfettered access to the world's computers.

Of course the smart terrorist, criminal, dissident, or whatever, is using open-source software and would thus be free of any covert snooping by such hidden mechanisms -- or would they?

Did *you* compile the copy of Linux you're currently using?

Even if you did compile it, did you scan every line of source to check for the existence of back-door code.

Even if you did scan the source, did you compile and build your own libraries used in that build?

Even if you did compile your own libraries, did you scan every line of source in those libraries to check for back-door code?

Even if you did check the library code, did you compile your own compiler.. etc, etc (almost ad-infinitum).

Then there's the hardware...

Intel, being a US-based company, will be required by federal law to comply with whatever directives are handed down by the government and if that includes the integration of some back-door trigger into the very silicon they ship then so be it.

And, even if you dredge your own sand, refine it into solid crystals of silicon, slice them into wafers, etch them with the pattern of a billion semiconductor junctions, etc, etc, so as to build your own hardware from scratch -- there's a lot of hardware and software between your computer and the websites/mailservers to which you connect.

In short -- there's just no way to keep your data private once you go online.

On the other hand, get over it!

Unless you are a "person of interest" to the authorities, the back-door(s) that may or may not exist on your system will never be activated and for that reason, their existence is unimportant.

Unless (of course) some savvy hacker works out how to exploit them.

But hey, that could never happen. These things are so well hidden and protected that, just like Microsoft's auto-update system, they are invulnerable to hacking.

And forget about the China/GMail thing -- that was just bad luck -- right?

How do you rate the chances that the system you're using has one or more hidden back-doors built into the software that runs on it?

If you simply downloaded the Ubuntu Linux CD image and installed it on your computer, how can you be sure that it isn't compromised in the same way that MS Windows could be?

In fact, what percentage of Linux users have checked every line of source used to build their system and tools before compiling, then built the whole thing from that source?

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Change Font