basically tech

71 Who's in charge of your PC? - Part 2

Friday 13th April, 2007

Last year, I posted a link to an article about proposals by the Swiss government to surreptitiously install trojans onto people's PCs.

Now it seems that the German government has similar ideas.

German Interior Minister Wolfgang Schaeuble has confirmed plans to seek a change to the constitution to allow the state secret access to the computers of private individuals, in an interview published Thursday.

"Under certain conditions it must be possible for the Federal Criminal Police Office to search computers in secret," Schaeuble told the Handelsblatt newspaper.

To be honest I felt I was somewhat restrained in my analysis of the previous article. This sort of thing (surreptitious searching of a PC) can happen in two ways:

  • The government secretly installs a trojan
  • The vendor installs a backdoor

The problem with the first option is getting the anti-virus people on board. Only one of them has to step out of line (and proudly boast about it) to stop this from working. So this leaves the second option. With the second option (and with the first option, to be honest), only one or two possible candidate OSes spring to mind. Windows and MacOS. It simply isn't going to happen with Free/Open Source operating systems, because anyone can see the source and adjust it as they see fit. Furthermore, vendors who need to please their shareholders, and desperately want sales would love to have a "government approved" sticker on their product.

Either way, tech-savvy people will find ways around it. It's too risky not to, since crackers will find ways to use these loopholes for their own purposes - if there's a door, there will be a way to open it. By referring to the "tech-savvy", I also mean the people that the German government are supposedly targetting, so ultimately only the "innocent" will be running infected PCs. But as many of these types like to say when civil rights get eroded for political ends, "if you've got nothing to hide ..."

What the article really demonstrates is how stupid politicians and civil servants are when discussing anything other than their own field of expertise, which is politics, not IT. I wonder if the plans allow for police officers' and politicians' PCs to also be compromised in this way.