Bruce Schneier’s new op-ed in CNN regarding government-mandated secret backdoors in communication software and equipment, and how Chinese government may have misused a (possible) backdoor in Google’s GMail that was designed to allow remote access to the U.S. government, doesn’t come as a surprise. It’s just funny how badly secured those remote access capabilities are, and how easily they can be used by third parties.
Maybe one should compile a worldwide list of such government spyware, how to use them, and most importantly, leak it on Wikileaks? But would doing this be ethical? Why does this last question reminds me of Isaac Asimov’s great short story “The Dead Past“?
Update 2010/02/22: Bruce Schneier took back his assertion on 2010/02/08:
The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it’s true.
The whole concept of government mandated backdoors is still deeply flawed though, and the NSA working with Google isn’t helpful either, even if the NSA are (usually) the Good Guys(tm), and Google tries to abide by its motto “Don’t be evil.”