Sign up to our newsletter
The latest security news direct to your inbox
Whether you like it or not, the authorities would like to see what people are saying to each other online.
It is, of course, a controversial issue with strongly held opinions on both sides.
Law enforcement and intelligence agencies argue that having insight into private conversations on social media sites like Facebook, via email and instant messaging chats, could help them gather information about organised criminal gangs and perhaps prevent a terror attack.
Many others, especially in the wake of Edward Snowden’s revelations in the last 12 months, believe that the authorities have overstepped the bounds of their authority by secretly monitoring conversations, hacking into innocent companies, weakening encryption standards, and even planting malware on IT hardware as was shipped to customers from manufacturers.
Aside from issues of the individual’s right for privacy and the need for transparency as to how our governments are choosing to treat the citizens who voted them into power, concerns have been expressed that big software companies might have worked in cahoots with the likes of the U.S. National Security Agency.
After all, wouldn’t it be much easier for the NSA to spy on communications sent via the internet if the very companies who created the software that facilitated, say, instant messaging or video chats, had built in a secret backdoor?
Unfortunately, any method to waltz past security (whether it be by exploiting a known weakness in a encryption standard or some secret method that grants a third-party access) could potentially be exploited by far more than just the law enforcement authorities.
In short, building a way to wiretap internet communications can lead to less secure systems for all of us.
So, I was pleased to see Scott Charney, Corporate Vice President for Microsoft’s Trustworthy Computing Group, confirm in a panel appropriately entitled “Striking the Right Balance between Security and Liberty” that his company has never been asked by the US government to backdoor its products, and if they ever were they would fight it “tooth and nail”:
Greg Miller, National Security Correspondent, The Washington Post posed the question:
Greg Miller: Can you tell us whether, in addition to the government being able to compel a company like yours to turn over data that is transiting through your networks, can it also compel you to change your code? Can it compel you to change your products to enable it to get access to products like Skype?
Scott Charney: So, one, they have never done that, and two, we would fight it tooth and nail in the courts. So, under the wiretapping statute in FISA you can be compelled to provide technical assistance. But if they said, for example, put in a backdoor or something like that, we would fight it all the way to the Supreme Court.
Look, if the government did that – and I really don’t think they would – it would be at the complete expense of American competitiveness. If we put in a backdoor for the US government we couldn’t sell anywhere in the world – not even in America.
It’s clear that Microsoft has been rattled by newspaper stories revealing the scale of its information sharing with the NSA, and is keen to differentiate between court-ordered requests from agencies that follow legal processes and software backdoors.
Last month, on the anniversary of Edward Snowden’s first revelations about NSA snooping, Microsoft called for the US government to reform the NSA by ending the bulk collection of telephone record data, committing not to hack data centers and to increase transparency.
Whether Microsoft is doing this because it genuinely believes this is the right thing to do, or because it realises it faces huge commercial hurdles if it is perceived to be in the pocket of the NSA, doesn’t really matter. I suspect it’s a bit of both.
I’m just pleased that they seem to be sticking up for us.
If intelligence and law enforcement agencies have a genuine need to spy upon some communications then it should not be via a backdoor that could put millions of innocent, law-abiding users at risk.
Author Graham Cluley, We Live Security