08 January 2009

Security Vendors Will Log the Police Keyloggers

Kudos to Kaspersky Labs and Sophos: they understand that once you compromise a computer's security, there *is* no security:

The Home Office on Friday said it was working with the European Parliament on plans to extend police powers to conduct remote searches of computers. UK police already have the power to hack into suspect systems without a warrant, due to an amendment to the Computer Misuse Act, which came into force in 1995.

However, security vendors Kaspersky Labs and Sophos told ZDNet UK that they would not make any concession in their protective software for the police hack.

...

Em said that while police could provide details of the software it used so Kaspersky could avoid blocking it, the police software could also be used by cybercriminals. "While we wouldn't want to scupper police attempts to catch bad guys, police [hacking] software could end up in the wrong hands," Em said.

Kaspersky would not put a backdoor in its software to enable the police to bypass its protections, Em added. "If we provided a backdoor, it could be used by malware authors," Em said. "People would be able to drive a coach and horses through our security."

Once again, the experts have spoken: will the politicians listen? (Will they, heck....)

4 comments:

Roger Lancefield said...

Good on Kaspersky Labs and Sophos (assuming their word can be taken on trust).

We're all in the crosshairs. I give it 12 months before the first attempt occurs somewhere to outlaw (or at least control) Linux and other non-proprietary software.

I suspect that some software or hardware dongle (or comparable measure) will be insisted upon before users will be permitted to connect to the Internet legally. Legislation will be passed that will prohibit the use of OSes/software on public networks if the government is unable to get unfettered access to that software. It will all be justified by citing the importance of combating the usual suspects: terrorists, fly tippers, owners of hooky copies of Photoshop and Word, etc.

If the government (probably with the encouragement and support of Big Content) could pull that off, the pincer movement will be complete and computers will be reduced to nothing more than government monitored, proprietary media players and word processors.

Sorry for the gloomy prediction, it's a scenario that's almost too depressing to contemplate. But recent legislation, general government attitude and soft, ineffectual responses from the software using community really have made me fear the worst.

I briefly talked to Mark Shuttleworth about this question at the Intrepid Ibex launch party in London back in October. He stated his belief that Linux had too great a foothold and was backed by too many mega-corps, IBM, Google, et al, to be particularly vulnerable. (His final word on the matter was to flash me a mischievous smile and to say "Besides, it's not what Jesus would want" ;-)

Our brief conversation should have been reassuring, but for once, I'm not sure that I agree with him. I'm not convinced that Linux is as invulnerable as most of its users (and I'm one of them) assume. I suspect that relatively simple measures, if supported by law, could seriously compromise its status as an un-restricted alternative.

It goes without saying that I welcome being proved utterly wrong on this.

glyn moody said...

I agree, this is my big fear too. But I think it's a race against time: if free software becomes sufficiently embedded in society and - especially - business - we may be OK.

Or maybe not....

Anonymous said...

quote: UK police already have the power to hack into suspect systems without a warrant, due to an amendment to the Computer Misuse Act, which came into force in 1995.

What's stopping them from perpetrating misuse/abuse ... so who polices the police, and who polices the policers of the police and when does that downward spiral end?

glyn moody said...

Nothing.