Speaking Engagements & Private Workshops - Get Dean Bubley to present or chair your event

Need an experienced, provocative & influential telecoms keynote speaker, moderator/chair or workshop facilitator?
To discuss Dean Bubley's appearance at a specific event, contact information AT disruptive-analysis DOT com

Wednesday, December 03, 2008

Government remote access to data on PCs (and phones?)

Only the other day, I mentioned that the European Union's interventions in areas of technology should be restricted to consumer and competition issues, as it patently doesn't understand the subtleties of computing and communications.

The Register has a great example of European inadequacies and worrying authoritarianism. State authorities installing trojans on peoples' PCs to enable remote searches. I presume that the same philosophy would be applied to smartphones as well.

Luckily, the concept fails on so many practical and technical levels, we probably don't need to get too worked up about it just yet - although continued vigilance against creeping State invasion of data privacy is pretty important.

Some obvious flaws in the concept:

  • How this software is installed on PCs in the first place
  • PC security software
  • Separate hardware firewalls (eg in corporate networks - I can just imagine them being reprogrammed to allow external agents to peer inside PCs on the LAN)
  • Threat of these trojans being subverted by other malicious users
  • How this would work with roaming users - would the government have the right to snoop on visiting Chinese users' PCs? Or would your PC's data continue to be visible when you were outside Europe?

According to El Reg, it is the Germans who are most keen on this approach.

Of course, here in the UK, if the government wants to know what's on your PC or BlackBerry, (for example if you're an opposition MP receiving embarassing leaks), it's much easier just to take a leaf out of Robert Mugabe's book and arrest them and physically seize their computers and phones.

1 comment:

alex said...

Actually, so called "Federal Trojan" ("Bundestrojaner") has been common practice in Germany for years already, with lot of discussion whether this is or should be legal.
What I remember without googling:
- SW is installed remotely via "rootkits", ie. exploiting known security holes in PC operating systems. Especially Windows is full of those.
- HW firewalls / corporate networks: not sure, but maybe corporations are not the prime target for the authorities. Or maybe additional techniques are used to overcome firewalls.
- "Roaming": Usually, local laws apply to foreigners while in territorial boundaries. So probably the authorities dealing with inner security (German "FBI") are obliged to stop accessing a foreigner's PCs when out of Germany. However, the secret service (German "CIA") probably has more leeway.

Main technical flaw in my view is that the more able criminals can use hardened Linux PCs. This leaves the authorities to catch the many "small fish", which at least will bring up their success statistics.