Technical Adversary

ARLINGTON, Va. -- Activists have long grumbled about the privacy implications of the legal "backdoors" that networking companies like Cisco build into their equipment--functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.

In a presentation at the Black Hat security conference Wednesday, IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims' online behavior.

"We need to balance privacy interests with the state's interest in monitoring suspected criminals," says Cross. "There's long been a political debate about where that balance should be. But there are also these serious underlying technical problems."

This seems to be another sticky lesson. Access to technology is difficult to manage when granted in a covert channel.

I realize that many people would object to my term in the context of agency or law enforcement access, but let us be honest with ourselves. Isn't that what this is?

Centralized authorization and role management is difficult enough to manage and monitor without vendors backdooring customer or carrier equipment.

Clearly access methodology needs to improve, controls become stronger, and utilize strong authentication.

Recent events food for thought:
Surveillance Can't Make Us Secure
Google attack part of widespread spying effort