Wednesday, November 28, 2018

Show us the backdoor

Today the GCSB banned Spark from using Huawei equipment in its planned 5G network. The ban was imposed for "national security" grounds, but naturally there's no details. So we're supposed to believe that Huawei gear is too dangerous to be used in our networks, but we are forbidden from knowing how to fix it.

This is simply bullshit. If Huawei gear is backdoored to e.g. route traffic back to Chinese state security agencies so they can read it (you know, like US stuff is), then the best way of protecting our security is for the details of those problems to be widely publicised, so that they can be fixed. There's no benefit to the public in keeping security flaws secret. The only people that benefits are the people who want to exploit those flaws: hackers, criminals, and spy agencies like the GCSB (or more likely, their foreign masters, the NSA). And if exposing Chinese backdoors causes the NSA's Chinese equivalent to expose American ones, allowing them to be patched, then again, we all benefit.

More generally, exposing and publicising bugs and security flaws makes the world a safer place. An agency genuinely interested in our security would do that. The fact that the GCSB doesn't - well, you can draw your own conclusions about their purpose.