Re: <nettime> anti-piracy goons considered harmful

[Francis Hwang <sera@fhwang.net>]

Far be it from me to ever defend Microsoft, like, ever, but I do have 
to take issue with this part of Mr. Ball's argument:

>There is another reason for human rights organizations to eschew Windows:
>verifiability. Whenever death squads make threats against a villager who
>speaks with rights workers, those workers have a moral responsibility to be
>sure their computers are secured with the best technology available. Lives
>depend on it. There is no way to verify the security of Windows: the
>software is secret. Indeed, Microsoft's latest license agreements give the
>company the right to go into computers without their owners' permission (or
>knowledge) to load software and retrieve "technicalg information at
>Microsoft's sole discretion. A hostile government could probably exploit
>these vulnerabilities, reaching through the Internet to break into a rights
>worker's computer, never even setting foot in that person's office.
>
>The only way a human rights organization (or anybody else) can be sure
>there are no back doors into its software is to have an expert remove all
>parts of the program that allow remote access. Clearly, this verification
>would require access to the source code. In practice, the need for
>verification rules out not only Windows but also any other closed-source
>system, including those on Macintoshes and on Palm handheld devices.

There's no question that Microsoft products are generally much less 
secure than anything else, but being able to see the source code does 
you no good if you don't understand it. Computer security is a 
difficult, arcane endeavor. Any human rights organization -- either 
in a developing country or in the U.S. -- would be extremely lucky to 
get their hands on a hacker with the geek-fu to be capable of a code 
audit.

Also, many security breaches don't actually occur because of software 
failures -- they occur because people aren't naturally as distrustful 
about this stuff as they should be. A really expensive security 
system does you no good if Bill picks "bill" as his password. Or, if 
you can call him up at home pretending to be somebody else, and ask 
for his password because you need to look at a file on his machine. 
That's a problem whether you're running Windows or Linux or BSD or 
whatever.

Francis
-- 

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net