Google installed backdoors in Gmail to aid the Feds – and unwittingly enabled their recent hackers, according to Bruce Schneier, writing at CNN. Schneier is one of the best thinkers out there on security in all its forms; he got his start literally writing the book on computer cryptography.
There’s an important lesson there. The most common threat in the shady world of cyberconflict is espionage – people sneaking in, rooting around, changing thing or stealing information, and getting out again. Building in backdoors – particularly ones that no one is supposed to know about – is asking for trouble.
Spend too long along computer security geeks and someone will sneer that some hapless attempt to lock down a system is “security through obscurity” – that is, you assume no baddies will be able to access your Big Secret because you’re certain that absolutely, positively no one knows about the way to get in.
Put your key under the welcome mat. It’s a perfect hiding place – until someone realizes it’s there. Building in backdoors is similar. If the hackers went in that way, they did so because it was easier or less well monitored. Why? Because Google wasn’t thinking about it as much, or put in shortcuts to aid the Feds.
You’re much better with Mark Twain’s advice – “put all your eggs in one basket – and watch that basket.”
Of course, the sordid story of illegal FBI wiretap access begs the question of how much you can even trust the good guys.