Mark van Walraven
mvw at wave.co.nz
Sat Sep 7 22:09:32 PDT 2013
On Sat, Sep 07, 2013 at 09:14:31PM -0700, Greg KH wrote:
> But what else needs to be worked on? What gaps do people feel we have
> that are cauing problems that we can solve with technological measures,
> not just legal ones?
How can I trust my hardware and the firmware therein? If it's so hard to
check that Huawei haven't embedded snooping mechanisms in the chips and
use covert channels to export the data, how can I trust Intel or AMD or
Broadcom or Marvell? Covert channels can be subtle and during the cold
war the intelligence agencies did some amazing work in detecting data
embedded in what seemed to noise. Is there some way to crowd-source
counter-espionage? Can we automate "many eyes" to detect snooping?
Open hardware with quartz windows on the IC packages would be nice, but
then I'd still want a way to validate that what I had was the same as
what some transparent authority had declared to be a clean implementation.
Difficult with commonly-available equipment, but perhaps it could be
common enough to make spy(hard)ware difficult and risky to deploy.
My life and work are undoubtedly painfully uninteresting to any
intelligence service, but the disrespect for my privacy rankles me;
I would pay significantly extra for a clean platform.
More information about the linux-elitists