The Prism scandal has revealed the collection of data by the American intelligence services. But could other technological players also collaborate with States, thereby deceiving the trust of their users?
This is the question that arises, concerning publishers of antivirus, a coalition of privacy advocates, including crypto specialist Bruce Schneier. In an open letter , they ask the providers of these security solutions to make their past and present practices transparent.
An admission that would rhyme with commercial suicide
According to members of this coalition" several governments plan to grant or have the right to enter computers remotely, both foreign and in order to carry out surveillance as part of an investigation.
To do this, the police will have to exploit software vulnerabilities and install malware. These privacy advocates therefore question the role that antivirus vendors could play in this surveillance.
The open letter asks publishers to specify if they have already detected the use of such software by governments, if they have already been asked to to prevent any detection, and if so what was their response.
Already a precedent: Magic Lantern
Clearly, have anti-virus programs already voluntarily turned a blind eye, at the request or under pressure from States. It is unlikely that American publishers, given their use, will reveal such practices in the intelligence field.
On the other hand, they could do so, if they so chose, with regard to wiretapping carried out by the police. Not sure, however, that in terms of image, they find a clear interest in such transparency.
The question of whether or not antiviruses collaborate with governments is not new. Prism case. In fact, American antivirus providers have already provided such logistical support to the FBI regarding the Magic Lantern Trojan . The name McAfee was mentioned as well.
But do states necessarily have an obligation to work together with antivirus software to ensure the success of their operations? Not necessarily. like Stuxnet and Flame, but also like those at ESEIA in France, demonstrate that it is entirely possible to escape detection by antivirus software and without any help from them.