Foreign Governments Coerce Tech Firms to Share Source Code
What does this mean for Kenyans?
The chances of anyone alive and kicking in Kenya today having come across the phrase “We live in a global village” are very high.
And while one could go on and on about the numerous advantages that this portends for us as a people and a nation, worrying developments around the globe are also as much as likely to affect us and how we carry on our business.
The latest in a series of shocking news is the demand by various governments that private technology companies share their source code with them if they want to be allowed to continue business operations in their countries.
The reviews on software such as anti-virus applications, firewalls, and other products containing encryption are to ostensibly make sure no backdoors exist in them that could be used for spying.
Technology giants such as IBM, Cisco, Hewlett-Packard Enterprise, MacAfee, and SAP have already granted Russian agencies access to proprietary information. Others such as Telegram and Symantec have so far refused to comply with these demands.
The secure messaging service provider Telegram has, in particular, been accused of facilitating terrorism following repeated unsuccessful attempts to have it give up sensitive data.
China is also requesting companies to allow it to review their source code before their products can enter the Chinese market.
The Americans have also recently joined the bandwagon, and Kaspersky Labs, the vendor of Kaspersky Antivirus, is as far as we know the first on the block.
The risks of sharing source codes with any government remain the same. Governments get a chance to locate loopholes or security vulnerabilities in the affected software that they would not otherwise find. While this would ideally not be a huge issue, recent reports indicate that these governments are primarily interested in hoarding such vulnerabilities to use in cyber attacks or as cyber weapons.
The WannaCry ransomware is a case in point, having been traced to a cache of tools that America’s NSA had stockpiled. Russia, on the other hand, has been accused of breaching Yahoo email, among other attacks.
As for the Chinese, their conflict with the Obama administration over cyber attacks is well documented.
All this is coming at a time when lawmakers in the UK are increasingly advocating against encryption as part of a larger plan of ‘regulating the Internet’.
We can only wonder how far these governments are willing to go to compromise the integrity of security and other software products as they make it a requirement that companies must gain trust and market access via source code access.
Perhaps Prime Minister Theresa May’s pledge to change human rights laws if they get in the way of the war on terror is an excellent pointer to where we, as a global community, are headed.
As the right to privacy and the freedom of expression continue to be assailed from all sides, it would appear that the terrorists that the citizens are being protected from are winning the war anyway. Watch this space.
(This article has been written by Evanson Kariuki, a Journalist, Analyst and Tech Writer)