[box icon=”chat”] I don’t think the US government should use operating systems made in China for the same reason that most governments shouldn’t use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.
In what appears to be open-season on the NSA and Tech Companies, Bloomberg has joined in with a report of their own, implicating that Microsoft provides US intelligence agencies with information about bugs in its popular software before it publicly releases a fix. In other words, Microsoft grants special access to the likes of the NSA to poke around in the nearly 1 Billion users of Microsoft software via newly discovered bugs—long before Microsoft report it to the public and eventually patch the bug.
What this means in practice is that intelligence agencies like the NSA and CIA could potentially be granted near complete access and control to every single machine running Microsoft Windows, including your PC and mine, but also the PCs of nearly every government agency in Malaysia. Potentially, every now and then, the NSA and CIA could be snooping around the data of our local government officials thanks to good ol’ Microsoft, and no one would be none the wiser.
This also may explain how the Stuxnet could have been coded with 4 Microsoft zero-day exploits –that’s 4 with a capital F.
I’m not saying that these agencies ARE spying, I’m just pointing out that they COULD be spying–with relative ease. They’ve already demonstrated their willing to infiltrate the telephone and email networks of the building that houses the European council. If they’re willing to do it to the Europeans, what more us Malaysians?
All of this is in addition to the PRISM revelations, which implicate Microsoft in providing back doors to US intelligence agencies to their cloud offerings. I personally don’t believe such a backdoor exist, but if it did, you’d better be careful on how you store your Microsoft Office 2013 documents–because its seamless integration to skydrive makes it very tempting to store your precious data in the cloud–where those backdoors exist, rather than on your local machine–where the unreported bugs exist.
Of course this begs the question, with these new revelations should the Malaysian Government or any other non-US government look for alternatives Operating Systems for their staff to use? Open Source versions of Linux like Ubuntu are community driven and publish their full source code online–minimizing the risk that certain governments have the upper hand when it comes to bugs and exploits. A similar situation exist for Microsoft Office alternatives in the form of Open Office and Libre Office, and nearly every closed software suite has a opensource alternative, which are good if not better than their commercial sold-for-profit cousins. Apache springs to mind.
This isn’t as paranoid as it sounds. A US congressional Intelligence Committee report released late last year accused Huawei and ZTE of providing opportunities for Chinese intelligence services to tamper with U.S. telecommunications networks for spying. Huawei and ZTE are one of the largest telecommunications equipment manufacturers in the world, the Chinese equivalent of Microsoft in this case. Mike Rogers, the Chairman of the Committee that produced the report told US companies to “find another vendor if you care about your intellectual property; if you care about your consumers’ privacy, and you care about the national security of the United States of America.”
Of course this was prior to the PRISM revelations, so his words didn’t sound as hypocritical and hollow as it does today.
Basically, the world’s most powerful nation is itself afraid of foreign technology supplied to it from China, why shouldn’t we be afraid of tech from the worlds most powerful nation?
To be fair, the Tech giants, including the Business Software Alliance, wrote a letter in response to the report citing that “Fundamentally, product security is a function of how a product is made, used, and maintained, not by whom or where it is made… At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity”