Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nothing?

I mean, you are already in US-based cloud, so if NSA is interested, they will just request information directly, no backdoors needed.

(This is a good test for your security team, btw: if they say anything other that "we do nothing", you know its all security theater)



But being able to request it and having a built-in backdoor for anyone with a key are different things. It has happened before that the Chinese government figured out network equipment backdoors that were put in for the US government. All your company secrets are there for the taking for anyone with the resources to figure out that backdoor. Especially now that people know it exists. Shouldn't this at least start the clock on expiring this hardware?


Considering the scales of Amazon and Google, and their involvements with US government agencies in the US, I think it is fair to suspect that there is a lot we don't know about...


Very good point. That was the consensus from our team, so I think we're okay.

Ironically, the data we're securing is because of US government requirements. So if the government wants to spy on itself, who are we to say?


The fact that this backdoor could leak and be used by a foreign government needs to be taken seriously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: