top | item 5846258

(no title)

anonyfuss | 12 years ago

The 'back door' system support isn't as complicated as you make it out to be. Centralized administrative access to user data must exist for support, maintenance, and legal purposes, and it will be implemented throughout the organization without anyone batting an eye.

In addition, internal analytics systems will have reason to tap into data streams/events, as will content-based advertising systems.

All of these things are often designed to provide general interfaces; locking them down is done through generic privilege levels and access controls. The people managing those access controls are few, and may not even know the true purpose for the controls they've authorized. Indeed, someone could requisition the insertion of a content analysis system that was fed user data, appeared to be a legitimate deployment, and yet was actually a core service used to push data to the government.

discuss

No comments yet.