> 2. Pre-compromised-at-the-factory smartphones and similar. There's > no reason why these can't be preloaded with spyware similar to CarrierIQ > and directed to upload all newly-created private keys to a central > collection point. This can be done, therefore it will be done, and when > some security researcher discovers it, the usual excuses and justifications > will be made by the designated spokesliars for the companies involved... > which will of course keep right on doing it, albeit perhaps with more > subterfuge.
> Problem #2 is newer, but I'm willing to bet that it will also last > at least a decade and that it will get worse, since there are > substantial economic incentives to make it so. This doesn't only apply to "SmartPhones". The most widely used Operating System (by this I mean Windows) has been issued pre-compromised and has "intentionally implanted compromise via Vendor Update" for many years. It is only unethical when a non-American does it. The excuses and justifications are no different. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
