No need for backdoors when the front door is perfectly legal. The need to monitor for bad actors is still correct, though; mostly because they skimp on development costs and penetration testing. Like they say, “never attribute to malice that which is adequately explained by incompetence.” Or in this case, slashing budgets.
What would the “front door” even be in this case? What comes to my mind is the corresponding app on your phone, but that doesn’t really make sense in this context.
In this case, the “front door” would just be not hiding it. Normal, un-hidden APIs. A back door is usually something that the developer includes without informing the user, but they don’t need to be surreptitious; there’s no legal reason to pretend that they’re not collecting the data, and unless you’ve built your brand on privacy and security, there’s no business reason to do so either in the current cultural climate.
And given that the appliance needs to communicate with the app on your phone while you’re not home in the first place, there probably isn’t even a separate tracking API vs. data just being harvested as part of normal operations. So “back door” doesn’t really fit. “Broken by design” or “spyware” would be more apt, I think.
Still, I’m really not a fan of calling any spying/data harvesting a “front door” – IIRC, the term was coined by an FBI head pushing for back doors in our phones so the FBI could scan our messages. But he called it a “front door” as a way to dodge the reasons why building back doors in our security software is a terrible idea.
It’s just another step in the terrible trend of “let’s pretend that this horrible idea is ok if we just rename it” :(
No need for backdoors when the front door is perfectly legal. The need to monitor for bad actors is still correct, though; mostly because they skimp on development costs and penetration testing. Like they say, “never attribute to malice that which is adequately explained by incompetence.” Or in this case, slashing budgets.
What would the “front door” even be in this case? What comes to my mind is the corresponding app on your phone, but that doesn’t really make sense in this context.
In this case, the “front door” would just be not hiding it. Normal, un-hidden APIs. A back door is usually something that the developer includes without informing the user, but they don’t need to be surreptitious; there’s no legal reason to pretend that they’re not collecting the data, and unless you’ve built your brand on privacy and security, there’s no business reason to do so either in the current cultural climate.
And given that the appliance needs to communicate with the app on your phone while you’re not home in the first place, there probably isn’t even a separate tracking API vs. data just being harvested as part of normal operations. So “back door” doesn’t really fit. “Broken by design” or “spyware” would be more apt, I think.
Still, I’m really not a fan of calling any spying/data harvesting a “front door” – IIRC, the term was coined by an FBI head pushing for back doors in our phones so the FBI could scan our messages. But he called it a “front door” as a way to dodge the reasons why building back doors in our security software is a terrible idea.
It’s just another step in the terrible trend of “let’s pretend that this horrible idea is ok if we just rename it” :(