Ask HN: Have you ever helped a company build a back-door?

36 points by ljd ↗ HN
I think if any collection of people has experience with building highly available systems that scale to millions of concurrent queries that the NSA would need to get this kind of data it would be the crowd that frequents this forum.

Query:

Have you ever worked in any capacity on a feed that was designed to authenticate only a select number of users and could massively access core private data on an external level for one of these companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple?

For instance, if you were tasked at Apple with creating an API for iMessage that could access anyone's message history without direct access from that user. I understand that if it was used for nefarious purposes you might not be told but I'm curious if such software is even being written.

Before we jump to crucifying these internet companies it would be interesting to see if there are any engineers here that have even worked on such systems for one of the alleged companies.

An API that the NSA could call to get search queries by IP address or user from Google would require massive infrastructure, these kinds of systems are not built by Sergey Brin on the side but more often by large teams.

6 comments

[ 2.8 ms ] story [ 19.5 ms ] thread
If someone had worked on such a thing, they probably wouldn't want to share it, permanently, publicly, even if it's not a well-kept secret. Posting about it only invites criticism and judgement.
I've spoken with younger engineers who work on internal systems at Google in NYC and they mentioned working on systems that help the legal department find problems, etc. I wouldn't be surprised if it was under such a guise that these things can be retrieved.
Typically those sorts of things are required for compliance purposes.

Stockbrokers (broker-dealers) are required by the SEC to record all text-based electronic communications, keep 7 years worth of backup on write-once, read-many media (e.g. DVD), and upload copies to a third party (to prevent "sorry, sir, the dog ate all the emails where the traders were talking about rigging LIBOR"-style excuses).

I assume there's something similar for US-listed companies, thanks to Enron.

See: CALEA See: Cisco "Lawful Intercept" feature
not quite the same ballpark, but many years ago I helped write testing code for the backend of a states drivers license creation system.. there was a back door for feds/cia to make any license they wanted. I imagine all states probably have that..