PC makers should be liable for security flaws in their products - J. Zimmermann

Amidst one of the biggest Data thefts ever by a gang of Russian cyber criminals, part of the blame falls on smart phones and computer makers, who have designed products that are not fully understood by many of their users.

The same products can be manipulated by hackers and intelligence agents, Jeremie Zimmermann, spokesperson and co-founder of La Quadrature du Net, which defends fundamental freedoms online, tells RT.

RT:How dangerous is this virus? What is it capable of?

Jeremie Zimmermann: It is apparently the first time that we see on such a large scale a computer virus spreading on these so-called smart phones and that apparently is quite sophisticated and allows someone to obtain information from somebody else’s pocket computer. Apparently this allows for the collection of banking details, SMS pictures. The real news here is the scale and sophistication of the attack, but by itself it is not really surprising.

RT:Do you have any idea how the virus works and what can consumers do to protect themselves?

JZ: What I can tell you is that such a spread of a virus is made possible for several reasons.

First of all because people don’t care about their computers’ security. Whether it’s on a laptop or desk top computers, or whether it’s on pocket computers, it’s the same, people don’t really have the notion, don’t really realize how important computer security is. Maybe because they don’t realize how much of their lives are in the computer already. And also because they don’t have the means [knowledge] of how it works.

Therefore there is a very high responsibility from the manufactures of the devices, whether it’s the hardware or the software manufactures. In fact, over the last years they’ve been turning those pocket computers into black boxes that we cannot open, with an operating system that we cannot control, that we cannot chose which kind of application we will install.

This closedness [sic] of a device enables on one hand surveillance by governments as we have seen by the NSA revelations by Edward Snowden, and on the other hand it enables these kinds of attacks where the user cannot suspect and cannot do anything.

RT:So what can users do then? As according to you they are powerless?

JZ: As long as those devices are black boxes where their manufacturers will take efforts into blocking their users from understanding how it works, when the closedness [sic] of the hardware and software will be a business model, then we have very little means to protect ourselves, and we will have to trust these companies to push [through] a new update sometimes.

Maybe citizens could demand from those companies, maybe governments could work as well to provide new tools based on free open-source software that everyone can understand and control, because this is the only way the users can [ensure] computer security for themselves. It is by being able to understand the computer and the software and what it does that you can someday choose what type of security [you need], but those types of tools must be available.

RT: Do software manufactures need to be forced to take consumers’ privacy more seriously?

JZ: In the light of the revelations on the NSA, and in the light of such large-scale attacks as the one we are talking about, we must demand the means to take control of our devices and computers, whether it is a desktop, laptop or pocket computer. It is about computer security, but in the end it is about our privacy, our lives being bound to the machines; therefore we are entitled to this right.

When a car or kitchen equipment manufacturer produces equipment that has a flaw, which is dangerous then it is normal that users can request damages to be paid, that those people be held liable for the flaw in their product. There is no such liability with software and hardware manufacturers when it comes to computers, so maybe this is also an area we could think about.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.