The safest option is EU software!
Last week we learned that Kaspersky antivirus software was used by Kremlin to search computers all over the world for files with interesting signatures. There are lots of stories about backdors in important software — here for example is an article about eight security backdoors that helped kill faith in security, earlier we heard about trojans in Chinese hard drives and even in wifi enable kettles.
I don’t think anyone with a bit of imagination finds that surprising. In all of the stories linked above there is no hard proof and all the alleged perpetrators deny any wrongdoing, and they even might be right — because in the our connected world it is possible to place a trojan in a code repo remotely, or even someone can do it inadvertently by mistyping the name of a popular library. For governments it is just too tempting — they have plausible deniability, and the tool is so powerful.
But not all governments act in the same environments. We had recently an abundance of remote espionage stories —not only the linked above about one specific method — but also the all the others from the Sony hack to the alleged interference of Russia into the USA elections. There were diplomatic protests and some media outcry — but China and North Korea and Russia just did not care. The Snowden affair shows that the USA maybe cares a bit about public opinion (but not too much) but not at all about any political pressure from the NSA targets. On the other hand some small countries would be too easily pressured by their big partners. In EU the situation is different. It is big enough to stand on its own and also — the countries are interconnected and dependent and vulnerable to each other — they cannot afford to alienate their peers, and any unilateral action — like planting backdoors in software without cooperation with all other EU states would create a big scandal. But it would also be very hard for all the governments to agree on any big scale secret operation.
EU is big enough to have significant internal market, is united enough that pressure from peer countries is an important force, but not enough for conspiracies between countries, it also has good privacy laws — it is a good place to produce secure software.
