A software compromise detection and alert system that detecting attacks against software clients and alerts clients and servers of any compromises.
Such a system may be implemented so that client software cross-verifies the integrity of other users’ client software, or it may (also) involve servers in the verification process. The entire life cycle of software use should be considered, including distribution, installation, running and updating. A free software library that can be included into any software (free software or otherwise) might be ideal. Such a system must consider the impact of false positives, which may occur due to non-malicious client software corruption, transmission errors during verification or verification bugs.
A key point is that such a system alerts clients and servers about a compromise of the software, not specifically about any Technical Assistance Request, Technical Assistance Notice, Technical Capability Notification (requirements introduced by the Assistance and Access Bill) or other secret legal instrument that may exist, and therefore would not constitute an “unauthorised disclosure.” Furthermore, rendering such a system ineffective would be considered as implementing a “systemic weakness.”