Whitepaper
Backdoors, Easter eggs, errors, licensing

Backdoors

We do not provide back doors into our software. We do provide advanced functionality and we can (or have) provide(d) a list of this functionality to your security personal.

A backdoor is a way into your system that is secret, usually known only by a few people (often 1) at the company that developed the software.

This is distinctly different from 'advanced' access methods that the users (or at least some people in your company) are aware of and can use or block as they see fit. Each release may have new 'advanced' functionality and outdated functionality removed, we do not strive for backwards compatibility in advanced functionality tools although typically we keep ones that have been useful previously.

But we do not permit our developers to put in secret backdoors. Our policy is:

  • first, we forbid true backdoors, all 'backdoor like' features must be documented and provided for our customers security personnel.
  • second, we periodically spot check code looking for purposeful backdoors or for undocumented access points.
  • third, we will take strong action should one of our employees ever put a backdoor type access intending to hide them.

Easter Eggs

Easter Eggs are cute/fun features added into software by developers that do nothing until you hit the right key combination or do something else that would make no sense while using the software for its intended purpose. So for example, a bunny or a bear might pop up on the screen temporarily if this occurs.

Microsoft in 2002 introduced a policy of no Easter eggs, other companies permit them as 'harmless' fun.

While generally considered harmless, it is our policy to not introduce any Easter eggs into MCe. This is partly driven by the use of our software in various governments, including various government militaries, and we simply don't want to have any undocumented 'features' fun and harmless or not. This is decision is also more pragmatically made because, if even one customer asked us to document them all, we would do so, so we simply do it up front and we don't wait to be asked.

Easter eggs by definition are undocumented. There are some things that people think are Easter eggs, such as, in most versions of MS-Word, if you type =rand(), =rand.old() or =lorem() followed by the enter key with "Replace text as you type" on (the default), it will produce several paragraphs of random looking text, but as this is documented in the official MS-Word documentation, it is a feature (having a bunch of text quickly for testing purposes), not an Easter egg.

If we ever decide to put in a 'fun' but 'harmless' feature, an Easter egg like function, we will document it, and currently it would be documented in the "Fun Facts", and since it will be in the official documentation, that means by definition that it would not be an Easter egg.

Errors

One feature we provide, when a true 'error' in our code occurs, we send an email report to our error trapping server. This does not include info like your password (we never store that), but it may include data about the work order or asset that was involved in the error. These are sent to one of our employees that has a confidential status with the Canadian Military.

Sometimes these are caused by internet connectivity situations, and, fortunately very rarely, they occur due to a bug in our code.

We only use this data for the following purposes:

  • To help you recover from an error
  • To find bugs in our code that we can fix.

Many times, with this system, we find and fix the problem before the customer even knows there was a problem.

So far, even the Canadian military has not asked us to turn this off. However we have a switch that can be set for you at no charge if you wish to have this feature turned off. Noting that if this is done, that support costs on things this would have helped with will of course be billed by the hour so to keep costs to a minimum you might wish to have it turned on temporarily when trying to track down problems and bugs.

Licensing

We have licensing compliance information that is sent to us. This does not ever contain a password. This allows us to ensure that licensing is being honored. Without this system we would need a much more elaborate and more expensive solution to achieve the same goal.