Nobody Saw This Coming: Now China Too Wants Company Encryption Keys And Backdoors In Hardware And Software
from the zone-of-lawlessness dept
A concerted campaign among officials on both sides of the Atlantic to attack strong encryption has intensified in the wake of the Charlie Hebdo killings. Most recently, we've had a leak of a document in which the EU's "Counter-Terrorism Co-ordinator" recommended that Internet companies should be forced to hand over their crypto keys; and now Leslie Caldwell, an assistant attorney general at the US Justice Department, is reported by Vice.com to have made the following comment:"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices."As Techdirt has noted before, this narrative plays right into the hands of repressive governments around the world, which can simply point to the West's argument, and say: "We agree." So it will not come as a huge surprise to readers of this site to learn that when it comes to demanding encryption keys and backdoors from computer companies, China now agrees:
She said that she hopes Apple and Google will consider building in back doors that will allow the companies to decrypt the phones if they are physically mailed back to the manufacturer.
The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars' worth of business in China.The New York Times article quoted above gives more details, drawing on a chart that lays out the new requirements for companies wishing to sell equipment to the Chinese banking sector:
For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.Although there is a clear protectionist element to many of these, as well as a desire to take a look at Western source code, the boldest demands -- those for backdoors and encryption keys -- are identical to what the US and EU are implicitly calling for. And so, once again, there is no way for the West to claim the moral high ground here, which inevitably undermines any protestations it might make about China's decision to follow its example.
The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build "ports" to allow Chinese officials to manage and monitor data processed by their hardware.
The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, china, encryption, mobile encryption, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Well, duh!
As a government driven by Enlightenment values of personal liberty, the US wants encryption keys and backdoors so they can keep an eye on what everyone is doing, whenever they want to, so they take care of any "threats" to their security.
No one sees the difference?
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
"A government driven by enlightenment"
[ link to this | view in thread ]
They're no longer software developers, they're now 'freedom fighters', fighting to protect common everyday practices like encryption, etc.
[ link to this | view in thread ]
Is it the repressive governments who are like our own, or our government that is like the repressive ones?
[ link to this | view in thread ]
Re: "A government driven by enlightenment"
[ link to this | view in thread ]
Look at the can of worm Mr. Comey, Ms. Caldwell, and PM Blair has opened up. Every repressive dictatorship in the world will demand their own backdoor access to all encrypted communications. Their insatiable lust for mass surveillance has made everyone in the world less safe and completely insecure.
Russian, China, and Iran will hack US backdoors in American technology. America will try to hack back against those countries backdoored technologies. Hacktivist groups will be hacking the backdoors of every country that has backdoors.
I hope Western companies are prepared to have their source codes copied by foreign nations. Thanks to the NSA, nobody trusts American technology anymore. So much for secret 'Intellectual Property' rights. The NSA shot the dream all to hell with their mass, untargeted, spying agenda.
Way to go backdoor/mass surveillance enthusiasts. You just screwed over the entire human race for generations to come.
[ link to this | view in thread ]
Lets unpack this
They forget that China and other countries are starting to say "Don't use software with American back doors"
[ link to this | view in thread ]
Unclear on the concept
No. You don't. Not even a little bit.
[ link to this | view in thread ]
Somebody has not thought this one through.
[ link to this | view in thread ]
Only one answer
[ link to this | view in thread ]
Whats good for the goose is good for the gander
[ link to this | view in thread ]
fun
[ link to this | view in thread ]
klmat
[ link to this | view in thread ]
Re: "A government driven by enlightenment"
And "personal liberties"? Many disappeared a long time ago.
[ link to this | view in thread ]
Governments position amusing...
[ link to this | view in thread ]
The price of used mechanical typewriters just soared.
[ link to this | view in thread ]
Re: Re: "A government driven by enlightenment"
And "personal liberties"? Many disappeared a long time ago.
"It's not a lie, if you think it's true".
- A. Vandelay
I think that sums up the past 13 years nicely.
[ link to this | view in thread ]
That's why they're called "hackdoors"
[ link to this | view in thread ]
Re: Lets unpack this
I'm not so sure about that. If Chinese equipment manufacturers build in back doors, there is a clear benefit to US spies as they can use the back doors as well -- and without getting US citizens quite as on edge as they would be if the US required the back doors to be in place.
[ link to this | view in thread ]
No, no, you really dont, if you did, you would have stopped there
[ link to this | view in thread ]
No, no, you really dont, if you did, you would have stopped there
[ link to this | view in thread ]
A boon for open source...
[ link to this | view in thread ]
This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst........its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is
Uk, us, canada,australia,france,korea,china......god knows how many...........the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy..........it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)
Short of a global revolution(harder)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst........its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is
Uk, us, canada,australia,france,korea,china......god knows how many...........the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy..........it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)
Short of a global revolution(harder)
[ link to this | view in thread ]
Re: Only one answer
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Only one answer
[ link to this | view in thread ]
>
[ link to this | view in thread ]
Re: A boon for open source...
The other half is to take at least some of that money your company would have spent on the proprietary software and donate it to the FOSS tools you are using.
It doesn't have to be a cash donation (in case the project doesn't really have a project manager in charge of financials, like, say, OpenSSL); offer to pay a developer's salary. Offer to pay for infrastructure and set it up.
For some projects, a year of salary or infrastructure might still be cheaper than licenses. For others you could band together with a few other companies and form a joint subsidiary (or whatever) and pool your money.
[ link to this | view in thread ]
the even bigger question is what will be done when these back doors that the likes of that idiot Cameron wants inbuilt are exploited by God knows who and does serious damage to God knows what industry? will he/they be personally held liable? he/they damn well should be! it would be a variation of a theme of ISDS!!
[ link to this | view in thread ]
Re: Re: A boon for open source...
It has to go both ways - but at least with FOSS, the users have some say in the matter, whereas with proprietary solutions, there's no telling what deals and backdoors have been made with governments.
[ link to this | view in thread ]
[ link to this | view in thread ]
You heap what you sow. Deal with the unintended consequences of your idiocy, West.
[ link to this | view in thread ]
Re: Re: Lets unpack this
My guess is that most of these agencies/gov'ts will want their own backdoor.
Remember: if 5 agencies have a (different or same) key to the same door, there are 5 possible sources for leaks and everybody is affected by the closing of the 1 backdoor. If everybody has access via a different door, it doesn't matter if the other guy's door gets boarded shut/exposed and removed...
[ link to this | view in thread ]
Re: Re: Re: Lets unpack this
Not really. I'm seriously considering the possibility that it's easier for them to use a backdoor that already exists in Chinese equipment than to figure out a way to trick Chinese companies into putting another backdoor in.
[ link to this | view in thread ]
Remember how the Professor would sometimes set up fake equipment for Gilligan to knock over, thus sparing the real experiment? That.
[ link to this | view in thread ]
Re:
They do indeed, and know it from experience. In the Good Old Days, it was common practice to build developer back doors into software that included access controls so that they didn't have to worry about them when they needed to enter the system post-deployment in order to fix things.
The industry did a complete about-face on the practice quite a while back when it became apparent that the chances of a back door being discovered and abused was very high, no matter how obscure or hard-to-use the backdoor was.
[ link to this | view in thread ]
Re: The price of used mechanical typewriters just soared.
[ link to this | view in thread ]