Quotulatiousness

October 12, 2024

Government-mandated backdoor access – “weakening security for anybody weakens it for everybody”

Filed under: China, Government, Law, Technology, USA — Tags: , , , — Nicholas @ 03:00

After all this time, it’s no surprise to discover that unlike the police — who theoretically only use these government-required “backdoors” with a legal warrant — foreign hackers have been merrily using these “law enforcement tools” for their own purposes:

“I Hear You wiretapping poster, Mad Magazine, NYC” by gruntzooki is licensed under CC BY-SA 2.0 .

For as long as law enforcement has sought a way to monitor people’s conversations — though they’d only do so with a court order, we’re supposed to believe — privacy experts have warned that building backdoors into communications systems to ease government snooping is dangerous. A recent Chinese incursion into U.S. internet providers using infrastructure created to allow police easy wiretap access offers evidence, and not for the first time, that weakening security for anybody weakens it for everybody.

Subverted Wiretapping Systems

“A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests,” The Wall Street Journal reported last week. “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data.”

Among the companies breached by the hacker group, dubbed “Salt Typhoon” by investigators, are Verizon, AT&T, and Lumen Technologies. The group is just one of several linked to the Chinese government that has targeted data and communications systems in the West.

While the Journal report doesn’t specify, Joe Mullin and Cindy Cohn of the Electronic Frontier Foundation (EFF) believe the wiretap-ready systems penetrated by the Chinese hackers were “likely created to facilitate smooth compliance with wrong-headed laws like CALEA”. CALEA, known in full as the Communications Assistance for Law Enforcement Act, dates back to 1994 and “forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls,” according to an EFF guide to the law. A decade later it was expanded to encompass internet service providers, who were targeted by Salt Typhoon.

“That’s right,” comment Mullin and Cohn. “The path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers.”

Ignored Precedents

This isn’t the first time that CALEA-mandated wiretapping backdoors have been exploited by hackers. As computer security expert Nicholas Weaver pointed out for Lawfare in 2015, “any phone switch sold in the US must include the ability to efficiently tap a large number of calls. And since the US represents such a major market, this means virtually every phone switch sold worldwide contains ‘lawful intercept’ functionality.”

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress