{"id":91881,"date":"2024-10-12T03:00:58","date_gmt":"2024-10-12T07:00:58","guid":{"rendered":"https:\/\/quotulatiousness.ca\/blog\/?p=91881"},"modified":"2024-10-11T12:22:02","modified_gmt":"2024-10-11T16:22:02","slug":"government-mandated-backdoor-access-weakening-security-for-anybody-weakens-it-for-everybody","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2024\/10\/12\/government-mandated-backdoor-access-weakening-security-for-anybody-weakens-it-for-everybody\/","title":{"rendered":"Government-mandated backdoor access &#8211; &#8220;weakening security for anybody weakens it for everybody&#8221;"},"content":{"rendered":"<p>After all this time, it&#8217;s no surprise to discover that unlike the police &mdash; who <em>theoretically<\/em> only use these government-required &#8220;backdoors&#8221; with a legal warrant &mdash; <a href=\"https:\/\/reason.com\/2024\/10\/11\/chinese-hackers-used-u-s-government-mandated-wiretap-systems\/\" rel=\"noopener\" target=\"_blank\">foreign hackers have been merrily using these &#8220;law enforcement tools&#8221; for their own purposes<\/a>:<\/p>\n<div id=\"attachment_91882\" style=\"width: 402px\" class=\"wp-caption alignright\"><a href=\"https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-91882\" style=\"float:right; padding: 0px 0px 10px 25px\" src=\"https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0-392x600.jpg\" alt=\"\" width=\"392\" height=\"600\" class=\"size-medium wp-image-91882\" srcset=\"https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0-392x600.jpg 392w, https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0-418x640.jpg 418w, https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0-98x150.jpg 98w, https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2024\/10\/I-Hear-You-wiretapping-poster-Mad-Magazine-by-gruntzooki-CC-BY-SA-2.0.jpg 669w\" sizes=\"auto, (max-width: 392px) 100vw, 392px\" \/><\/a><p id=\"caption-attachment-91882\" class=\"wp-caption-text\">&#8220;I Hear You wiretapping poster, Mad Magazine, NYC&#8221; by <a rel=\"noopener noreferrer\" href=\"https:\/\/www.flickr.com\/photos\/37996580417@N01\">gruntzooki<\/a> is licensed under <a rel=\"noopener noreferrer\" href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/2.0\/?ref=openverse\">CC BY-SA 2.0 <img decoding=\"async\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/cc.svg\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" \/><img decoding=\"async\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/by.svg\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" \/><img decoding=\"async\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/sa.svg\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" \/><\/a>.<\/p><\/div>\n<blockquote><p>For as long as law enforcement has sought a way to monitor people&#8217;s conversations \u2014 though they&#8217;d only do so with a court order, we&#8217;re supposed to believe \u2014 privacy experts have warned that building backdoors into communications systems to ease government snooping is dangerous. A recent Chinese incursion into U.S. internet providers using infrastructure created to allow police easy wiretap access offers evidence, and not for the first time, that weakening security for anybody weakens it for everybody.<\/p>\n<p><strong>Subverted Wiretapping Systems<\/strong><\/p>\n<p>&#8220;A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests,&#8221; <a href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b\" rel=\"noopener\" target=\"_blank\"><em>The Wall Street Journal<\/em><\/a> reported last week. &#8220;For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data.&#8221;<\/p>\n<p>Among the companies breached by the hacker group, dubbed &#8220;Salt Typhoon&#8221; by investigators, are <a href=\"https:\/\/securityaffairs.com\/169460\/apt\/salt-typhoon-hacked-us-broadband-providers.html\" rel=\"noopener\" target=\"_blank\">Verizon, AT&#038;T, and Lumen Technologies<\/a>. The group is just one of <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-038a\" rel=\"noopener\" target=\"_blank\">several<\/a> <a href=\"https:\/\/www.justice.gov\/usao-edny\/pr\/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting\" rel=\"noopener\" target=\"_blank\">linked<\/a> to the <a href=\"https:\/\/www.cisa.gov\/topics\/cyber-threats-and-advisories\/nation-state-cyber-actors\/china\" rel=\"noopener\" target=\"_blank\">Chinese government<\/a> that has targeted data and communications systems in the West.<\/p>\n<p>While the <em>Journal<\/em> report doesn&#8217;t specify, Joe Mullin and Cindy Cohn of the <a href=\"https:\/\/www.eff.org\/deeplinks\/2024\/10\/salt-typhoon-hack-shows-theres-no-security-backdoor-thats-only-good-guys\" rel=\"noopener\" target=\"_blank\">Electronic Frontier Foundation (EFF)<\/a> believe the wiretap-ready systems penetrated by the Chinese hackers were &#8220;likely created to facilitate smooth compliance with wrong-headed laws like CALEA&#8221;. CALEA, known in full as the <em>Communications Assistance for Law Enforcement Act<\/em>, dates back to 1994 and &#8220;forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls,&#8221; according to <a href=\"https:\/\/www.eff.org\/issues\/calea\" rel=\"noopener\" target=\"_blank\">an EFF guide to the law<\/a>. A decade later it was expanded to encompass internet service providers, who were targeted by Salt Typhoon.<\/p>\n<p>&#8220;That&#8217;s right,&#8221; comment Mullin and Cohn. &#8220;The path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers.&#8221;<\/p>\n<p><strong>Ignored Precedents<\/strong><\/p>\n<p>This isn&#8217;t the first time that CALEA-mandated wiretapping backdoors have been exploited by hackers. As computer security expert <a href=\"https:\/\/www.lawfaremedia.org\/article\/tale-three-backdoors\" rel=\"noopener\" target=\"_blank\">Nicholas Weaver<\/a> pointed out for <em>Lawfare<\/em> in 2015, &#8220;any phone switch sold in the US must include the ability to efficiently tap a large number of calls. And since the US represents such a major market, this means virtually every phone switch sold worldwide contains &#8216;lawful intercept&#8217; functionality.&#8221;<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>After all this time, it&#8217;s no surprise to discover that unlike the police &mdash; who theoretically only use these government-required &#8220;backdoors&#8221; with a legal warrant &mdash; foreign hackers have been merrily using these &#8220;law enforcement tools&#8221; for their own purposes: For as long as law enforcement has sought a way to monitor people&#8217;s conversations \u2014 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22,84,9,15,13],"tags":[129,58,334,911],"class_list":["post-91881","post","type-post","status-publish","format-standard","hentry","category-china","category-government","category-law","category-technology","category-usa","tag-hack","tag-internet","tag-security","tag-surveillance"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-nTX","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/91881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=91881"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/91881\/revisions"}],"predecessor-version":[{"id":91883,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/91881\/revisions\/91883"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=91881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=91881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=91881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}