Nobody Saw This Coming: Now China Too Wants Company Encryption Keys And Backdoors In Hardware And Software

from the zone-of-lawlessness dept

A concerted campaign among officials on both sides of the Atlantic to attack strong encryption has intensified in the wake of the Charlie Hebdo killings. Most recently, we’ve had a leak of a document in which the EU’s “Counter-Terrorism Co-ordinator” recommended that Internet companies should be forced to hand over their crypto keys; and now Leslie Caldwell, an assistant attorney general at the US Justice Department, is reported by Vice.com to have made the following comment:

“We understand the value of encryption and the importance of security,” she said. “But we’re very concerned they not lead to the creation of what I would call a ‘zone of lawlessness,’ where there’s evidence that we could have lawful access through a court order that we?re prohibited from getting because of a company?s technological choices.”

She said that she hopes Apple and Google will consider building in back doors that will allow the companies to decrypt the phones if they are physically mailed back to the manufacturer.

As Techdirt has noted before, this narrative plays right into the hands of repressive governments around the world, which can simply point to the West’s argument, and say: “We agree.” So it will not come as a huge surprise to readers of this site to learn that when it comes to demanding encryption keys and backdoors from computer companies, China now agrees:

The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.

The New York Times article quoted above gives more details, drawing on a chart that lays out the new requirements for companies wishing to sell equipment to the Chinese banking sector:

For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.

The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build “ports” to allow Chinese officials to manage and monitor data processed by their hardware.

The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.

Although there is a clear protectionist element to many of these, as well as a desire to take a look at Western source code, the boldest demands — those for backdoors and encryption keys — are identical to what the US and EU are implicitly calling for. And so, once again, there is no way for the West to claim the moral high ground here, which inevitably undermines any protestations it might make about China’s decision to follow its example.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Nobody Saw This Coming: Now China Too Wants Company Encryption Keys And Backdoors In Hardware And Software”

Subscribe: RSS Leave a comment
41 Comments
Joe Crypto says:

Well, duh!

As a repressive and authoritarian government China wants encryption keys and backdoors so they can keep an eye on what everyone is doing, whenever they want to, so they can take care of any “threats” to their security.

As a government driven by Enlightenment values of personal liberty, the US wants encryption keys and backdoors so they can keep an eye on what everyone is doing, whenever they want to, so they take care of any “threats” to their security.

No one sees the difference?

Anonymous Coward says:

Ugh, just because it’s digital means they get be morons again. They should try to talk banks into ‘secret’ back door in their vaults which only government officials have the key to. Oh? That would be stupid? What’s the point of a secure vault with a second secret access? Don’t worry, it’s still secure, and you can trust the government. They’re only out to get bad guys, you’re not a bad guy are you? Then there’s nothing to worry about. It’s not like it’s usually bad guys that have secret doors everywhere. What’s that? They do? Oh, well.. then we’ll know exactly where to look for them.

Anonymous Coward says:

China wants their own backdoors. The West wants backdoors. Iran wants their own backdoors. Russia wants backdoors…

Look at the can of worm Mr. Comey, Ms. Caldwell, and PM Blair has opened up. Every repressive dictatorship in the world will demand their own backdoor access to all encrypted communications. Their insatiable lust for mass surveillance has made everyone in the world less safe and completely insecure.

Russian, China, and Iran will hack US backdoors in American technology. America will try to hack back against those countries backdoored technologies. Hacktivist groups will be hacking the backdoors of every country that has backdoors.

I hope Western companies are prepared to have their source codes copied by foreign nations. Thanks to the NSA, nobody trusts American technology anymore. So much for secret ‘Intellectual Property’ rights. The NSA shot the dream all to hell with their mass, untargeted, spying agenda.

Way to go backdoor/mass surveillance enthusiasts. You just screwed over the entire human race for generations to come.

John Fenderson (profile) says:

Re: Lets unpack this

“I’m quite sure the Gov’t would freak out if workers started using a program with Chinese back doors…and promptly ban it’s usage”

I’m not so sure about that. If Chinese equipment manufacturers build in back doors, there is a clear benefit to US spies as they can use the back doors as well — and without getting US citizens quite as on edge as they would be if the US required the back doors to be in place.

Anonymous Coward says:

Re: Re: Lets unpack this

Are you seriuously considering the possibility that there will be only 1 backdoor?

My guess is that most of these agencies/gov’ts will want their own backdoor.

Remember: if 5 agencies have a (different or same) key to the same door, there are 5 possible sources for leaks and everybody is affected by the closing of the 1 backdoor. If everybody has access via a different door, it doesn’t matter if the other guy’s door gets boarded shut/exposed and removed…

John Fenderson (profile) says:

Re: Re: Re: Lets unpack this

“Are you seriuously considering the possibility that there will be only 1 backdoor?”

Not really. I’m seriously considering the possibility that it’s easier for them to use a backdoor that already exists in Chinese equipment than to figure out a way to trick Chinese companies into putting another backdoor in.

Anonymous Coward says:

China insists that US government inserts backdoors for its own use, NSA issue a gag order demanding that they are given access to the same backdoors. Also if different countries insist on only their own backdoors being in software distributed in their country, comparing versions from different countries will reveal the relevant code, giving other countries, and criminals access to the same backdoors.
Somebody has not thought this one through.

PW (profile) says:

Governments position amusing...

…especially in light of the fact that they are the least trustworthy most dangerous groups cyber assaulting everyone. In related news: “Link between NSA and Regin cyberespionage malware becomes clearer” (http://www.computerworld.com/article/2875921/link-between-nsa-and-regin-cyberespionage-malware-becomes-clearer.html). Oy!

Anonymous Coward says:

A boon for open source...

So, the only logical answer to this is to embrace FOSS – then there is no single corporation that makes these decisions on the basis of government demands – the source is already open, and therefore meets Chinese requirements – it is up to the individual implementors (aka Users) to decide whether to add a backdoor or not – and that is how it should be.

beltorak (profile) says:

Re: A boon for open source...

That’s only half the solution though. Everyone seems to conveniently forget the gaping security hole introduced by arguably the most popular FOSS encryption library, OpenSSL.

The other half is to take at least some of that money your company would have spent on the proprietary software and donate it to the FOSS tools you are using.

It doesn’t have to be a cash donation (in case the project doesn’t really have a project manager in charge of financials, like, say, OpenSSL); offer to pay a developer’s salary. Offer to pay for infrastructure and set it up.

For some projects, a year of salary or infrastructure might still be cheaper than licenses. For others you could band together with a few other companies and form a joint subsidiary (or whatever) and pool your money.

Anonymous Coward says:

Re: Re: A boon for open source...

Indeed – the assumption would be that if people stopped using proprietary solutions, more focus would go into improving the FOSS solutions – but OpenSSL proves that isn’t necessarily the case.

It has to go both ways – but at least with FOSS, the users have some say in the matter, whereas with proprietary solutions, there’s no telling what deals and backdoors have been made with governments.

Anonymous Coward says:

And now some folks will start wondering about any new products/services/parts built in china sold globally, assuming they havent been doing them already as we have already found the western governments like(sic) to do

This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst……..its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is

Uk, us, canada,australia,france,korea,china……god knows how many………..the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy……….it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)

Short of a global revolution(harder)

Anonymous Coward says:

And now some folks will start wondering about any new products/services/parts built in china sold globally, assuming they havent been doing them already as we have already found the western governments like(sic) to do

This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst……..its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is

Uk, us, canada,australia,france,korea,china……god knows how many………..the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy……….it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)

Short of a global revolution(harder)

Anonymous Coward says:

why did no one see this coming then? did the USA and the UK expect to be the only countries that wanted/were allowed to have back doors in hardware and software? what gives them the only right? why would they think that no other country wanted or were entitled to do the same?
the even bigger question is what will be done when these back doors that the likes of that idiot Cameron wants inbuilt are exploited by God knows who and does serious damage to God knows what industry? will he/they be personally held liable? he/they damn well should be! it would be a variation of a theme of ISDS!!

Anonymous Coward says:

It strikes me that software engineers the world over, both private and public sector, know what a horrible idea it is to have all these backdoors built into systems. Perhaps it’s time for an unwritten agreement that only bogus backdoors will be implemented. The government systems that exploit these backdoors will be written so as to make the users & politicians believe that they’re accessing real data, when in fact they’re playing with nothing but random gibberish.

Remember how the Professor would sometimes set up fake equipment for Gilligan to knock over, thus sparing the real experiment? That.

John Fenderson (profile) says:

Re: Re:

“It strikes me that software engineers the world over, both private and public sector, know what a horrible idea it is to have all these backdoors built into systems.”

They do indeed, and know it from experience. In the Good Old Days, it was common practice to build developer back doors into software that included access controls so that they didn’t have to worry about them when they needed to enter the system post-deployment in order to fix things.

The industry did a complete about-face on the practice quite a while back when it became apparent that the chances of a back door being discovered and abused was very high, no matter how obscure or hard-to-use the backdoor was.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...