Nobody Saw This Coming: Now China Too Wants Company Encryption Keys And Backdoors In Hardware And Software

from the zone-of-lawlessness dept

A concerted campaign among officials on both sides of the Atlantic to attack strong encryption has intensified in the wake of the Charlie Hebdo killings. Most recently, we've had a leak of a document in which the EU's "Counter-Terrorism Co-ordinator" recommended that Internet companies should be forced to hand over their crypto keys; and now Leslie Caldwell, an assistant attorney general at the US Justice Department, is reported by Vice.com to have made the following comment:
"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices."

She said that she hopes Apple and Google will consider building in back doors that will allow the companies to decrypt the phones if they are physically mailed back to the manufacturer.
As Techdirt has noted before, this narrative plays right into the hands of repressive governments around the world, which can simply point to the West's argument, and say: "We agree." So it will not come as a huge surprise to readers of this site to learn that when it comes to demanding encryption keys and backdoors from computer companies, China now agrees:
The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars' worth of business in China.
The New York Times article quoted above gives more details, drawing on a chart that lays out the new requirements for companies wishing to sell equipment to the Chinese banking sector:
For most computing and networking equipment, the chart says, source code must be turned over to Chinese officials. But many foreign companies would be unwilling to disclose code because of concerns about intellectual property, security and, in some cases, United States export law.

The chart also calls for companies that want to sell to banks to set up research and development centers in China, obtain permits for workers servicing technology equipment and build "ports" to allow Chinese officials to manage and monitor data processed by their hardware.

The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
Although there is a clear protectionist element to many of these, as well as a desire to take a look at Western source code, the boldest demands -- those for backdoors and encryption keys -- are identical to what the US and EU are implicitly calling for. And so, once again, there is no way for the West to claim the moral high ground here, which inevitably undermines any protestations it might make about China's decision to follow its example.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Joe Crypto, 29 Jan 2015 @ 10:47am

    Well, duh!

    As a repressive and authoritarian government China wants encryption keys and backdoors so they can keep an eye on what everyone is doing, whenever they want to, so they can take care of any "threats" to their security.

    As a government driven by Enlightenment values of personal liberty, the US wants encryption keys and backdoors so they can keep an eye on what everyone is doing, whenever they want to, so they take care of any "threats" to their security.

    No one sees the difference?

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 29 Jan 2015 @ 11:04am

      "A government driven by enlightenment"

      I'm pretty sure no one believes that of the US anymore.

      reply to this | link to this | view in chronology ]

      • identicon
        Joe Crypto, 29 Jan 2015 @ 11:28am

        Re: "A government driven by enlightenment"

        Why do you hate freedom (to be spied upon)?

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Jan 2015 @ 12:37pm

        Re: "A government driven by enlightenment"

        "enlightenment", maybe. But in what direction?

        And "personal liberties"? Many disappeared a long time ago.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 29 Jan 2015 @ 12:46pm

          Re: Re: "A government driven by enlightenment"

          "enlightenment", maybe. But in what direction?

          And "personal liberties"? Many disappeared a long time ago.


          "It's not a lie, if you think it's true".
          - A. Vandelay

          I think that sums up the past 13 years nicely.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 10:59am

    Ugh, just because it's digital means they get be morons again. They should try to talk banks into 'secret' back door in their vaults which only government officials have the key to. Oh? That would be stupid? What's the point of a secure vault with a second secret access? Don't worry, it's still secure, and you can trust the government. They're only out to get bad guys, you're not a bad guy are you? Then there's nothing to worry about. It's not like it's usually bad guys that have secret doors everywhere. What's that? They do? Oh, well.. then we'll know exactly where to look for them.

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 29 Jan 2015 @ 11:02am

    Wow, I see lots of hacks coming to Chinese banks in the near future.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 11:14am

    With so many governments attacking software and software development in general we should change the name of the career.

    They're no longer software developers, they're now 'freedom fighters', fighting to protect common everyday practices like encryption, etc.

    reply to this | link to this | view in chronology ]

  • icon
    Derek Kerton (profile), 29 Jan 2015 @ 11:22am

    Wait, I don't understand...

    Is it the repressive governments who are like our own, or our government that is like the repressive ones?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 11:28am

    China wants their own backdoors. The West wants backdoors. Iran wants their own backdoors. Russia wants backdoors...

    Look at the can of worm Mr. Comey, Ms. Caldwell, and PM Blair has opened up. Every repressive dictatorship in the world will demand their own backdoor access to all encrypted communications. Their insatiable lust for mass surveillance has made everyone in the world less safe and completely insecure.

    Russian, China, and Iran will hack US backdoors in American technology. America will try to hack back against those countries backdoored technologies. Hacktivist groups will be hacking the backdoors of every country that has backdoors.

    I hope Western companies are prepared to have their source codes copied by foreign nations. Thanks to the NSA, nobody trusts American technology anymore. So much for secret 'Intellectual Property' rights. The NSA shot the dream all to hell with their mass, untargeted, spying agenda.

    Way to go backdoor/mass surveillance enthusiasts. You just screwed over the entire human race for generations to come.

    reply to this | link to this | view in chronology ]

  • icon
    pixelpusher220 (profile), 29 Jan 2015 @ 11:35am

    Lets unpack this

    I'm quite sure the Gov't would freak out if workers started using a program with Chinese back doors...and promptly ban it's usage.

    They forget that China and other countries are starting to say "Don't use software with American back doors"

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 29 Jan 2015 @ 12:53pm

      Re: Lets unpack this

      "I'm quite sure the Gov't would freak out if workers started using a program with Chinese back doors...and promptly ban it's usage"

      I'm not so sure about that. If Chinese equipment manufacturers build in back doors, there is a clear benefit to US spies as they can use the back doors as well -- and without getting US citizens quite as on edge as they would be if the US required the back doors to be in place.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Jan 2015 @ 4:21am

        Re: Re: Lets unpack this

        Are you seriuously considering the possibility that there will be only 1 backdoor?

        My guess is that most of these agencies/gov'ts will want their own backdoor.

        Remember: if 5 agencies have a (different or same) key to the same door, there are 5 possible sources for leaks and everybody is affected by the closing of the 1 backdoor. If everybody has access via a different door, it doesn't matter if the other guy's door gets boarded shut/exposed and removed...

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 30 Jan 2015 @ 6:45am

          Re: Re: Re: Lets unpack this

          "Are you seriuously considering the possibility that there will be only 1 backdoor?"

          Not really. I'm seriously considering the possibility that it's easier for them to use a backdoor that already exists in Chinese equipment than to figure out a way to trick Chinese companies into putting another backdoor in.

          reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 29 Jan 2015 @ 11:35am

    Unclear on the concept

    "We understand the value of encryption and the importance of security," she said.

    No. You don't. Not even a little bit.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 11:41am

    China insists that US government inserts backdoors for its own use, NSA issue a gag order demanding that they are given access to the same backdoors. Also if different countries insist on only their own backdoors being in software distributed in their country, comparing versions from different countries will reveal the relevant code, giving other countries, and criminals access to the same backdoors.
    Somebody has not thought this one through.

    reply to this | link to this | view in chronology ]

  • icon
    limbodog (profile), 29 Jan 2015 @ 11:52am

    Only one answer

    Time for scientists to bring back the passenger pigeon!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 12:00pm

    Whats good for the goose is good for the gander

    reply to this | link to this | view in chronology ]

  • icon
    AMJAD (profile), 29 Jan 2015 @ 12:08pm

    fun

    They forget that China and other countries are starting to say "Don't use software with American back doors"

    reply to this | link to this | view in chronology ]

  • icon
    AMJAD (profile), 29 Jan 2015 @ 12:09pm

    klmat

    They forget that China and other countries are starting to say "Don't use software with American back doors" www.klmat.ws

    reply to this | link to this | view in chronology ]

  • icon
    PW (profile), 29 Jan 2015 @ 12:44pm

    Governments position amusing...

    ...especially in light of the fact that they are the least trustworthy most dangerous groups cyber assaulting everyone. In related news: "Link between NSA and Regin cyberespionage malware becomes clearer" (http://www.computerworld.com/article/2875921/link-between-nsa-and-regin-cyberespionage-malware-beco mes-clearer.html). Oy!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 12:46pm

    The price of used mechanical typewriters just soared.

    New Kickstarter campaign: Bluetooth-enabled mechanical typewriter.

    reply to this | link to this | view in chronology ]

    • icon
      Allaun Silverfox (profile), 30 Jan 2015 @ 2:50pm

      Re: The price of used mechanical typewriters just soared.

      I'd argue Bluetooth is far, FAR to insecure. Line of sight laser links would be more useful. At least, until someone did a audio scan of the typewriter. The pattern wouldn't be that hard to discern.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 12:49pm

    That's why they're called "hackdoors"

    The Chinese have all seen "When Harry Met Sally", and their motto is "I'll have what she's having".

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 12:56pm

    We understand the value of encryption and the importance of security,

    No, no, you really dont, if you did, you would have stopped there

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 12:57pm

    "We understand the value of encryption and the importance of security,"

    No, no, you really dont, if you did, you would have stopped there

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 1:19pm

    A boon for open source...

    So, the only logical answer to this is to embrace FOSS - then there is no single corporation that makes these decisions on the basis of government demands - the source is already open, and therefore meets Chinese requirements - it is up to the individual implementors (aka Users) to decide whether to add a backdoor or not - and that is how it should be.

    reply to this | link to this | view in chronology ]

    • icon
      beltorak (profile), 29 Jan 2015 @ 3:38pm

      Re: A boon for open source...

      That's only half the solution though. Everyone seems to conveniently forget the gaping security hole introduced by arguably the most popular FOSS encryption library, OpenSSL.

      The other half is to take at least some of that money your company would have spent on the proprietary software and donate it to the FOSS tools you are using.

      It doesn't have to be a cash donation (in case the project doesn't really have a project manager in charge of financials, like, say, OpenSSL); offer to pay a developer's salary. Offer to pay for infrastructure and set it up.

      For some projects, a year of salary or infrastructure might still be cheaper than licenses. For others you could band together with a few other companies and form a joint subsidiary (or whatever) and pool your money.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Jan 2015 @ 4:24pm

        Re: Re: A boon for open source...

        Indeed - the assumption would be that if people stopped using proprietary solutions, more focus would go into improving the FOSS solutions - but OpenSSL proves that isn't necessarily the case.

        It has to go both ways - but at least with FOSS, the users have some say in the matter, whereas with proprietary solutions, there's no telling what deals and backdoors have been made with governments.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 1:21pm

    And now some folks will start wondering about any new products/services/parts built in china sold globally, assuming they havent been doing them already as we have already found the western governments like(sic) to do

    This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst........its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is

    Uk, us, canada,australia,france,korea,china......god knows how many...........the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy..........it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)

    Short of a global revolution(harder)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 1:24pm

    And now some folks will start wondering about any new products/services/parts built in china sold globally, assuming they havent been doing them already as we have already found the western governments like(sic) to do

    This is gonna snowball all on its own, governments supplying the materials once again, global paranoia taking its role as the catalyst........its gonna get to a point unless they all agree to stop before it gets worse, that even if they wanted to, their gonna have to do something extreme because of how far its come and how harder it is

    Uk, us, canada,australia,france,korea,china......god knows how many...........the fact they control who can audit their PUBLIC property, means they can say one thing, then transfer operations someplace else with even better evaluated secrecy..........it just takes one to do it, the others would then be obliged(sic) to do the same(snowball)

    Short of a global revolution(harder)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 1:47pm

    It's a dirty shame when the government supposedly for human rights and privacy has to provide the road map for repressive regimes. I think that sums up where the US government today stands. The actions are becoming indistinguishable between countries other than changing the name.

    reply to this | link to this | view in chronology ]

  • icon
    got_runs? (profile), 29 Jan 2015 @ 3:13pm

    >

    The 'Five Eyes' are weakening global security for the purpose of spying.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 4:23pm

    why did no one see this coming then? did the USA and the UK expect to be the only countries that wanted/were allowed to have back doors in hardware and software? what gives them the only right? why would they think that no other country wanted or were entitled to do the same?
    the even bigger question is what will be done when these back doors that the likes of that idiot Cameron wants inbuilt are exploited by God knows who and does serious damage to God knows what industry? will he/they be personally held liable? he/they damn well should be! it would be a variation of a theme of ISDS!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2015 @ 11:21pm

    This happens because we don't live in a free society.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 30 Jan 2015 @ 1:02am

    Awesome. I wholeheartedly support the idea. Put backdoors on each and every single device. US afraid China might use it? Too bad, you asked for it. Let the world be an open, transparent book for everybody. Russia is overjoyed!

    You heap what you sow. Deal with the unintended consequences of your idiocy, West.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2015 @ 12:06pm

    It strikes me that software engineers the world over, both private and public sector, know what a horrible idea it is to have all these backdoors built into systems. Perhaps it's time for an unwritten agreement that only bogus backdoors will be implemented. The government systems that exploit these backdoors will be written so as to make the users & politicians believe that they're accessing real data, when in fact they're playing with nothing but random gibberish.

    Remember how the Professor would sometimes set up fake equipment for Gilligan to knock over, thus sparing the real experiment? That.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 30 Jan 2015 @ 1:07pm

      Re:

      "It strikes me that software engineers the world over, both private and public sector, know what a horrible idea it is to have all these backdoors built into systems."

      They do indeed, and know it from experience. In the Good Old Days, it was common practice to build developer back doors into software that included access controls so that they didn't have to worry about them when they needed to enter the system post-deployment in order to fix things.

      The industry did a complete about-face on the practice quite a while back when it became apparent that the chances of a back door being discovered and abused was very high, no matter how obscure or hard-to-use the backdoor was.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.