←back to thread

Huawei 5G kit must be removed from UK by 2027

(www.bbc.com)
293 points doener | 3 comments | 14 Jul 20 12:06 UTC | HN request time: 0.837s | source
Show context
rich_sasha ◴[14 Jul 20 12:42 UTC] No.23831166[source]
If this is just Realpolitik/hardware independence, fine, but security..?

Any worthwhile Internet traffic should be encrypted in 2020, and if it isn’t, Huawei probably isn’t the most immediate concern.

And if it is encrypted, does it really matter who is listening?

Comments welcome, I know zilch about telecoms hardware.

replies(8): >>23831214 #>>23831232 #>>23831380 #>>23831415 #>>23831424 #>>23831435 #>>23832103 #>>23838304 #
1. hnarn ◴[14 Jul 20 14:07 UTC] No.23832103[source]
> And if it is encrypted, does it really matter who is listening?

If your argument here is “who cares if we can trust the hardware if the encryption works” I’d encourage you to think about how you know that the encryption “works” if you can’t trust the hardware. A lot of the encryption is out of necessity far removed from the end user, it’s not exactly PGP over email. And everything is never encrypted, the operations of mobile networks require a lot of extra metadata about the operations that is still sensitive even if you completely disregard the traffic over the network.

replies(1): >>23834292 #
2. rich_sasha ◴[14 Jul 20 16:45 UTC] No.23834292[source]
There isn’t really an argument, only a question. As in, a basic tenet of cryptography is that we can communicate over unsafe channels, so long as we trust the cipher, the final recipient and our own hardware. Maybe I don’t trust the 5G but I do trust the cipher and my computer, is that ok then?

As for metadata, is there no cryptographic schemes that make metadata extraction impossible? I’m thinking like with Covid tracking apps, you can find out whether you were in contact with someone infected, without sharing any identifiable info.

replies(1): >>23840372 #
3. jimmydorry ◴[15 Jul 20 01:59 UTC] No.23840372[source]
Data headers, Routing, Physical Location, and some kind of user / device identifier (e.g. Hardware ID); would already make an incredibly powerful data set. And those are things that governments around the world mandate that ISPs must log for law enforcement activities. If it's logable, one must assume that any bad actor with a backdoor can obtain a copy too.