Most active commenters
  • (3)
  • CarpaDorada(3)
  • sangnoir(3)
  • greycol(3)

←back to thread

PRC Targeting of Commercial Telecommunications Infrastructure

(www.fbi.gov)
286 points 2OEH8eoCRo0 | 34 comments | 14 Nov 24 00:59 UTC | HN request time: 1.225s | source | bottom
1. basilgohar ◴[14 Nov 24 01:07 UTC] No.42132069[source]
> and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders

Is this legal speak for saying, "They're using our backdoors without our permission."?

replies(9): >>42132086 #>>42132150 #>>42132199 #>>42132267 #>>42132292 #>>42132511 #>>42132544 #>>42132558 #>>42133159 #
2. mikestew ◴[14 Nov 24 01:09 UTC] No.42132086[source]
I think so?

https://news.ycombinator.com/item?id=42043010

replies(1): >>42132218 #
3. ◴[14 Nov 24 01:18 UTC] No.42132150[source]
4. talldayo ◴[14 Nov 24 01:27 UTC] No.42132199[source]
I like the tacit implication that all 335 million-odd Americans might be subject to requests pursuant to court orders, but none of us can ever really know for sure since those records might be sealed, expunged, vacated or classified.

It's like we're on the $500,000 question and my Phone-a-Friend still has Snowden on the line.

replies(1): >>42132354 #
5. Cyph0n ◴[14 Nov 24 01:31 UTC] No.42132218[source]
Does this mean that they were able to (ab)use LI infra?

https://en.wikipedia.org/wiki/Lawful_interception

replies(1): >>42132784 #
6. toomuchtodo ◴[14 Nov 24 01:39 UTC] No.42132267[source]
Yes, they leveraging CALEA mandated infrastructure.

https://www.techdirt.com/2024/10/16/wyden-calea-hack-proves-...

https://www.wyden.senate.gov/imo/media/doc/wyden_letter_to_f...

https://en.wikipedia.org/wiki/Communications_Assistance_for_...

replies(2): >>42132308 #>>42132411 #
7. bongobingo1 ◴[14 Nov 24 01:43 UTC] No.42132292[source]
Damn, if only some one, some where, at some point, had mentioned that there's no such thing as a secure backdoor to encryption. Oh well, maybe such events are impossible to predict.
8. sailfast ◴[14 Nov 24 01:46 UTC] No.42132308[source]
Can you imagine if the proponents of the Clipper Chip had actually won the argument? Yeesh. This is inexcusable.
replies(3): >>42132597 #>>42137946 #>>42148813 #
9. eru ◴[14 Nov 24 01:53 UTC] No.42132354[source]
> I like the tacit implication that all 335 million-odd Americans [...]

I wouldn't worry too much.

Us unAmericans in the rest of the world don't have any constitutional guarantees to save us from the US spooks (nor from each other), and you don't have any constitutional guarantees to save you from the rest of the world, either.

So the flimsy guarantees that would in theory save you from your own spooks are really just a drop in the bucket.

replies(1): >>42132791 #
10. davidw ◴[14 Nov 24 02:04 UTC] No.42132411[source]
Wyden is so good on this stuff.
replies(2): >>42132467 #>>42132663 #
11. toomuchtodo ◴[14 Nov 24 02:13 UTC] No.42132467{3}[source]
He is a treasure.
replies(1): >>42132606 #
12. CarpaDorada ◴[14 Nov 24 02:21 UTC] No.42132511[source]
No it is not, because these are not backdoors, the entities legally own the data users have provided them and the courts require them to share the data for investigative purposes. When the FBI pressed Apple to break its encryption, it would not had been a backdoor, but simply a different product that Apple would've offered. A backdoor would be a secret exploit that circumvents encryption, or other security methods.
replies(1): >>42132664 #
13. AzzyHN ◴[14 Nov 24 02:28 UTC] No.42132544[source]
Damn, who could've seen this coming!?
14. sangnoir ◴[14 Nov 24 02:32 UTC] No.42132558[source]
It's legal speak for "They are looking at who we have wiretaps on", which any country would be interested in, just to see which of their assets are being watched, for counter-counter-espionage purposes.
replies(2): >>42132767 #>>42132773 #
15. ◴[14 Nov 24 02:38 UTC] No.42132597{3}[source]
16. rootusrootus ◴[14 Nov 24 02:52 UTC] No.42132663{3}[source]
He's getting up there in years, I hope he hangs out a while longer. We could use more senators like him.
17. greycol ◴[14 Nov 24 02:52 UTC] No.42132664[source]
You've probably conflated the saying "going through the backdoor" with the noun backdoor, which is an understandable mistake to make.

Conflating the two is even easier when the backdoor is morally questionable i.e. When someone purposefully installs a wooden backdoor on a bankvault and says it's so that we don't need to go through the whole rigmarole of opening the main vault-door. Yes it allows them to do their job of checking what's in safety deposit boxes easier but the door itself is an evil.

replies(2): >>42132725 #>>42132758 #
18. CarpaDorada ◴[14 Nov 24 03:05 UTC] No.42132725{3}[source]
"Using our backdoors" is what was said, not "going through the backdoor". Backdoors have a very specific meaning in computer security. US law enforcement is not using backdoors to access the data of US companies.
19. grayfaced ◴[14 Nov 24 03:09 UTC] No.42132758{3}[source]
A backdoor bypasses legitimate access mechanisms. Whether it is a backdoor or not depends fully on whether you believe lawful intercept is a legitimate access mechanism. And I think the law is on the side of it being not a backdoor.
replies(2): >>42133102 #>>42133469 #
20. walterbell ◴[14 Nov 24 03:11 UTC] No.42132767[source]
For cross-referencing with ground surveillance.
21. halJordan ◴[14 Nov 24 03:12 UTC] No.42132773[source]
That is incorrect. While you're idea probably is interesting to them, they are indeed leveraging the infrastructure to "live off the land" doing their own collect. They are very much doing their own targeting.
replies(1): >>42132958 #
22. halJordan ◴[14 Nov 24 03:13 UTC] No.42132784{3}[source]
Yes. What no one here bothers to even mention is that APTs have been doing this very thing since the 2004 Athens Affair. It didn't feed into the sanctimony so it isn't mentioned.
replies(1): >>42133012 #
23. walterbell ◴[14 Nov 24 03:15 UTC] No.42132791{3}[source]
Trickle-down surveillance can lead to on-demand local neo-stasi orgs in every country, representing local, national, transnational or global interests.

Like the WestWorld S3 “RICO crime app”.

24. sangnoir ◴[14 Nov 24 03:42 UTC] No.42132958{3}[source]
How would their own targeting relate to "copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders"? AFAIK, telecoms enforcement requests subject to court orders in the US mean one thing, and one thing only: lawful interception of communication.
replies(1): >>42133132 #
25. Cyph0n ◴[14 Nov 24 03:52 UTC] No.42133012{4}[source]
I was just reading about the Greece incident linked on the wiki page. Absolutely staggering stuff - none of which I heard of before!
26. greycol ◴[14 Nov 24 04:11 UTC] No.42133102{4}[source]
We've had multiple bills proposed by multiple countries for government mandated backdoors. Multiple articles refer to how these bills would create backdoors, multiple computer security experts say the bills would create backdoors in the software. Under your definition of the word they'd all be using the word incorrectly because logically no bill could create a legal backdoor by definition.

It's seems there's a semantic schism on "the point in software where security is weak enough (either purposefully or unkowingly) for 3rd party access by a 3rd party" and "the point in software where security is purposefully weakened for 3rd party access by the legal requirement of a 3rd party" there's definitely a distinction but I generally conflate the two, perhaps incorrectly, under the word backdoor.

If you've got another more appropos word for this purposeful and legal weakining of security for non primary user/provider access I'd love to know it because sadly I feel I'd use it fairly often in the coming years.

replies(1): >>42133288 #
27. basilgohar ◴[14 Nov 24 04:19 UTC] No.42133132{4}[source]
There is no known limit to the scope of what LE can monitor, and there is no public record to access or analyze in the case of sealed documents. So it could, for all we know, be anyone and everyone.

Remember, way back when, AT&T just gave the NSA full access to their network.

replies(1): >>42133320 #
28. webdoodle ◴[14 Nov 24 04:25 UTC] No.42133159[source]
Yep. Pretty much the dystopian governments go-to playbook for surveillance. Find a private entity that is providing a communication service they can't spy on, then pressure them to put in a backdoor with threats of jail, etc.

Former CEO of Qwest Communications Joe Nachio claims he fought the NSA's initial requests for these backdoors, and was rewarded with being taken to court for insider trading. Remember no one at the top of these companies got there without breaking some rules along the way.

https://en.wikipedia.org/wiki/Joseph_Nacchio

29. CarpaDorada ◴[14 Nov 24 05:00 UTC] No.42133288{5}[source]
These articles use the word "backdoor" for effect, for example <https://www.schneier.com/blog/archives/2021/08/apple-adds-a-...>. The bills you refer to by multiple countries simply want their own in-house wiretapping apparatus, because they don't want to be dependent on the US. Specifically, I'm thinking of EU's "chat control". Ironically those who oppose it are unwittingly doing the bidding for a more powerful US. The internet is fully wiretapped and there is no end in sight.
replies(1): >>42133484 #
30. sangnoir ◴[14 Nov 24 05:10 UTC] No.42133320{5}[source]
I'm not sure I'm following your argument in the context of this thread. Are you suggesting there were no surveillance court orders whose targets the Chinese found a d copied?
31. Lvl999Noob ◴[14 Nov 24 05:53 UTC] No.42133469{4}[source]
A backdoor in the technical sense (which is the real topic of this whole conversation) is one that bypasses the known way of entry. For an "End to end encrypted" communication channel, a backdoor allows someone to view the communication without being on either of the "ends".

The problem is not whether the backdoor was legally mandated or not, and whether legal authorities are misusing them or not, the problem is that it exists. And the existence by itself is enough to let someone ignore any legal mandates and view the comms.

32. greycol ◴[14 Nov 24 05:58 UTC] No.42133484{6}[source]
No they use the word backdoor because there is no better word for these pathwatys/purposefully created weak spots in access to the software. Seriously please give me one that emphasises the security detriment to the 1st party user and i'll happily use it instead.

I'll also add that ironically those who don't oppose these bills are unwittingly doing the bidding of strategic adversaries as demonstrated quite adequately by the PRC here.

33. ◴[14 Nov 24 16:39 UTC] No.42137946{3}[source]
34. talldayo ◴[15 Nov 24 17:15 UTC] No.42148813{3}[source]
> Can you imagine if the proponents of the Clipper Chip had actually won the argument?

Given that 90% of smartphone hardware comes from 2-3 manufacturers, I actually can imagine it pretty well...