←back to thread

PRC Targeting of Commercial Telecommunications Infrastructure

(www.fbi.gov)
286 points 2OEH8eoCRo0 | 7 comments | 14 Nov 24 00:59 UTC | HN request time: 0.211s | source | bottom
Show context
basilgohar ◴[14 Nov 24 01:07 UTC] No.42132069[source]
> and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders

Is this legal speak for saying, "They're using our backdoors without our permission."?

replies(9): >>42132086 #>>42132150 #>>42132199 #>>42132267 #>>42132292 #>>42132511 #>>42132544 #>>42132558 #>>42133159 #
CarpaDorada ◴[14 Nov 24 02:21 UTC] No.42132511[source]
No it is not, because these are not backdoors, the entities legally own the data users have provided them and the courts require them to share the data for investigative purposes. When the FBI pressed Apple to break its encryption, it would not had been a backdoor, but simply a different product that Apple would've offered. A backdoor would be a secret exploit that circumvents encryption, or other security methods.
replies(1): >>42132664 #
1. greycol ◴[14 Nov 24 02:52 UTC] No.42132664[source]
You've probably conflated the saying "going through the backdoor" with the noun backdoor, which is an understandable mistake to make.

Conflating the two is even easier when the backdoor is morally questionable i.e. When someone purposefully installs a wooden backdoor on a bankvault and says it's so that we don't need to go through the whole rigmarole of opening the main vault-door. Yes it allows them to do their job of checking what's in safety deposit boxes easier but the door itself is an evil.

replies(2): >>42132725 #>>42132758 #
2. CarpaDorada ◴[14 Nov 24 03:05 UTC] No.42132725[source]
"Using our backdoors" is what was said, not "going through the backdoor". Backdoors have a very specific meaning in computer security. US law enforcement is not using backdoors to access the data of US companies.
3. grayfaced ◴[14 Nov 24 03:09 UTC] No.42132758[source]
A backdoor bypasses legitimate access mechanisms. Whether it is a backdoor or not depends fully on whether you believe lawful intercept is a legitimate access mechanism. And I think the law is on the side of it being not a backdoor.
replies(2): >>42133102 #>>42133469 #
4. greycol ◴[14 Nov 24 04:11 UTC] No.42133102[source]
We've had multiple bills proposed by multiple countries for government mandated backdoors. Multiple articles refer to how these bills would create backdoors, multiple computer security experts say the bills would create backdoors in the software. Under your definition of the word they'd all be using the word incorrectly because logically no bill could create a legal backdoor by definition.

It's seems there's a semantic schism on "the point in software where security is weak enough (either purposefully or unkowingly) for 3rd party access by a 3rd party" and "the point in software where security is purposefully weakened for 3rd party access by the legal requirement of a 3rd party" there's definitely a distinction but I generally conflate the two, perhaps incorrectly, under the word backdoor.

If you've got another more appropos word for this purposeful and legal weakining of security for non primary user/provider access I'd love to know it because sadly I feel I'd use it fairly often in the coming years.

replies(1): >>42133288 #
5. CarpaDorada ◴[14 Nov 24 05:00 UTC] No.42133288{3}[source]
These articles use the word "backdoor" for effect, for example <https://www.schneier.com/blog/archives/2021/08/apple-adds-a-...>. The bills you refer to by multiple countries simply want their own in-house wiretapping apparatus, because they don't want to be dependent on the US. Specifically, I'm thinking of EU's "chat control". Ironically those who oppose it are unwittingly doing the bidding for a more powerful US. The internet is fully wiretapped and there is no end in sight.
replies(1): >>42133484 #
6. Lvl999Noob ◴[14 Nov 24 05:53 UTC] No.42133469[source]
A backdoor in the technical sense (which is the real topic of this whole conversation) is one that bypasses the known way of entry. For an "End to end encrypted" communication channel, a backdoor allows someone to view the communication without being on either of the "ends".

The problem is not whether the backdoor was legally mandated or not, and whether legal authorities are misusing them or not, the problem is that it exists. And the existence by itself is enough to let someone ignore any legal mandates and view the comms.

7. greycol ◴[14 Nov 24 05:58 UTC] No.42133484{4}[source]
No they use the word backdoor because there is no better word for these pathwatys/purposefully created weak spots in access to the software. Seriously please give me one that emphasises the security detriment to the 1st party user and i'll happily use it instead.

I'll also add that ironically those who don't oppose these bills are unwittingly doing the bidding of strategic adversaries as demonstrated quite adequately by the PRC here.