←back to thread

PRC Targeting of Commercial Telecommunications Infrastructure

(www.fbi.gov)
286 points 2OEH8eoCRo0 | 2 comments | 14 Nov 24 00:59 UTC | HN request time: 0.429s | source
Show context
basilgohar ◴[14 Nov 24 01:07 UTC] No.42132069[source]
> and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders

Is this legal speak for saying, "They're using our backdoors without our permission."?

replies(9): >>42132086 #>>42132150 #>>42132199 #>>42132267 #>>42132292 #>>42132511 #>>42132544 #>>42132558 #>>42133159 #
CarpaDorada ◴[14 Nov 24 02:21 UTC] No.42132511[source]
No it is not, because these are not backdoors, the entities legally own the data users have provided them and the courts require them to share the data for investigative purposes. When the FBI pressed Apple to break its encryption, it would not had been a backdoor, but simply a different product that Apple would've offered. A backdoor would be a secret exploit that circumvents encryption, or other security methods.
replies(1): >>42132664 #
greycol ◴[14 Nov 24 02:52 UTC] No.42132664[source]
You've probably conflated the saying "going through the backdoor" with the noun backdoor, which is an understandable mistake to make.

Conflating the two is even easier when the backdoor is morally questionable i.e. When someone purposefully installs a wooden backdoor on a bankvault and says it's so that we don't need to go through the whole rigmarole of opening the main vault-door. Yes it allows them to do their job of checking what's in safety deposit boxes easier but the door itself is an evil.

replies(2): >>42132725 #>>42132758 #
grayfaced ◴[14 Nov 24 03:09 UTC] No.42132758[source]
A backdoor bypasses legitimate access mechanisms. Whether it is a backdoor or not depends fully on whether you believe lawful intercept is a legitimate access mechanism. And I think the law is on the side of it being not a backdoor.
replies(2): >>42133102 #>>42133469 #
greycol ◴[14 Nov 24 04:11 UTC] No.42133102[source]
We've had multiple bills proposed by multiple countries for government mandated backdoors. Multiple articles refer to how these bills would create backdoors, multiple computer security experts say the bills would create backdoors in the software. Under your definition of the word they'd all be using the word incorrectly because logically no bill could create a legal backdoor by definition.

It's seems there's a semantic schism on "the point in software where security is weak enough (either purposefully or unkowingly) for 3rd party access by a 3rd party" and "the point in software where security is purposefully weakened for 3rd party access by the legal requirement of a 3rd party" there's definitely a distinction but I generally conflate the two, perhaps incorrectly, under the word backdoor.

If you've got another more appropos word for this purposeful and legal weakining of security for non primary user/provider access I'd love to know it because sadly I feel I'd use it fairly often in the coming years.

replies(1): >>42133288 #
1. CarpaDorada ◴[14 Nov 24 05:00 UTC] No.42133288[source]
These articles use the word "backdoor" for effect, for example <https://www.schneier.com/blog/archives/2021/08/apple-adds-a-...>. The bills you refer to by multiple countries simply want their own in-house wiretapping apparatus, because they don't want to be dependent on the US. Specifically, I'm thinking of EU's "chat control". Ironically those who oppose it are unwittingly doing the bidding for a more powerful US. The internet is fully wiretapped and there is no end in sight.
replies(1): >>42133484 #
2. greycol ◴[14 Nov 24 05:58 UTC] No.42133484[source]
No they use the word backdoor because there is no better word for these pathwatys/purposefully created weak spots in access to the software. Seriously please give me one that emphasises the security detriment to the 1st party user and i'll happily use it instead.

I'll also add that ironically those who don't oppose these bills are unwittingly doing the bidding of strategic adversaries as demonstrated quite adequately by the PRC here.