China wants tech companies to help it bypass encryption. But that’s not okay with the US, which wants the same thing.
Image: Flickr, poeloq
When the US demands technology companies install backdoors for law enforcement, it's okay. But when China demands the same, it's a whole different story.
The Chinese government is about to pass a new counter terrorism law that would require tech companies operating in the country to turn over encryption keys and include specially crafted code in their software and hardware so that chinese authorities can defeat security measures at will.
Technologists and cryptographers have long warned that you can't design a secure system that will enable law enforcement—and only law enforcement—to bypass the encryption. The nature of a backdoor door is that it is also a vulnerability, and if discovered, hackers or foreign governments might be able to exploit it, too.
Yet, over the past few months, several US government officials, including the FBI director James Comey, outgoing US Attorney General Eric Holder, and NSA Director Mike Rogers, have all suggested that companies such as Apple and Google should give law enforcement agencies special access to their users' encrypted data—while somehow offering strong encryption for their users at the same time.
"If the US forces tech companies to install backdoors in encryption, then tech companies will have no choice but to go along with China when they demand the same power."
Their fear is that cops and feds will "go dark," an FBI term for a potential scenario where encryption makes it impossible to intercept criminals' communications.
But in light of China's new proposals, some think the US' own position is a little ironic.
"You can't have it both ways," Trevor Timm, the co-founder and the executive director of the Freedom of the Press Foundation, told Motherboard. "If the US forces tech companies to install backdoors in encryption, then tech companies will have no choice but to go along with China when they demand the same power."
He's not the only one to think the US government might end up regretting its stance.
Matthew Green, a cryptography professor at Johns Hopkins University, tweeted that someday US officials will "realize how much damage they've enabled" with their "silly requests" for backdoors.
Ironically, the US government sent a letter to China expressing concern about its new law. "The Administration is aggressively working to have China walk back from these troubling regulations," US Trade Representative Michael Froman said in a statement.
A White House spokesperson did not respond to a request for comment from Motherboard.
"It's stunningly shortsighted for the FBI and NSA not to realize this," Timm added. "By demanding backdoors, these US government agencies are putting everyone's cybersecurity at risk."
In an oft-cited examples of "if you build it, they will come," hackers exploited a system designed to let police tap phones to spy on more than a hundred Greek cellphones, including that of the prime minister.
At the time, Steven Bellovin, a computer science professor at Columbia University, wrote that this incident shows how "built-in wiretap facilities and the like are really dangerous, and are easily abused."
That hasn't stopped other from asking though. Several countries, including India, Kuwait and UAE, requested BlackBerry to include a backdoor in its devices so that authorities could access encrypted communications. And a leaked document in 2013 revealed that BlackBerry's lawful interception system in India was "ready for use."