No announcement yet.

Legalization of backdoors in US technology and impact to security

  • Filter
  • Time
  • Show
Clear All
new posts

  • Legalization of backdoors in US technology and impact to security

    Summary: Court can compel Apple (or other vendors) to do what is possible and, "not too much of an imposition," to help recover evidence for the court (prosecution.) It is argued that if they can't decrypt the data, they won't be forced to, but the article suggests they could back-door a device.

    From Snowden, and other sources we have seen claims that vendors were required to cooperate with the U.S. Federal government when shipping products overseas. We have also read of claims from other sources of products being intercepted before leaving or entering the country to be back-doored with custom firmware. The concept of these claims was not new, as people wanting to see US Tech firms succeed, proposed these techniques were being used in Chinese manufacturing, to warn people away from buying tech from China.

    If U.S. courts can legally compel manufacturers to eavesdrop on consumers, undermine their privacy, and weaken products, then we will have another reason for foreign consumers to not buy technology from the U.S., but how will this change security?

    If the courts (prosecution and executive branch) get legal authority to compel manufacturers to work against consumer privacy, how likely would these capabilities and instances of each being used, be made public?

    Some people (on the side of prosecution and executive branch) are pushing this kind of work as a modernization of CALEA ( ) to keep up with technology. There have been several attempts to get various "CALEA2" pushed through congress and signed into law.


    The ACLU claims that the FBI uses NDA with local law enforcement, and relies on NDA with manufacturer to deny FOIA requests to learn about techniques used to acquire evidence used in a case. They also claim local law enforcement took court documents allegedly on use of "Stingray", and before the court could get the documents back, Federal Marshals took the documents from the local police department.


    From ARSTechnica is a story of something similar from the judicial branch; one judge unseals records he previously sealed, and another judge re-seals them.


    Then, also from ARSTechnica, a North Carolina judge unseals ~500 records about a week ago. Now we are waiting to see what happens here. Will these be re-sealed? We still wait to see results of this, and what will actually be released.

    With all of the above history considered with Stingray capabilities and use being kept from public review, I'd expect any new capabilities by courts (prosecution and executive branch) to compel manufacturers to violate privacy of consumers to also be kept secret, until it too is leaked.

    What will happen to technological exports from the US? Will consumers assume that all governments are doing things like this, and with the world economy the way it is, every country with a manufacturer of parts or firmware could be pressured to back-door their products?

    How would these kinds of policies and rules impact security? Would inclusion of back-doors in products make security substantially worse, or are there presently so many security issues, that the tiny change in number of issues known and unknown by adding new back-doors, that comparing total counts before and after would be statistically equivalent to not having them? (In any estimation of security errors, there is an estimate of error, plus-or-minus a value; would the addition of back-doors be so small in comparison to security risks known and unknown as to be meaningless?) Should we assume that vendors do not already have back-doors?

    Again, please avoid political arguments.

  • #2
    Re: Legalization of backdoors in US technology and impact to security

    I think the bigger issue is the secrecy of the entire matter. Folks like the Tailored Access Operations Branch of the NSA. As a people we understand that law enforcement has certain powers, so do our courts, and we accept these limits. We know our car key is "ours" but in reality the dealer can always make a new key, and a locksmith can always get in. Same with a home safe or even a padlock. We're safe from the juvenile thief which is the problem 99% of the time. None of us expect to be watched by out own government unless we have taken 23 trips to Syria in the last year.

    However now if you have friennds overseas you are likely to be on a list. Overseas phone calls? Emails? Travel? More lists. And only because it is so easy to make a list. I bet anyone NOT on a list probably deserves to be on a list just for that reason.

    So is it wrong that I sold my Cisco gear and will gladly go out and buy Huawei? At least we already know the Chinese spy on everyone. And if they spy on me it will not be to find a reason to break down my door at 3am, it'll be for their own reasons and their own agenda.

    The unusual thing to me is that after all this time there are still no indictments or arrests. Too much 9/11 fear to speak out? And yet we wanted to impeach Nixon because his people looked through a few file cabinets?

    Our resulting indifference has basically sold us into slavery. Where will the next battle be? Oh maybe when companies buy infected hardware solely to reverse engineer the product, locate the "mother load" where all this data goes to, then use their wits to infect at the source.

    In the meantime those who have always lived under the surface, who do not use gmail or skype, who always use PGP when on their VPN, they will always move on without the drama. They will never raise their heads to invite us down their rabbit hole, lest they be targeted as well.


    • #3
      The idea that the US government can coerce companies into downgrade security features for export has been highlighted, with the recent release of the FREAK vulnerability. The fact that the US views anyone from outside it's borders as a threat has always been shown to be the case from the establishment as a colony to now. I think the part that is disturbing is they are now starting to not even trust their own citizens, this is a downward spiral towards an over monitored and controlled state where no communication would be able to pass without scrutiny. The question also must be asked who would control those using the backdoors and how would it even be possible to prevent organisations using them to access information unless specifically given authorisation. It also amuses me when you see articles such as the one below clearly demonstrating a one rule for us and another for them attitude.


      • #4
        The greatest concern isn't that the government watches you, it is that business watches you. Some corporate intelligence goon isn't constrained by the limits of the Constitution and federal, state and local oversight - he is constrained by what he thinks he can get away with while protected by the legal cloak of a billion plus dollar company. It would be foolish to forget that modern law enforcement is largely the result of the Pinkerton Detective Agency, paid legal mercenaries, representing the interests of rail road conglomerates. I'm sure there are people on this forum who regularly create products that large businesses would kill to have in order to maintain their established competitive advantage lest their stock slides a quarter of a point and Mr. CEO doesn't get his $50 million dollar bonus.