cross-posted from: https://feddit.org/post/3639969
At EFF we’ve long noted that you cannot build a backdoor that only lets in good guys and not bad guys. Over the weekend, we saw another example of this: The Wall Street Journal reported on a major breach of U.S. telecom systems attributed to a sophisticated Chinese-government backed hacking group dubbed Salt Typhoon.
According to reports, the hack took advantage of systems built by ISPs like Verizon, AT&T, and Lumen Technologies (formerly CenturyLink) to give law enforcement and intelligence agencies access to the ISPs’ user data. This gave China unprecedented access to data related to U.S. government requests to these major telecommunications companies. It’s still unclear how much communication and internet traffic, and related to whom, Salt Typhoon accessed.
That’s right: the path for [U.S.] law enforcement access set up by these companies was apparently compromised and used by China-backed hackers.
[…]
Internet Wiretaps Have Always Been A Bad Idea
Passed in 1994, CALEA requires that makers of telecommunications equipment provide the ability for government eavesdropping. In 2004, the government dramatically expanded this wiretap mandate to include internet access providers. EFF opposed this expansion and explained the perils of wiretapping the internet.
The internet is different from the phone system in critical ways, making it more vulnerable. The internet is open and ever-changing. “Many of the technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information,” EFF wrote, nearly 20 years ago.
[…]
Anyone who thinks otherwise has no business sharing their thoughts on the matter
Oh no, i’m in shock!
/s
It’s almost like the legislators are more concerned with swinging their dicks around than with actual safety and best practices.
They are more concerned with people who might threaten their power having some potential for privacy.
The consequences for common security are far below in their list of priorities.
Can’t they just get this info with a warrant? If they are using a backdoor, it’s illegal no matter who is doing it.
EU chatcontrol is going to be great IF they do it.