{"id":640845,"date":"2024-10-07T22:10:56","date_gmt":"2024-10-07T19:10:56","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-30-year-old-internet-backdoor-law-that-came-back-to-bite\/"},"modified":"2024-10-07T22:10:56","modified_gmt":"2024-10-07T19:10:56","slug":"the-30-year-old-internet-backdoor-law-that-came-back-to-bite","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-30-year-old-internet-backdoor-law-that-came-back-to-bite\/","title":{"rendered":"#The 30-year-old internet backdoor law that came back to bite"},"content":{"rendered":"<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\"><a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans.<\/p>\n<p class=\"wp-block-paragraph\">The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider\u2019s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">But for the technologists who have for years sounded the alarm about the security risks of backdoors, news of the compromises are the \u201ctold you so\u201d moment they hoped would never come but knew one day would.<\/p>\n<p class=\"wp-block-paragraph\">\u201cI think it absolutely was inevitable,\u201d said Matt Blaze, a professor at Georgetown Law and expert on secure systems, told TechCrunch about the latest compromises of telecom and internet providers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b\">The Wall Street Journal<\/a> first reported Friday that a Chinese government hacking group dubbed Salt Typhoon broke into three of the largest U.S. internet providers, including AT&amp;T, Lumen (formerly CenturyLink) and Verizon, to access systems they use for facilitating customer data to law enforcement and governments. The hacks reportedly may have resulted in the \u201cvast collection of internet traffic\u201d from the telecom and internet giants. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnn.com\/2024\/10\/05\/politics\/chinese-hackers-us-telecoms\/\">CNN<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/national-security\/2024\/10\/06\/salt-typhoon-china-espionage-telecom\/\">The Washington Post<\/a> also confirmed the intrusions, and that the U.S. government\u2019s investigation is in its early stages.<\/p>\n<p class=\"wp-block-paragraph\">The goals of the Chinese campaign are not yet fully known, but the Journal cited national security sources who consider the breach \u201cpotentially catastrophic.\u201d Salt Typhoon, the hackers in question, is one of several related Chinese-backed hacking units thought to be laying the groundwork for destructive cyberattacks in the event of an anticipated future conflict between China and the United States, potentially over Taiwan.<\/p>\n<p class=\"wp-block-paragraph\">Blaze told TechCrunch that the Chinese intrusions into U.S. wiretap systems are the latest example of malicious abuse of a backdoor ostensibly meant for lawful and legal purposes. The security community has long advocated against backdoors, arguing that it is both technologically impossible to have a \u201csecure backdoor\u201d that cannot also be exploited or abused by malicious actors.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe law says your telecom must make your calls wiret<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>able (unless it encrypts them), creating a system that was always a target for bad actors,\u201d said Riana Pfefferkorn, a Stanford academic and encryption policy expert, in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/bsky.app\/profile\/riana.bsky.social\/post\/3l5ugwu2oc32i\">a thread on Bluesky<\/a>. \u201cThis hack exposes the lie that the U.S. [government] needs to be able to read every message you send and listen to every call you make, for your own protection. This system is jeopardizing you, not protecting you.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u2018\u201dThe only solution is more encryption,\u201d said Pfefferkorn.<\/p>\n<p class=\"wp-block-paragraph\">The 30-year-old law that set the stage for recent backdoor abuse is the Communications Assistance for Law Enforcement Act, or CALEA, which became law in 1994 at a time when cell phones were a rarity and the internet was still in its infancy.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">CALEA requires that any \u201ccommunications provider,\u201d such as a phone company or internet provider, must provide the government all necessary assistance to access a customer\u2019s information when presented with a lawful order. In other words, if there is a means to access a customer\u2019s data, the phone companies and internet providers must provide it.<\/p>\n<p class=\"wp-block-paragraph\">Wiretapping became big business in the post-2000 era, following the September 11 attacks in 2001. The subsequent introduction of post-9\/11 laws, such as the Patriot Act, vastly expanded U.S. surveillance and intelligence gathering, including on Americans. CALEA and other surveillance laws around this time gave rise to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/meet-the-shadowy-tech-brokers-that-deliver-your-data-to-the-nsa\/\">an entire industry of wiretapping companies<\/a> that helped phone and internet companies comply with the law by wiretapping on their behalf.<\/p>\n<p class=\"wp-block-paragraph\">Much of how those expanded wiretapping laws and provisions worked in practice \u2014 and what access the government had to Americans\u2019 private data \u2014 were kept largely a secret until 2013, when former NSA contractor Edward Snowden leaked thousands of U.S. classified documents, broadly exposing the government\u2019s surveillance techniques and practices over the past decade, including the vast collection of Americans\u2019 private data.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">While much of the Snowden surveillance scandal focused on how the U.S. government and its closest allies collected secret data on its top foreign intelligence targets, such as overseas terrorists and adversarial government hackers, the revelations of the U.S. government\u2019s spying led to an uproar by Silicon Valley <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> giants, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/world\/national-security\/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say\/2013\/10\/30\/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html\">whose systems in some cases had been unknowingly tapped<\/a> by U.S. intelligence agencies. Silicon Valley collectively fought back, which led in part to the peeling back of the years of government-mandated wiretapping secrecy and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a> obscurity.<\/p>\n<p class=\"wp-block-paragraph\">In the years that followed, tech giants began encrypting as much customer data as they could, realizing that the companies could not be compelled to turn over customer data that they could not access themselves (although some untested legal exceptions still exist). The tech giants, who were once accused of facilitating U.S. surveillance, began publishing \u201ctransparency reports\u201d that detailed how many times the companies were forced to turn over a customer\u2019s data during a certain period of time.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">While the tech companies began locking down their products so that outside snoops (and in some cases, even the tech companies themselves) could not access their customers\u2019 data, phone and internet companies did little to encrypt their own customers\u2019 phone and internet traffic. As such, much of the United States\u2019 internet and phone traffic remains available to wiretaps under CALEA.<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s not just the United States that has an appetite for backdoors. Around the world, there remains an ongoing and persistent effort by governments to push legislation that undermines, skirts, or otherwise compromises encryption. Across the European Union, member states are working to legally require messaging apps to scan their citizens\u2019 private communications for suspected child abuse material. Security experts maintain that there is no technology capable of achieving what the laws would demand without risking nefarious abuse by malicious actors.<\/p>\n<p class=\"wp-block-paragraph\">Signal, the end-to-end encrypted messaging app, has been one of the most vocal critics of encryption backdoors, and cited the recent breach at U.S. internet providers by the Chinese as why the European proposals pose a serious cybersecurity threat.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThere\u2019s no way to build a backdoor that only the \u2018good guys\u2019 can use,\u201d said Signal president Meredith Whittaker, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/mastodon.world\/@Mer__edith\/113261633712790956\">writing on Mastodon<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">Speaking of some of the more advanced proposals for backdoors that have come up in recent years,\u00a0 \u201cCALEA should be regarded as a cautionary tale, not a success story, for backdoors,\u201d said Blaze.\u00a0<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2024\/10\/07\/the-30-year-old-internet-backdoor-law-that-came-back-to-bite\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans. The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider\u2019s network, typically granting a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":640846,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2021\/11\/china_hack.jpg?resize=1200,800","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75269,152215,4973,152216,70375,5056,72287,152217,152218],"class_list":["post-640845","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-us-government","tag-backdoor","tag-china","tag-cyberattack","tag-cybersecurity","tag-encryption","tag-security","tag-volt-typhoon","tag-wiretapping"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/640845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=640845"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/640845\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/640846"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=640845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=640845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=640845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}