Reports have recently emerged that malware from the China-affiliated Salt Typhoon group has been found exploiting CALEA (Commercial Assistance for Law Enforcement Act) backdooring systems within U.S. telecom networks as a means to surveil, for China, customers across America. These customers included U.S. Government officials, so it would seem probable that some of them may have, earlier in their careers, been the very people who demanded the CALEA backdooring systems be installed in the first place. The Chinese access to the system was maintained for months or more. This is therefore a good time to remind readers of the dangers of governments seeking emergency powers with which to access private information and systems. Even if, bizarrely, someone were to trust today’s state officials in whichever country they are in, are they willing to trust every other government in the world and every well resourced band of independent cyber-criminals too? Because when one allows a backdoor for one government to be embedded somewhere, he is also allowing in all the other bad actors too.
The Bill Clinton Administration, which also wanted to compromise all computer hardware via a clipper chip scheme, passed CALEA in 1994. This mandated telecom companies to have interfaces within their systems to let backdoor capabilities be easily attached at a later point. With these interfaces in place the U.S. Government could be sure of an easy time when it came to the telecom companies with a specific demand, notionally court-approved, to snoop on somebody’s private communications. Mostly this form of backdoor is able to collect metadata, as encrypted internet traffic’s contents are immune to spying performed at this level of the network stack, but it can also spy on the content within conventional telephone calls and standard SMS messages if activated to do so. As U.S. companies built this into many telecom backend hardware products, they also ended up sold abroad in a mode which was initially inactive but for which activation was still technically possible. This lead to a number of scandals. Security expert Bruce Schnier has described the recent reports as “one more example of a backdoor access mechanism being targeted by the ‘wrong’ eavesdroppers“.
Backdoors can of course be argued against on far wider grounds than just the obvious hazards they present when opened by a country other than the one who installed them. In rare moments of sanity both the UN, in the form of its Human Rights Office of the High Commissioner, and the European Court of Human Rights have recognised the importance of encryption-enabled privacy, without backdoors, describing it as, in effect, a human right on account of it providing a means to give people the confidence to speak freely. Whilst it is right to criticise many human rights lawyers, who seem to be interested primarily in maximising the range of things which the legal system pries into, thereby maximising their opportunities to take cases, the concept of actual real human rights when applied to the individual freedoms of everyone in this manner still holds worth. But no longer must those of us who care about our privacy use moral arguments as our only strand by which to oppose intrusion. Nor can surveillance apologists, any more, try to avoid criticisms on technical grounds by insisting that other parties getting control of a backdoor ‘could never happen’. This news unquestionably demonstrates that backdoors are not just a human rights violation, but are now proven to be a means to let foreign adversaries easily attack your own nation’s infrastructure.
Now would be a very good time for J.D. Vance to capitalise on his earlier warnings of the dangers of backdoors. Citing this latest development he should be able to easily fend off any bureaucrats seeking to persuade him to change his tune to their benefit.
Perhaps this news will also cause Ken McCallum, Director General of MI5, to reevaluate the ridiculous assertions which he made earlier this year that: “Privacy and exceptional lawful access can coexist if absolutist positions are avoided. World-class encryption experts are confident of this.” To misquote Yes Minister, can he name even three of those supposed experts? If he can then have any of them actually written any code, or analysed any algorithms for themselves, in the last 10 years? Have any of them recently said a little prayer to the god of null pointer dereferencing whilst clicking to compile code for the 50th time? Or are they managerial yes-men in the mould of Whitty, Vallance or Fauci? Mr. McCallum is clearly not a fool: he has shown himself to be level-headed when warning of the dangers of cosying up to the Chinese Communist Party and the dangers of depending on Russian gas supplies. In the light of this news might he recognise just how incorrect his “exceptional lawful access” statement was, and that introducing deliberate vulnerabilities of any kind into any system serves not only to cosy up to the Communist party, but indeed roll out the red carpet for it.
Lastly, if Donald Trump should, hopefully, pardon both Snowden and Assange, then he’d do well to hire them as advisers in the wake of this news. He’d do well to hire them even if they’d only be willing to work remotely from somewhere that the U.S. intelligence apparatus can’t so easily menace them. They’ve both been warning of this kind of thing for over a decade. With Trump now coming into power as an anti-establishment politician, who has for his upcoming presidency carefully chosen a Cabinet of people not allied to what can be termed the deep state, there is a much better chance that he will finally end the era of mass surveillance than could have been hoped for under a Democrat party which had repeatedly renewed NSA powers. Furthermore, as Trump seems rather keen on Bitcoin, he has all the more reasons to make sure the integrity of cryptography and of telecom and internet infrastructure remains sound. Despite limitations, such as extreme fluctuations relative to other currencies, which presently make Bitcoin impractical for typical transactions, what is good for decentralised cryptocurrencies tends to have side effects good for freedom as a whole. Here is a scenario where civil liberties and actual national security, the security of individuals and small-to-medium businesses within a nation rather than the job security of intelligence agency busybodies, are in fact aligned, and together they say no to backdooring.
As Michael Shellenberger said: “The idea that we must censor speech to protect democracy ranks with other Orwellian ideas like ‘War is peace’ and ‘Slavery is freedom’.” The argument for backdoors as a means to protect national interests has now been thoroughly exposed to be just as absurd. The time has come for governments across the West to decide what is more important: protecting Sir Humphrey Appleby of the deep state from the sack, or protecting entire countries from autocracies abroad. Governments making that decision should also bear in mind that working unbackdoored cryptographic algorithms are already in the public domain and it will always be possible for private messages to be exchanged which governments cannot read. It will always be possible also for messages to be exchanged anonymously, that is to say without metadata which governments can use to map out who is contacting whom and which the CALEA backdoors are particularly focused on collecting. The decision governments must take is therefore between a world in which they make the infrastructure of our nations vulnerable, yet still can’t actually spy on all the people they wish to, and a world in which they abandon petty snooping and focus on keeping infrastructure working (and apolitical) for the people who elected them.
Dr. R P completed a robotics PhD during the global over-reaction to Covid. He spends his time with one eye on an oscilloscope, one hand on a soldering iron and one ear waiting for the latest bad news.
To join in with the discussion please make a donation to The Daily Sceptic.
Profanity and abuse will be removed and may lead to a permanent ban.