this post was submitted on 21 Aug 2023
345 points (97.5% liked)
Technology
59428 readers
3120 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I suggest you read all about FISA courts.
They issue court orders which companies cannot divulge they're under and those things are often not limited to surveillance of specific individuals in the course of investigating a crime but are often mass surveillance orders.
This is how the NSA had servers directly in some US phone providers feeding directly from their core systems.
All this was brought out as part of the Snowden revelations, so you should know better than parrot the description of what has been a fantasy version of how the Law works in the US since 9/11 and the Patriot Act.
Still today it's a core rule for companies anywhere in the World which have trade secrets that might be of benefit to US companies to not use any systems hosted or owned by US companies (or, in fact, UK ones, were such laws are even worse) exactly because said US companies can silently be complied BY LAW to give the local spy agencies access to that data.
This isn't "backdoor access" being given by definition, as FISA courts still require legal warrants even though they're secret.
Not trying to argue the sketchyness of the US government though, I mostly agree with everything you've said, but the distinction is the context of the conversation. TikTok is still required to comply to FISA requests if they want to operate in the US, no additional access to user data is given by those American tech companies, or at least we have no reason to think that yet.
The IT Security definition of a "backdoor" is: something that provides open access to the data without the knowledge or control of the owners of the data - who are typically the users.
There's nothing about the legality or not of it or the company that makes the software being aware of it, which is why sometimes you get news about how a software maker having bing discovered to have a "backdoor" in their software and many of the ways the Chinese Government forces companies to provide access to user data, whilst being 100% legal (just like the US) are described as "backdoors".
From the point of view of IT Security specialists a technique having been endorsed by members-of-parliament/senators/congressmen/governments/presidents/monarchs/whatever or not is relevant for the naming of that technique - if it provides open access by a 3rd party to user data without user knowledge or control it's a "backdoor" and using it is "backdoor access".
So it's funny (sad funny rather than "ha ha" funny) how in (mainly American) newsmedia stuff which is 100% legal in China is described as a "backdoor" but the exact same techniques when 100% legal in the US are not describe as "backdoors" whilst technically being exactly that: honest and unbiased news would deem both backdoors or not depending on their characteristics (i.e. are they means of open access to user data without the knowledge of the owners of the data). It's clear the technical term is being misused due to it's association in the minds of people who aren't domain experts with "bad thing".
Normal warrants issued by a normal Court usually aren't considered "backdoor access" not because of their legality but because they're limited and executed by the people inside the company that received the warrants in a case-by-case basis (i.e. they fail the "open access" criteria), but the kind of warrants issue under FISA definitelly was open and forced the companies to provide open access: that's exactly the problem and that along with the absence of Probable Cause is why many consider it to go outside Rule Of Law.
It's unclear if FISA warrants have been used or not to force companies to provide what are (per the technical definition) "backdoors" in actual software implementations, but as we know thanks to Snowden they certainly did force some companies to provide NSA with free realtime access to their systems, and having a NSA server getting copies of any user communications passing through a mobile phone provider is technically "backdoor access" to their systems.
In summary, Engineering doesn't care about politics when naming technuques and beware that legality isn't the same as morality: all the shit that China does is just as as legal as all the shit the US does - after all, the people who make the laws are the one who authorized it.
Personally that was exactly the scary part in the Snowden revelations: the US plus a bunch of other supposedly democratic nations where doing exactly what dictatorships did, by changing the Law to make it legal and then deploying intrusive society-wide surveillance.
We can disagree about the definition of "backdoor access" all day, but you're still glossing over the context of the conversation, which is that the American tech listed above does not provide additional access to data that Chinese tech isn't also forced to comply to.
This is exactly what you wrote:
I pointed out that legality is not part of the definition of "backdoor access", so the second part of your statement does not at all not support the first part so your entire argument in that post is unsupported.
I don't even disagree that "American tech listed above does not provide additional access to data that Chinese tech isn’t also forced to comply to" - sadly, the limits on the subversion of American tech for surveillance seems to be only technical (as Snowden's revelations abundantly showed, the Law is not the limiting factor for surveillance in the US), so American tech probably provides the exact same level of additional access to data as Chinese tech and should be treated with the same distrust.
However I merelly responde to that very specific, very assured statement you made, which is simply wrong in technical terms.