this post was submitted on 21 Aug 2023
384 points (97.5% liked)

Technology

59299 readers
4867 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

The IT Security definition of a "backdoor" is: something that provides open access to the data without the knowledge or control of the owners of the data - who are typically the users.

There's nothing about the legality or not of it or the company that makes the software being aware of it, which is why sometimes you get news about how a software maker having bing discovered to have a "backdoor" in their software and many of the ways the Chinese Government forces companies to provide access to user data, whilst being 100% legal (just like the US) are described as "backdoors".

From the point of view of IT Security specialists a technique having been endorsed by members-of-parliament/senators/congressmen/governments/presidents/monarchs/whatever or not is relevant for the naming of that technique - if it provides open access by a 3rd party to user data without user knowledge or control it's a "backdoor" and using it is "backdoor access".

So it's funny (sad funny rather than "ha ha" funny) how in (mainly American) newsmedia stuff which is 100% legal in China is described as a "backdoor" but the exact same techniques when 100% legal in the US are not describe as "backdoors" whilst technically being exactly that: honest and unbiased news would deem both backdoors or not depending on their characteristics (i.e. are they means of open access to user data without the knowledge of the owners of the data). It's clear the technical term is being misused due to it's association in the minds of people who aren't domain experts with "bad thing".

Normal warrants issued by a normal Court usually aren't considered "backdoor access" not because of their legality but because they're limited and executed by the people inside the company that received the warrants in a case-by-case basis (i.e. they fail the "open access" criteria), but the kind of warrants issue under FISA definitelly was open and forced the companies to provide open access: that's exactly the problem and that along with the absence of Probable Cause is why many consider it to go outside Rule Of Law.

It's unclear if FISA warrants have been used or not to force companies to provide what are (per the technical definition) "backdoors" in actual software implementations, but as we know thanks to Snowden they certainly did force some companies to provide NSA with free realtime access to their systems, and having a NSA server getting copies of any user communications passing through a mobile phone provider is technically "backdoor access" to their systems.

In summary, Engineering doesn't care about politics when naming technuques and beware that legality isn't the same as morality: all the shit that China does is just as as legal as all the shit the US does - after all, the people who make the laws are the one who authorized it.

Personally that was exactly the scary part in the Snowden revelations: the US plus a bunch of other supposedly democratic nations where doing exactly what dictatorships did, by changing the Law to make it legal and then deploying intrusive society-wide surveillance.

[–] [email protected] -1 points 1 year ago (1 children)

We can disagree about the definition of "backdoor access" all day, but you're still glossing over the context of the conversation, which is that the American tech listed above does not provide additional access to data that Chinese tech isn't also forced to comply to.

[–] [email protected] 1 points 1 year ago

This is exactly what you wrote:

None of those companies give “backdoor access”. All information has to be obtained legally via a warrant.

I pointed out that legality is not part of the definition of "backdoor access", so the second part of your statement does not at all not support the first part so your entire argument in that post is unsupported.

I don't even disagree that "American tech listed above does not provide additional access to data that Chinese tech isn’t also forced to comply to" - sadly, the limits on the subversion of American tech for surveillance seems to be only technical (as Snowden's revelations abundantly showed, the Law is not the limiting factor for surveillance in the US), so American tech probably provides the exact same level of additional access to data as Chinese tech and should be treated with the same distrust.

However I merelly responde to that very specific, very assured statement you made, which is simply wrong in technical terms.