What do China, FBI and UK have in common? All three want backdoors in Western technology
'I need your clothes, bootloaders and CPU cycles'
The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over.
Suppliers of hardware and software must also submit to invasive audits, the New York Times reports.
The new requirements, detailed in a 22-page document approved late last year, are ostensibly intended to strengthen the cybersecurity of critical Chinese industries. Ironically, backdoors are slammed by computer security experts because the access points are ideal for hackers to exploit as well as g-men.
Foreign companies are concerned that the fresh regulations will effectively push them out of one of the world's largest and fastest-growing markets. Western businesses criticized the policies as protectionist, and see it as the latest salvo in an ongoing standoff between China and the US over the control of technology. The US Chamber of Commerce has called for talks on the matter.
China wanting backdoors in US-built hardware and software will appall privacy and security activists – but it's in line with the backdoors requested by senior FBI figures and UK Prime Minister David Cameron: the Feds and Brit spies would love to be able to pull information out of phones and other devices as they please.
"The FBI seems to have the same plan as the Chinese except they don't even pretend to audit the software," noted Tor developer and privacy activist Jacob Appelbaum.
The infosec expert known as The Grugq added: "China and FBI unite to demand reduced security for iPhones. Who knew they had so much common ground?"
It's technically possible to set up escrow systems that give a government access to the cryptographic keys needed to unlock a device's backdoor. That's what the infamous Clipper Chip was set up to accomplish in the 1990s: the chips, designed to encrypt voice calls for phones using a DES-like algorithm, were programmed with an 80-bit key in the factory – which could be given to a government to decrypt the mobile's calls.
Critics dubbed key escrow "key surrender," and attacked the whole scheme for introducing a weakness that unintended parties could exploit. Attempts by the US government to push the Clipper Chip on an unwilling tech industry were rendered moot with the emergence of stronger cryptography.
Apple and Google's decisions in to encrypt data stored on their smartphones by default has rekindled the key escrow debate, particular in upper echelons of government. History teaches us that leaving a spare key with one government is problematic. Creating a "secure" and internationally open backdoor – which is effectively what governments in the US, China and UK are pushing tech firms towards – is completely unworkable, to put it charitably.
China may well respond to criticism about protectionism by noting how difficult the US, in particular, makes it for Huawei to sell telecoms kit to Western carriers. Disclosures from the Snowden leaks that Uncle Sam's hackers were active in trying to hack Huawei's systems further complicates the picture.
Amid concerns over backdoors, Apple agreed to a Chinese government security audit of iPhone, iPad & Mac. Although Apple's devices are manufactured in China, some of the tech is designed in the California, leading to Chinese government concerns that the kit may be used to spy on Chinese users, the Daily Telegraph reports. ®
Sponsored: Becoming a Pragmatic Security Leader