Amarjit Singh posted on drchaos.com about how China just added a new law regarding how the Chinese government can request to view encrypted communications. The original post can be found HERE.
China has passed a new law that goes into effect that will January 1st. It requires technology companies to comply with government requests to help with viewing encrypted communications, including handing over encryption keys.
Working under the guise of counter-terrorism, the law is the Chinese government’s attempt to curtail the activities of militants and political activists.
China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.
However, how different is the Chinese the law, compared to the laws based in the United States?
As noted in a July 13th, 2015 article on Slashdot.com Eric Geller wrote:
James B. Comey, Jr., the seventh director of the Federal Bureau of Investigation, is afraid of the dark.
“The law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem,” Comey said in an Oct. 16, 2014, speech at the Brookings Institution, an influential Washington, D.C., think tank. He called the problem “going dark.”
Politicians in the United States have been increasing their rhetoric on including encryption backdoors that allow law enforcement to break encryption and private communications under same guise of counter-terrorism. Perhaps, unknown to some, many of the surveillance technologies in place in China today are designed, implemented, and supported by US technology firms (see http://www.wired.com/2008/05/leaked-cisco-do/).
Many technology companies have been against the idea of backdoors implemented encryption. As noted on Arstechnica in an article written by David Kravets published on Oct. 20th, 2015 Apple’s CEO Time Cook is quoted:
“We said no backdoor is a must,” Cook said at the Laguna Beach, California conference. “Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution.”
Security professionals have argued adding a backdoor would most likely be discovered and used by attackers to gain unauthorized access to data and systems. However, it is obvious criminals and other organizations are using technology to their fullest advantage to hide their tracks. Not only must be we fight this battle from a technological perspective, we must also ensure that the laws and the ability of lawful investigation are in place for governments who need to protect their citizens.
Amarjit Singh, who as a Security Consultant worked for various industries including Healthcare, Retail, and Telecom.