China Passes Law Requiring Tech Firms To Hand Over Encryption Keys (betanews.com) 170
Mark Wilson writes: Apple may have said that it opposes the idea of weakening encryption and providing governments with backdoors into products, but things are rather different in China. The Chinese parliament has just passed a law that requires technology companies to comply with government requests for information, including handing over encryption keys.
Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists. China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.
Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists. China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.
Re:Damn! They beat us to the punch! (Score:5, Funny)
Wait, if the Chinese are doing it, doesn't that mean that it's an evil commie tactic that no God-fearing American would ever even suggest using?
Re: (Score:2)
Wait, if the Chinese are doing it, doesn't that mean that it's an evil commie tactic that no God-fearing American would ever even suggest using?
Not if they sell them in Wal-Mart.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yay, go Trump!
Re: (Score:2, Interesting)
That is a fucking atrocious idea. Giving into China here nullifies their "we don't play that" stance. Uncle Sam will know that they DO play that way; if you threaten Apple's profits. Once that door is open Uncle Sam will get what he wants.
This isn't a vague slippery slope fallacy either. This is a direct consequence.
Re: Apple should leave China (Score:2)
Apple should NOT leave China (Score:5, Insightful)
Apple will then be complying with China's laws, and can keep raking in the bucks by selling them easy to compromise phones and personal gadgetry. Nothing requires them to then cripple their phones in other parts of the world, which they will presumably not do so they can claim that they have a secure platform as a sales point every else. Win Win.
Of course, the person getting fucked is the average Chinese person. They are being ass-reamed even harder by the government stooges, but perhaps this will be the thing that finally pisses the populace off enough to finally rise up and start hanging all the communist stooges running the country.
I bet the NSA is having a massive Christmas circle jerk over this one. Their job just became a million times easier...
Re: (Score:2)
When Apple doesn't have the keys in the first place, is that really non-compliance? And if so, how would they be expected to *POSSIBLY* "comply"? How can they hand over encryption keys they do not have?
Re: (Score:1)
Seems trivial to:
if (region == china) {
uploadKeychain(...);
}
Re: (Score:1)
Yes, this "code" runs on the phone where the keys reside. If Apple doesn't store the keys on its servers and you don't store the keys on your phone, how can anyone use the keys?
Re: (Score:2)
Step 2 will be banning any encryption where the company doesn't hold the keys (and thus can't give them to the government).
Re: (Score:2)
US law and court decisions matter not one whit to China however in the more restrictive US, I expect it would go something like this at least as far as the courts:
The US already has a court decision which says ephemeral data, that which was stored in RAM even momentarily, is subject to court ordered seizure e
Re: (Score:2)
I'd actually like to see Google produce a phone, calling it, say, the "Nexus Patriot" or "Nexus Law Enforcement Edition", implementing full backdoor capabilities. And, when they start selling it, pre-emptively send the decryption keys and all necessary software to all government security agencies, including those of pariah nations like North Korea.
If that doesn't make a lasting point... ah, who am I k
Re: (Score:2)
Re: (Score:2)
Not to mention things like open source encryption software like GnuPG or Signal. They sell nothing so need no local front to deal with payments. Only remaining option is they get blocked (hi Brasil).
whatever China wants (Score:3)
Re:whatever China wants (Score:5, Insightful)
So tech companies will have at least 2 product lines.
a. for everywhere EXCEPT China
b. for no place BUT China
What will happen to this law once Chinese tech is not accepted anywhere except inside China?
And how many Chinese companies will be able to produce anything from category "a"? Remember, there is a LOT of tech that is manufactured in China but still belongs to non-Chinese corporations.
Re: (Score:2)
I don't really see why China needs the keys. They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require. I guess they're just lazy.
Re: (Score:3)
They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require.
That doesn't work when you have 1.3 billion suspects. This is not about investigating a few specific individuals, but about mass surveillance of the entire population.
Re: (Score:2)
It also does not work if I took steps such that when my hardware was seized, the encryption key in physical form like the ordering of a deck of cards or bills was destroyed.
"Why yes officer, I will be happy to hand ov
Re: (Score:2)
I don't really see why China needs the keys. They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require. I guess they're just lazy.
That doesn't work for international companies, where the only key holders reside outside China. No matter how many people they strongarm in China, they don't know the passwords and don't have the other end of dual-key pairs needed to decrypt anything vital.
Re: (Score:2)
Oh, I understand it well enough. I was commenting on someone who thought that China could always strong-arm the keys or passwords, which won't work. Companies will protect their assets from the Chinese, and pull out if the Chinese won't play ball.
It's not necessarily good news for Americans as much as it is good news for other countries with cheaper manufacturing than the US. Korea comes to mind.
Re: (Score:2)
That doesn't matter much, Chinese workers are getting more expensive already. Foxconn is opening factories in cheaper India already.
Re: (Score:3)
To say it is China 'only', is really inaccurate, there are a whole bunch of countries with similarly repressive regimes. You can understand their need to do so though. You have hundreds of millions working in poverty, working extremely hard, for bloody little recompense, this cheered on by western corporations (the idiots are cheering their own demise, fools) and keeping a lid on that social injustice takes real effort but that lid is loosening all of the time and they simultaneously seem to be easing off w
Re: (Score:2)
China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?
Re: (Score:3)
China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?
Actually, yes. There are a surprising number of "reactionary" communists in China, that want to go back to Maoism, despite the disastrous outcome of his policies. It is fairly common to see people with little Mao pins on their lapels, especially in inland areas, and some Hunan restaurants have little "Mao shrines" (Mao was from Hunan).
Re: (Score:2)
I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).
Re: (Score:3)
I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).
Was China ever really communist? The guys at the top have always had it much, much better than everyone else. I doubt perfect Communism is even possible without a computer running the show, but they didn't even come close.
Re: (Score:2)
And while these smaller countries may not have the moxie to enforce key recovery on the manufacturers, they will not need to if the US (or China?) does it for them.
Re: (Score:2)
This is already the law in many other countries, China is just catching up. Apple and everyone else will use the same privacy enhancing technique to avoid complying as they do everywhere - they won't have access to the keys. They will only be forced to turn over metadata, which is as bad or worse but hard to avoid.
Re: (Score:2)
Re: (Score:1)
20 years ago, I'd have called you an idiot. Dunno what to make of that but, alas, that's how it was - at least on the surface.
Re: (Score:2)
The difference could amount to no more than a change in firmware or configuration.
It's kinda horrifying (Score:2, Insightful)
It's kinda horrifying that we are so close to chinese draconian laws or even further advanced that we can't even complain about them. This is about to be implemented in the U.S. and in U.K. you get to stay in jail until you reveal your password.
Re: It's kinda horrifying (Score:3)
Weve definitely lost the moral high ground.
China (Score:5, Insightful)
Like it would matter much (Score:2)
If a key which is in the hands of a company (Apple, Huawei, ...) is your only line of defence WRT the security/privacy of content you supply or save, then you should regard this content to be public and open for preying eyes already. I think it is called "trusted" in that negative, military sense.
Just like email sent to a @gmail.com account or company secrets in an office365 account. Your grandma and neighbour won't get there, police/law enforcement will have sever problems. But 3LetterAgencies of many gove
Re: (Score:2)
This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.
Why would they view it suspiciously? They'll fall into line and do what the Chinese government requires of them because they'll deem it worth the cost. Money and profits above all else.
Yep. Research In Motion paved the way when they handed over BES encryption keys to the Indians.
This might be good for the USA (Score:5, Funny)
Re:This might be good for the USA (Score:5, Insightful)
Too late, they already passed CISA. America has already demanded the encryption keys as "information sharing."
Re:This might be good for the USA (Score:5, Insightful)
Most Americans are against warrantless surveillance on both sides of the political spectrum.
Most Americans have no idea what encryption or data surveillance entails, and are more concerned with the price of TV dinners at Wal-Mart.
Re: (Score:1)
Re:This might be good for the USA (Score:5, Insightful)
Politicians in the U.S. and Europe will have no difficulty in, on the one hand, decrying this as an oppressive move by a non-democratic government while simultaneously, on the other hand, continuing to demand that THEY need exactly the same thing in order to combat terrorism.
Re: (Score:2)
Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.
Well china also has laws against murder and rape. Just because we don't see eye-to-eye doesn't mean that we can't ever agree on something if it makes sense and protects innocent people.
That is what the politicians will say. Or some version of that anyway. Don't think for a minute that they won't find a way to argue around it.
Re: (Score:1)
Perhaps I'm forgetting history, but IIRC the USA actually embraced eugenics with the rise in popularity of the Nazis and it was only AFTER the war and the holocaust that eventually the USA quietly back-peddled on support of such things--in private, there was still plenty of support as even today Social Darwinism and eugenics are still here.
Re: (Score:2)
I wish this were so but politicians will call for China to not have encryption keys and then turn around and demand that the US government have all the encryption keys without any sense of cognitive dissonance. Many of these politicians will continue on to rail against big government while still arguing that government should have back doors into all encryption.
Re: (Score:2)
There is *way* too much money to be made by having access to these keys. Every government in the world will demand them.
Funny you should say that. Cue the NSA (plus some more daring entrepreneurs) getting access to the Chinese backdoors, and thus p0wning every device in China. Lots and lots of money to be made, easily enough to pay huge bribes to whatever government official can sell you the backdoor.
Democrats (Score:3, Insightful)
Re: (Score:3)
Both the Democans and Republicrats want to kill encryption, albeit for different ultimate purposes. (Amusingly, both you and AC just below had the same thought simultaneously.)
Re:Democrats (Score:4, Funny)
The Democrats want to spy on us to get more power, without losing too many votes from Democrat voters.
The Republicans want to spy on us to get more power, without losing too many votes from Republican voters.
Thus, the justification for the spying is different because it has to appeal to different demographics.
Re: (Score:3)
China can make a law such as this because they do not have to worry about any domestic protests or complaints. They do not have an adversarial forum to debate new laws. The only discussion in amongst the top Party leaders behind closed doors.
Re: (Score:2)
It's actually a bipartisan issue. Almost any time the Repukes and Dumbcraps get together on something you know the American people are about to get reamed.
Re: (Score:3)
Most of the politicians do. They don't understand the math, or the economics, or any other of the concepts. What they do know is that they have to respond to accusations that they're being weak on fighting terrorists. There's no left or right ideology here other than to look like you're being useful to the voters.
Law enforcement if left unchecked will assume more and more power, and the government is being lax in its duties by not saying "no" to those grabbing hands more often. If their only goal is to
Re: (Score:2)
It don't matter. Civil disobedience is still a thing, and if you're willing to spend some time in jail, not because you are guilty, but because you believe in something, then it doesn't matter what any political party wants.
Gonna do like they did during the prohibition and drink anyway? Gonna do like they did when being black was a crime?
Or you gonna post nihilistic garbage every time some other country does something that, due to the deep tradition in feudalism and monarchy, and willingness to disappear p
Clinton does, Sanders doesn't (Score:2, Informative)
Sanders voted against CISA while Clinton wants a "Manhattan Project" where Google, Apple, and MS give the government your keys "voluntarily".
Re: (Score:2)
She said no such thing. Read her comments again, she said she understands the danger of having keys like that from companies. Her Manhattan Project quote shows she wants to work with companies to try and come up with a solution, if there is one, nothing more. We all know there is no solution other than having better hackers than everyone else.
People falling for headlines over the actual substance again.
Re: (Score:2)
How interested is Apple in selling stuff in China? (Score:5, Insightful)
.
If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.
It's as simple as that.
Re: (Score:2)
Seems simple enough. An iPhone 666.
Re: (Score:1)
What does a law passed by the Chinese Parliament have to do with Apple, particularly?
Re: (Score:1)
What does a law passed by the Chinese Parliament have to do with Apple, particularly?
Apple, in particular, has been fighting against pressure from the US Government to do exactly what this new Chinese law requires. Back in iOS 8 (Or was it 7?) Apple stopped storing the encryption keys for iOS devices on their systems, so they cannot comply with government orders to unlock or decrypt user data on phones. The US DOJ and the CIA have been throwing an fit ever since. Now it looks like if Apple wants to continue to sell phones in China, they will have to give in and then that will give the US
Re:How interested is Apple in selling stuff in Chi (Score:4, Insightful)
It's quite interesting actually because now we get to see what sort of price Apple places upon its principles and core values.
An Apple's core is the part you throw out.
Re: (Score:2)
then Apple will comply with the laws of China.
As most of us have found out when going for PCI compliance, the best way to protect data is often not to possess it. If the keys are generated by the consumer, than it is the consumer that needs to hand over the keys, and not Apple. My understanding is that Apple cannot decrypt customer data, even if they wanted to, as only the customers possess the key(s) to do so.
Re: (Score:2)
Re: (Score:3)
If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.
Which is why it is better for all tech firms to not have access to encryption keys. End to end encryption needs to be the standard, so there are no keys to turn over.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This is a Wonderful Opportunity (Score:2)
This is a great opportunity for hackers to exploit back doors and move money from the Chinese economy to (say) the Russian economy.
A government mandated back door is otherwise known as a zero-day exploit.
Woohooo....
Apple's response will be... (Score:1)
Apple's response will be that they have handed over all the keys they have.
Unless China is mandating that devices can't negotiate their own keys without the involvement of Apple. But that would mean banning entire categories of apps.
Easy solution (Score:3)
Give Chinese consumers crippleware products so no company cares enough to protect its Chinese sold IP.
Yet another reason (Score:3)
Yet another reason for companies to make sure they don't have the keys to their users' data. You can't provide what you provably never had.
Of course, if governments require vendors to escrow the keys that strategy won't work. But it doesn't appear that China has gone that far.
Certs (Score:2)
Iceberg dead ahead (Score:2)
A difficult choice for tech companies is coming. If they provide the Chinese with the backdoors they ask for, they can't very well deny any other governments who ask for the same thing now can they ? They'll have to build country compliant models to appease every little dictator on the planet :|
Otoh, if they refuse to play ball, they'll be blocked from selling products in the country, depriving them of large amounts of revenue. Perhaps this is how China will force it's citizens onto China authorized pro
Re: (Score:2)
Well, that depends.
Consider that Android is Open Source. Google can easily not include it on their phones sold in the US. I'm not sure how many Nexus phones Google sells in China but I can't imagine that it's that many. Google wouldn't take a huge hit in sales if they just didn't sell their Nexus phones in China and they'd probably make promotional hay out of it--"We'll forgo our sales in China to keep your data as safe as possible." As you say, there are plenty of Chinese companies who already sell And
Re: (Score:2)
No different. (Score:1)
So how is this different from what the UK and the US and other governments want?
http://it.slashdot.org/story/1... [slashdot.org]
http://tech.slashdot.org/story... [slashdot.org]
http://yro.slashdot.org/story/... [slashdot.org]
http://yro.slashdot.org/story/... [slashdot.org]
etc.
View of the law via Chinese press (Score:3)
...The law establishes basic principles for counter-terrorism work and strengthens measures of prevention, handling, punishment as well as international cooperation, he said.
Under the new bill, telecom operators and internet service providers are required to provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities.
They should also prevent dissemination of information on terrorism and extremism.
Li Shouwei of the National People's Congress (NPC) Standing Committee legislative affairs commission, said the rule accorded with the actual work needed to fight terrorism and was basically the same as other major countries.
"The clause reflects lessons China has learned from other countries and is a result of wide solicitation of public opinion," he added.
"(It) will not affect companies' normal business nor install backdoors to infringe intellectual property rights, or ... citizens freedom of speech on the internet and their religious freedom," Li said.
China's national security law adopted in July also requires Internet and information technology, infrastructure, information systems and data in key sectors to be "secure and controllable"....
Wording. (Score:2)
Always mind you wording in reporting of such things.
If China does it, it's oppression of liberty. If we do it, it's the fight against crime an terrorism.
So. (Score:1)
Hyperbole (Score:2)
Companies / service providers which maintain access to locked containers may be compelled to unlock them upon government request.
In which country is this NOT true?
Of course the state of encryption nowadays is that companies are using the same lock combination for ALL their containers. That is a problem that needs to be fixed (perfect forward secrecy).
Another problem is that companies who carry information often do this by accepting a message from person A and then repackaging it for person B -- which makes
Not just China's goal (Score:2)
"Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists."
This is always the case, whether it's the Chinese government or any other. I wish more people in the general public understood that. At least I don't have to change my sig.
The Death of IBM (Score:2)
Two girls with green eyes? (Score:1)