Cyber Defense Advisors

More Countries are Demanding Backdoors to Encrypted Apps

@ Bruce,

Az @Ren has indicated the French politicians voted it down

But they apparently did not look like that was likely.

Thus those who had been pushing for it thought mistakenly they’d

“Got the ball across the line”

When in fact they had not.

In part we know this was down to the failure that was the US “Communications Assistance for Law Enforcement Act”(CALEA) –pushed past Bill Clinton in 1994– that even US Security Agencies were significantly embarrassed by recently due to “assumed” Chinese State Aligned entities getting into the system and using it against US Citizens.

Perhaps it would be a good time to show how the man who became the fifth Director of the US FBI Louis Freeh who so desperately wanted not just phone wire taps but a whole lot more. But could not persuade US lawmakers so even went on a “grand european tour” at tax payers expense trying to convince other countries to be first so he could use them as examples to convince US Lawmakers. But again he was not successful.

So what changed the view? Some say it was fortuitously for Freeh and others that late in December 1988 Pan Am Flight 103 from London with nearly 200 US Citizens on it going home for Xmas exploded over the little town of Lockerbie in Scotland.

What we now know is that it was “dressed up” by the FBI and UK Security Services and very much questionable evidence was used in the process.

Which it’s been claimed the massive FBI driven false narrative arguments given to US MSM etc finally started putting sufficient pressure on US law makers.

Then in 1992 a plot was started that resulted in the Feb 1993 World Trade Center Bombing. And again it’s known that the lack of wiretapping and similar claims were made. It’s also said that it was this that got the lawmakers sufficiently “on side”.

We know the FBI narrative about the usefulness of wiretapping was not true in part because 9/11 happened something that the pro arguments for CALEA said it would prevent.

Since then there have been a number of claims made about the FBI using intelligence to stop bomb plots. However, most were suspect and looked more like entrapment of the mentally deficient. In fact some claimed that not only were they entrapment they were actually “Fund Raisers” orchestrated by the FBI to get increased resources of various kinds.

The quite successful bombing of the AT&T switching/data center in late December 2020 again showed that what had been claimed by the FBI for drastically increased surveillance really was not true. But also further highlighted that the earlier alleged FBI successes may well have been entrapment / “Fund Raisers” that strangely had just stopped…

We simply do not know about any of this but when the MSM start writing about it as though it were fact, you can be reasonably certain their lawyers signed off on it being sufficiently factual to be defendable.

So whilst France has had more than it’s share of Terrorist attacks it’s noticable that they do not appear to have been persuasive at this time, whilst other arguments against were.

Especially as France has a very long history of being “anti-encryption” going back over a hundred years at least.

But I’ll be honest whilst we might win this battle, we are about to loose it’s replacement.

I and others have proved that backdoors in E2EE can be fairly easily defeated and there is nothing that can be done about it.

We already know Governments have changed tactics and are doing “end run attacks” around on-device E2EE by exploiting OS deficiencies to put in I/O device “shims”.

This has been given various names such as “See What You See”(SWYS) and device/client side scanning. We also know that Apple put the basics in their OS supposedly in the fight against CSAM, and got pilloried for it. Allegedly they took it out… But it’s been said that like “BLE Beaconing” the low level code in the OS remains, just requiring something to “drop on the hooks”.

It was this idea of “build in the base in the OS” that with Ericson Telco Switches and CALEA that gave us what is now called “The Greek Olympics Wiretap Tragedy”… Where the CIA and NSA bugged over 100 Greek politicians and officials and a Vodafone employee was “suicided” (see Greek Gov enquire findings).

As I’ve repeatedly pointed out for several years here these “End Run Attacks” are only possible because the “Communications Endpoint” can be extended around past the “Security Endpoint” by an attacker.

With the complicity of the OS supplier for the user device SWYS attacks are always going to be possible with the “Security Endpoint” being “on-device”.

Which means that if we want any kind of privacy and security from criminals then we have to take the “Security Endpoint” “Off-Device” in a way that stops any “End Run Attacks”.

However considerable care has to be taken because of “covert side channels” (I mentioned this the other day so it can be easily looked up just search for “snake oil”)

 

Related Post

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs,

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud

Cyber News

5 Impactful AWS Vulnerabilities You’re Responsible For

If you’re using AWS, it’s easy to assume your cloud security is handled – but that’s a dangerous misconception. AWS

Cyber News

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called

Cyber News

How Each Pillar of the 1st Amendment is

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom

Cyber News

Leave feedback about this

  • Quality
  • Price
  • Service
Choose Image