Gives you a sense of why the U.S. intelligence community is so nervous about having Huawei at the core of the domestic 5G network. Would not be fun for the U.S. to have done to them what they've done to others.
And as a U.S. resident, even as I acknowledge and deplore what the U.S. intelligence services have done to others, I still don't want China to do that to me. This is not an area where equitable (but bad) treatment makes things right IMO.
Funny, I don't really care China spying on me as much since they just don't have any handles that would be relevant. Your own government spying on you is much more dangerous. And since I don't have influence on policies of China, I can at least hold domestic politicians that strive for more surveillance accountable. At least theoretically.
History shows that government isn't your friend at all. The US might be a rare exception from time to time. But even that would be very, very limited.
Doesn't mean I wouldn't mind 5G spyware from another country.
Even saying that the US is your friend isn't really true. The Tuskegee syphilis experiment and MKULTRA were only ended in the 70s, Orlando Letelier happened the same decade, as did the discovery of Operation Mockingbird and other Church Committee findings. Every peek we've had into that world since then continues to come up dirty too. Operation SHAMROCK was considered a big deal at the time, but we've since then allowed American intelligence to vastly eclipse anything even conceivable at the time.
Other countries programs aren't good or anything, but anyone who's deluded themselves into thinking the US is some kind of clean actor, not participating in this sort of stuff, or only using it for good is more optimistic than I could ever manage being.
You might be a god-fearing clean-shaven American, but I strongly suspect the number of Americans who have secrets they can be blackmailed over is at least one percent. While I’d like to change every society so such secrets are not big issues, I don’t expect that to happen, and 3.5 million Americans being potentially blackmailed by a superpower is something I’d prefer to avoid even though I’m not an American and don’t expect to live in the USA.
As a US citizen and resident I would far more prefer to have to contend with the US Govt than the CCP on this matter. At least in the US there is some legal procedure, accountability and civil society culture around limiting govt power. With the CCP there is none of that, neither for Chinese citizens nor foreigners.
It’s clear that the CCP is assembling a database of information on everyone in the developed world, not just in China, and that they intend to use it as part of their soft power arsenal (along everything else from economic incentives to Confucious Institutes).
The CCP is much more frightening and less accountable than the US Govt, especially as they reach parity in soft and hard power.
> Your own government spying on you is much more dangerous.
That really depends on the government, and how heavily they rely on domestic surveillance as an instrument of political control. It also depends on the geopolitical and diplomatic situation, and the risks that stem from that.
In China for instance, domestic surveillance is a clear threat any of its citizens that choose to be dissidents and advocate for change. For instance, I have friends there who are very angry about the coronavirus situation, but have to be careful about what they say and how they say it to avoid risking government attention. Even with an extremely dark and cynical view of the US government, that kind of threat is far less for US citizens.
Foreign spying can be dangerous to you, personally, but usually in a more indirect and collective way [1]. The most obvious example of this is war. If your country loses one to a more brutal and oppressive adversary, you'll likely find yourself is a worse, if not outright bad, position. On a smaller and more mundane scale, foreign industrial espionage could put you out of a job.
[1] You may be a target of foreign direct spying if you're friend of a dissident, a government employee, a government official, or have access to valuable technology or trade secrets, etc.
You don't have to live in China for the Chinese government to have power over you. The threat of releasing your secret emails or browsing history is enough to get people to change their behavior. The internet enables such remote threats to your reputation.
You might not care if China spies on you, but you might put others in danger who you communicate with. They could get to them through you. This goes for all spying agencies.
> Funny, I don't really care China spying on me as much since they just don't have any handles that would be relevant.
This is an incredibly foolish line of reasoning. Compromising the trust and sovereignty of individuals in the U.S. is an extreme risk, and it can come for anyone. The U.S. government at least will tend not to try undermining the U.S. economy except through specific policy initiatives; the Chinese government has a permanent interest in controlling the U.S. economy, and holding the threat of compromise over our heads.
No government is your friend, but there's really no comparing the abusiveness of the CCP, both at home and abroad, to the U.S. equivalent, and I'm honestly shocked that I ever have to remind people in the west of this.
When this stuff is used against you, it is FAR more likely going to be from a domestic group hostile to a political opinion you might have. Imagine if an outfit like Cambridge Analytica had the resources of a nation state helping it collect and process information about who might support any given policy (and be given the carrot) and who might oppose it (and be given the stick). That's the scale of threat we face. While certain governments around the world are asking for mandatory back door access to encryption, rest assured they have a "plan B" for getting access to your information without it, and the 3 letter departments are front and center in those plans.
I'm not clear if your post was implying this was the case or not, but this is an interesting, well-sourced article on the links between Cambridge Analytica and Russia [1].
> Gives you a sense of why the U.S. intelligence community is so nervous about having Huawei at the core of the domestic 5G network. Would not be fun for the U.S. to have done to them what they've done to others.
Exactly. Huawei even kinda smells the same. From the OP:
> As Widman settled in, the secret partners adopted a set of principles for rigged algorithms, according to the BND history. They had to be “undetectable by usual statistical tests” and, if discovered, be “easily masked as implementation or human errors.”
> In other words, when cornered, Crypto executives would blame sloppy employees or clueless users.
> Huawei savaged by Brit code review board over pisspoor dev practices
> "The work of HCSEC [Huawei Cyber Security Evaluation Centre]… reveals serious and systematic defects in Huawei's software engineering and cyber security competence," said the HCSEC oversight board in its annual report, published this morning.
I think they're pretty good at keeping it hidden and remote.
It was proven the US did economic espionage on a German firm but the snowden files showed a range of other European companies also targeted. No doubt they also focus on "less friendly" targets industry, infrastructure and politics.
It wouldn't be so bad with ubiquitous end to end encryption though right? If everything was encrypted in transit it wouldn't really matter if Huawei (and by extension the supposition goes the Chinese government) because they'd just see noise.
Guess they would also be able to do location tracking though and that's not so easily solved.
Using tor to keep your communications secret is like having ACAB tattooed on your forehead - fine if you like the attention, not exactly useful if you don't.
Governments are focusing more and more on end-to-end encryption. It can be banned within the next 5 years. They could need to manufacture some consent before that (e.g. mention e2e in the news every time a major crime is committed).
Not going to happen, considering djb vs US declared code free-speech; E2EE is implemented in code so you can't ban it without violating the constitution.
Also, I think quite a bit of telecomm traffic is encrypted by the telecomm carrier itself. For example I don't think my iPhone, by default, encrypts/decrypts SMS or voice calls on the device. To the extent text messages and mobile phone calls are resistant to dumb eavesdropping, that's provided by the mobile carrier. So having access into all the equipment at the carrier would be a nice centralized place to sit and observe/record.
The US government does not get to dictate mobile phone standards so that is irrelevant. Besides, it’s not like the US government doesn’t have its hand in the sniffing cookie jar, they don’t really want the traffic to be indecipherable.
Yes, this is my understanding. But, haven't USA for Adobe history wrt "backdooring" the encryption algorithms themselves (ie private knowledge allows decryption to be made plausible [but still costly]).
There is also the risk of disrupting network operations at some unfortunate time, especially since these new networks are thought to be dominated by machine-to-machine communications.
Or maybe simply because the US intelligence not having a backdoor is why the're demonizing Huawei in Europe for example. That doesn't imply that Huawei does have a backdoor, simply that they'd not be able to spy anymore...
And as a U.S. resident, even as I acknowledge and deplore what the U.S. intelligence services have done to others, I still don't want China to do that to me. This is not an area where equitable (but bad) treatment makes things right IMO.