martes, 18 de mayo de 2021

martes, mayo 18, 2021

Hacking China

China’s domestic surveillance programmes benefit foreign spies

An aversion to encryption makes the country’s networks vulnerable


In march elon musk, the world’s third-richest man, spoke to a conference in Beijing by video link. 

The cars that Tesla sells in China do not, Mr Musk insisted, share data with American security services. 

He was responding to the news that the Chinese armed forces had banned Teslas from their facilities over such concerns. 

A month later the firm took to Chinese social media to assure customers that the numerous cameras in their vehicles were “not activated outside North America”, and so could not be used to snoop.

Concerns about security define the trade of technology between America and China. 

Most attention is focused on the extent to which Chinese giants such as TikTok and Huawei might be infiltrating America for nefarious purposes.

But China has had concerns of its own. 

After the contours of American surveillance were laid bare in 2013 by Edward Snowden, a National Security Agency (nsa) contractor and whistleblower, the Chinese government began a campaign to replace all Western technology in government offices, lest it be used to spy. 

The brouhaha over Tesla’s cars shows how much security concerns have grown in the decade since Mr Snowden’s revelations. 

As connectivity becomes part of more consumer products, paranoia about their other uses rises.

China’s suspicion contains an irony, however. 

Removing Western devices from Chinese networks will not keep China secure from its adversaries, because the Chinese government itself insists upon weakening the security of those networks and devices for its own purposes. 

Though America tends to hyperventilate about Chinese intrusion, it is China whose digital security is more precarious.

This is because of the Chinese government’s insistence on being able to monitor and control the information that flows through the country’s digital networks. 

For instance, all messages sent on WeChat, China’s most widely used messaging application, must pass through central servers as plain text, unencrypted, so that the company can filter and censor them according to the government’s requirements. 

This makes those servers a ripe target for any foreign agents who want to spy on Chinese citizens, who between them have more than a billion WeChat accounts.

Tencent, the app’s corporate owner, must build elaborate digital-security systems to allow it to keep inspecting its users’ messages while simultaneously denying that ability to attackers. 

That is a difficult task. 

“If I were a Western intelligence agency, those servers would be incredibly valuable,” says Matthew Green, a cryptography expert at Johns Hopkins University.

Weak security is the rule, not the exception, in digital services for the Chinese public. 

Email and social media must all facilitate state access, as must industrial networks used to run factories and offices, even if the extent to which the government uses that access varies. 

In August it banned the most up-to-date version of a protocol used to encrypt web traffic, known as tls, from the Chinese internet, because it makes online surveillance harder.

The government has different security standards for itself, but these are secret. 

Speculation about the devices and systems that senior party members use to communicate is common. 

In 2013 Peng Liyuan, the wife of President Xi Jinping, was photographed using an iPhone, one of the few devices available in China which does offer a measure of security through its iMessage program. 

It was news around the world. Within a year Ms Peng was seen using a Chinese device.

Internet users in China have long objected to the low standards of data protection. 

Online crime and leaked databases are rife. 

Last year someone stole the account details for all 538m users of Sina Weibo, a microblog, and posted them on the dark web for sale. 

The government has responded by promoting programs for companies to improve customer-data protection, even as it simultaneously enforces weakness in the security of all systems. 

But as long as the government demands access to data on Chinese people, those data can never be robustly protected.

Though the American government does not publicise its cyber-operations, leaks demonstrate their extent. 

The documents provided to journalists by Mr Snowden show that the nsa found its way inside Huawei’s networks starting in 2007, looking for evidence they were being used as a back door by the Chinese government (if it found any, it was never made public). 

There is little question that spy agencies in America and other countries use China’s weak security to their advantage.

China’s jeopardy increases as the value of data which flow through poorly secured networks goes up, both in economic and national-security terms. 

The Chinese government’s plan for economic growth ensures that this is what will happen. 

It plans to expand its digital economy, automating factories and creating smart-transport infrastructure. 

As with WeChat, if the government wishes to monitor these systems, it will build them to be less secure than they could be and so vulnerable to foreign interference in a way that equivalent networks in the West do not have to be.

“The Chinese government knows the trade-off,” says Matt Perault, a technology-policy scholar at Duke University in North Carolina. 

“They are willing to bear it, which suggests that they are willing to tolerate a significant amount of foreign surveillance on their citizens.”

The government’s calculation is unlikely to change. 

Its focus on surveillance and censorship of its own people is growing. 

But the tension between security against enemies within and those without will intensify. 

Cyber-attacks using weaknesses that the government itself has demanded might prove embarrassing. 

If the stand-off with Taiwan were to escalate, China’s weak security would be a serious disadvantage. 

And the more entrenched its reliance on surveillance and censorship becomes, the harder it will be to remove the weakness on which that control is built, should the day ever come when it no longer believes the trade-off worthwhile. 

0 comments:

Publicar un comentario