
Why China Is Reading Your Email - denzil_correa
http://online.wsj.com/article/SB10001424127887323419104578376042379430724.html?mod=WSJ_Opinion_LEADTop
======
denzil_correa
First, There is a nice counter argument in the article -

    
    
        But what about the argument that the U.S. is shedding crocodile tears? 
        America (and Israel) were almost certainly behind the most successful known 
        cyber attack to date: the Stuxnet virus that impeded Iran's uranium-
        enrichment program. There might be some comfort in knowing that the U.S. is 
        doing unto China what China is doing unto the U.S.
    
    

Second, I think people who are saying - "I don't care" to China reading their
email account are unaware of the implicit repercussions. Another snip from the
article

    
    
        "If I had access to your bank account, would you worry? If I had access to 
        your home security system, would you worry? If I have access to the pipes 
        coming into your house? Not just your security system but your gas, your 
        electric—and you're the Pentagon? Maybe nobody's been killed yet, but I 
        don't want you having the ability to hold me hostage. I don't want that. I 
        don't want you to be able to blackmail me at any point in time that you 
        want." 
    

It's the potential ability for a foreign host to keep you hostage which is the
real worry was a citizen.

------
coldtea
I don't care why (and if) China is reading my email (I have a Gmail account).

Can you please answer why the US and EU is reading my email? Both has related
laws, email retention policy, email "wiretapping" systems, and have been known
to abuse the "court order" system and just go ahead and read everything they
like.

I could not care less for China reading it, because China is more than ten
thousand miles away, and is not known to interfere with my country and
people's lives, unlike the US and EU.

~~~
greenmountin
Solutions exist, but no one uses them. You are getting spam because you are
not requiring hashcash. They are reading your email because you are not
encrypting it.

Government and law-enforcement, even if trust-worthy, function via
intermediaries who may not be. This will just never improve and I think we
have to address that with the tools we know will do the job.

~~~
betterunix
"They are reading your email because you are not encrypting it."

One of the problems we have here is that tools like PGP and S/MIME require the
_receiver_ to do something before the sender can encrypt a message for them.
We need something like identity based encryption, where the sender decides if
the message will be encrypted and the receiver does not need to publish
anything in advance (threshold IBE systems should probably be used to ensure
that no single entity can read everyone's mail). Unfortunately, IBE and
related technologies are thoroughly patent-encumbered, and so it will be a
long time before we can just deploy it freely.

~~~
Retric
You need to exchange key's before you can encrypt a message.

Think of it like this in a pure one way communication you send all parts of
the message, and anyone who reads it can decode it. If you instead get one of
there key's (even if it's from a 3rd party) you can encrypt something for
them. Or you can think of it like this, if the receiver never makes any key's
there is nothing special about them that prevents others from reading there
messages.

~~~
betterunix
In identity based encryption, there is a key generator that gives out secret
keys, and a master public key that the sender needs for encryption. To encrypt
a message, the master public key and the receiver's "identity" (e.g. email
address) are used. Thus the sender and the receiver do not need to exchange
keys in advance; the receiver must get their decryption key from the key
generator, but there is no need to do so _before_ the message was actually
encrypted.

The key generator can decrypt any message, of course. That is why I said
threshold systems should be used, so that no single party is the key
generator. In that model, the receiver would have to request that several
parties jointly compute and issue the decryption key. It is also reasonable to
imagine a world where there are many IBE authorities, and the sender of the
message can choose which IBE authority the receiver will have to get their
keys from.

<https://en.wikipedia.org/wiki/Identity_based_encryption>

~~~
Retric
Think it through, your treating public information as a private key which is
hardly secure. You could also use the users email address as the seed for a
random number generator which would spit out keys and not involve 3rd party's
but that's also unsafe.

After all, what tells the Key Generator that bob@bob.com is actually
bob@bob.com and not Alice?

~~~
betterunix
I think you should actually read the Wikipedia IBE article, it basically
answers your questions.

~~~
Retric
I did. Look at the picture provided it's the authenticate step that's the
problem. Alice wants to send Bob a message. Alice contacts public key
authority and says give me bob@bob.com's private key, encrypts the message and
sends it. So far so good.

Now, someone contacts the key authority and says I am Bob@Bob.com what's my
private key. Without prior communication between Bob and the key authority
there is no way to do that exchange over an open channel securely. Assuming
email addresses are public information and someone can get bob's email address
before he communicates with the key authority.

~~~
Retric
Err, _I did. Look at the picture provided it's the authenticate step that's
the problem. Alice wants to send Bob a message. Alice contacts public key
authority and says give me bob@bob.com's_ public _key, encrypts the message
and sends it. So far so good._

------
teawithcarl
This article is EXACTLY correct.

I speak/read Chinese and Japanese fluently, since 1987.

The scale of China's corporate hacking is historic and state-sponsored -
exceeding any nation in history by a wide berth.

State sponsored hacking at this unprecedented scale wrecks society in both
China and America. The massive level of invasion will leave us all living in a
more broken down world.

~~~
Spooky23
It has always puzzled me that even sophisticated audiences like HN regard this
situation by killing the messenger. Usually reactions are mostly "meh", "Where
is your tinfoil hat?", or "the US does it too".

At the end of the day, as proprietors of Internet services, the information
being stolen from you or your company is your customer's data. You should care
and be alarmed.

~~~
diminoten
I'd just keep track of the usernames who say that, wait until they reveal
their identity elsewhere on HN via a "Show HN" or something, then ask them
publicly to explain what their stance is on protecting their users' data. When
they give the famous cookie-cutter response of, "Obviously we care." then you
can hit them with, "but did you not say 'meh' when this same issue came up a
few months ago?"

------
forgottenpaswrd
Wow, this is fantastic. The US media is preparing a new scapegoat: Chinese
hackers, so if financial institutions fail(they are currently set to fail for
their selves) they have an enemy they could use.

Note in the article, if people can't use their ATMs, like in Cyprus, Chinese
are the ones responsible!!

Brilliant, like Nazism used Communism(Reichstag fire) and Communism(Stalin)
used Nazism as an excuse to gain more and more power from its citizens, US of
America needs new enemies, as Sadam Hussein and Osaba Bin Laden are dead in
order to make the powerful more powerful, the TSA more freedom killers and
citizens less autonomous from the government.

~~~
acqq
You are more than right.

To the other readers: Whenever you can read the kind of articles like the TFA
you can be certain of only one thing: some propaganda office somewhere either
wrote it or motivated somebody to write it that way. The military people have
zero interest to present such details to the public, the propaganda people do
but only if the purpose is "to prepare the opinion at home" (the pretext) for
something that is going to follow. So just remeber this for now, I'm sure
you'll see something will happen soon but not initiated from the other side.
It's not a tinfoil-hat-imagined conspiracy but how "the machinery" of
structures with different interests imperfect as it is "shines" to the outer
world. For examples of similar actions from not so long ago:

[http://www.time.com/time/magazine/avrticle/0,9171,994414,00....](http://www.time.com/time/magazine/avrticle/0,9171,994414,00.html)

Unless you're one of those on the payroll, don't happy, be worry.

~~~
berntb
>> you can be certain of only one thing: some propaganda office somewhere
either wrote [the article] or motivated somebody to write it that way.

When you wrote that, my first reaction was -- is he part of "the 50 cent
army"? 1/2 :-) The propaganda thing goes two ways.

I've seen arguments that the reason why e.g. the Mideast countries are
_swimming_ in tinfoil-hat conspiracy theories, is that they LIVE inside a
conspiracy theory -- auctoritarian dictatorships. The same goes for Chinese
people. And you, too?

~~~
acqq
Are you too young to remember this, just as an example:

<http://edition.cnn.com/2003/US/03/14/sprj.irq.documents/>

If you want something from the most recent times, it's still unchanged:

[http://www.guardian.co.uk/world/2013/mar/18/panorama-iraq-
fr...](http://www.guardian.co.uk/world/2013/mar/18/panorama-iraq-fresh-wmd-
claims)

Do you remember the times when Americans not only believed that Saddam took
part in 9/11 (heck when Bush says so it must be true) but that he was also
ready to nuke US?

Now Chinese are almost presented as posessing "the weapons of mass
destruction" because... Wait for it... They have access to the internet!

I mean, really...

Btw I had to look up for the term you mentioned in Wikipedia. FWIW I've never
read any sources that aren't the western ones. But I was already old enough in
9/11 and WMD times to read the articles like the above as they were written
and the book from the earlier link the year it was published. Call me biased
then. But do try to read a little on the subjects I refer to, and also try to
avoid ad hominems. EDIT: I've just tried to see some of your earlier comments,
to get your context. Hmmm:

[https://www.hnsearch.com/search#request/all&q=50+cent+ar...](https://www.hnsearch.com/search#request/all&q=50+cent+army+berntb&start=0)

~~~
berntb
I bothered to find this for you, not that I expect you to be grateful -- you
probably think that attacking your conspiracy theories is the same as
attacking you...

It still isn't relevant for China, but a more serious viewpoint on how the
Iraq WMD opinions were built:

<http://www.bbc.co.uk/news/uk-21786506>

~~~
acqq
These two spies are irrelevant to Tony Blair's clerks who were so desperate to
actually take a student's thesis (!) as a constructed "proof" for the Irag's
WMD, it's documented since 2003:

<http://en.wikipedia.org/wiki/Dodgy_dossier>

~~~
berntb
From the wikipedia page you referenced, that was something given to
journalists:

>> issued to journalists on 3 February 2003 by Alastair Campbell, Blair's
Director of Communications and Strategy

In short, a PR release had bad quality control. Wow, that must be the first
time in world history...

You have gone from: Claiming propaganda offices get their world view out in
media without criticism.

To: Pointing to low quality propaganda from governments, which is laughed at.

You're arguing against your original position. Film at 11.

(I might also note, re the original point, that you didn't answer when it is
pointed out that lots of sources in other western countries say the same thing
about Chinese spying.)

And so on.

(I don't know if you have a point, is trolling, you're writing from China --
or what the hell this is. It isn't interesting, so never mind.)

------
tstactplsignore
We do need a proper response to this kind of threat, but it's almost certainly
not the response we're ever going to get from the politicians in Washington.
Serious cyber policy should at least include the following:

A. Comprehensive technological education for employees who even might come
into contact with sensitive information at government institutions, military
institutions, or high-profile private firms like banks and software companies.

B. A push for using modern, transparent, open-source, reviewed software and
hardware for all vital tech infrastructure. No more legacy FORTRAN or Windows
XP or Internet Explorer 5.

C. Taking the power grid off of the public internet and onto a closely
monitored and private infranet.

~~~
superuser2
Definitely B. I think a scary percentage of IT managers feel that their legacy
Fortran XP/IE5 computer systems are actually more secure than modern
alternatives. We're going to have a find a way around that sentiment.

------
rikacomet
I did go back, and checked my email account. No, its only me who is reading my
emails, its a corporate espionage problem, corporations have to deal with it.
Normal people don't have anything of interest for state sponsored intrusions,
thus are not targeted. Please dear journalists, don't drag me in this war, I
know someone is pissed here and there on both side, and both have armies like
muscles, too tempting for both side to flex, but seriously, this is not
diplomacy! We as people, should root out both govt democratically if they even
dare to wage a open cyber war.

If my govt would do that, I would seriously vote against any war, no matter
how just it may sound. Americans have a life, Chinese people also have a life.
I don't see the problem in common people's life.

------
DanielBMarkham
Mainly because none of this has ever been done before, there exists a low-
level state of war between many opposing nations, even small third-parties
([http://freedom-or-safety.com/blog/when-will-the-first-
hacker...](http://freedom-or-safety.com/blog/when-will-the-first-hacker-be-
killed/))

I don't see China as being made a scapegoat. I see the system working itself
out. New technologies always create new relationships between people and
governments. When the net rolled out, we thought the openness would bring
about positive reforms. What seems to be happening is that governments are
getting very good at controlling what citizens read. Instead they're using the
openness of the net as an attack vector. Not exactly what we expected.

------
ChuckMcM
I keep hoping we'll respond to these challenges with more DARPA challenge like
prizes and fewer additions to the CFAA.

------
cwisecarver
Create a bunch of well-crafted honeypots, put the proof on the international
stage. Embarrassment and sanctions ensue.

~~~
charonn0
Digital forensics aren't as damning or incontrovertible as, for example, Adlai
Stevenson's Cuban Missile presentation[1].

[1]: <https://www.youtube.com/watch?v=MSV9_J8Csts>

------
lgleason
If you want to discourage this kind of behavior stop feeding the machine....

You can't do that when you run year over year trade deficits with these guys.
Reign that in and you will have a chance at solving this problem.

~~~
teawithcarl
Freakonomics - cyber attacks must "cost" China money.

Bitter pill, but strong trade damage is the only pocketbook China will listen
to.

Cyber attacks must be directly tied to China losing money.

------
HarryHirsch
Countries engage in espionage. Water is wet.

~~~
diminoten
Countries don't usually engage in espionage on behalf of private entities,
with other private entities as their target, with explicit economic goals.

~~~
HarryHirsch
_What?_ Industrial espionage is age-old, and you would expect nations to
engage in it. It is a method of economic development.

~~~
diminoten
No you wouldn't, that's a huge conflict of interest in the modern world.

------
rurban
Because US tech companies still use MS Windows and their employers may use
Facebook and Gmail on their PCs. Easy as that

------
SCAQTony
That was absolutely chilling! I am sorry I don't have anything of value to
contribute but to me this is an historical equal to the Soviets launching a
satellite into space. I think it deserves an internet infrastructure response
from the US.

Thank you for posting

------
opinali
Not mine...

