"When changes in technology hinder law enforcement’s ability to exercise investigative tools and follow critical leads, we may not be able to identify and stop terrorists who are using social media to recruit, plan, and execute an attack in our country."
One of the above is from Li Shouwei, the deputy head of the Chinese parliament's criminal law division. The other is from the US FBI director.
... who have more in common with each other than they do with any of their constituents.
The important part of any internet law, and any country's level of freedom/privacy on the internet isn't measured by the bland statements policy makers make to the press, but in the content of the laws that actually get passed. I'm sure you could find two statements from Hitler and JFK about how they love kids - doesn't mean they are equivalent.
Personally I find it disheartening. I think the Chinese are copying key aspects of the American Media/propaganda model because it's been demonstrated as so damn effective...
I remember in Poland and Croatia people were so scared that a common sentiment was basically wanting to ban all muslims.. you know.. just-to-be-on-the-safe-side
So while yes, this is a scapegoat, people in China are actually scared of the terrorists.. it's bizarre
Also, I don't think China's position has anything to do with the peoples "fear" this is related to the governments position of trying to maintain it's power by staying on the right side of the information asymmetry the internet affords.
As far as we know the country isn't infiltrated by Al Qaeda or the IS (like Europe and maybe the US)
As for your second point, sure - a perfect climate to clamp down on the internet some more without upsetting anyone.
Wikipedia: Recent incidents include the 1992 Urumqi bombings, the 1997 Ürümqi bus bombings, the 2010 Aksu bombing, the 2011 Hotan attack, 2011 Kashgar attacks and the 2014 Ürümqi attack.
Croatia was actually the only (border-) EU country that allowed passage to all refugees (I'm guessing thats what you're referring to) and there was definitely no anti-muslim sentiment or any sort of call to ban all muslims.
Don't think anybody ever thought about anything like that at all in Croatia - people still remember their own armed conflict a decade or so ago.
You probably mean the countries from the Visegrad group (Czech Republic, Hungary, Poland and Slovakia) - where some parts of the government (in especially Slovakia) were proposing to only accept Catholic refugees (which is also not the same as saying they'd ban all muslims).
When the gov't agreed to accept several thousand refugees several people told me they thought it was a horrible idea and that they don't need these communities in Croatia.
Its true that most refugees are trying to make it to Germany - but if Germany closes its doors, they wouldn't get stuck in the immediate neighbouring countries - they'd get returned to the point of where they were first registered in the EU. Since Greece is not doing that at all - this would for most of them now be Croatia. Which is for example what Slovenia is preparing for (google "border razor wire slovenia") under the pretence of "defending" the Schengen border (even though its just something like 70km through Slovenian territory from Croatia to Austria). So granting passage for Croatia is not an easy decision to make.
You dismiss granting passage as something any country could do - yet Croatia is the only willing/open corridor now since Hungary has closed it doors completely and they're clearly not welcome in Czech Republic, Poland, and Slovakia who openly oppose any EU quotas. No word on any of that in Croatia - who has already started building shelters for the EU quotas and has indeed already accepted refugees wanting to stay there (even though most of them want to continue on to Germany).
None of these have anything to do with your original claim that "Croatia wanted to ban all muslim". In addition to what I wrote I'd go as far as to say that Muslims as a religion are not such an oddity in Croatia - yes, its a predominantly Christian country but it does have a small and thriving muslim community inherited from its close ties with the neighbouring (predominantly muslim) Bosnia (made even closer by the fact that Bosnia and Croatia were mostly fighting on the same side in the last Balkans war against ex-Yu/Serbia).
"Several people told me" is just not a credible reference. Whereas its easy to google and confirm what I've tried to correct you with - again I think you're confusing Croatia with Slovakia (google Slovakia in relation to accepting only Christian refugees).
So I'm open to being wrong about Croatia's attitude to having a immigrant community of muslims - it's just not what I saw.
"Its true that most refugees are trying to make it to Germany - but if Germany closes its doors, they wouldn't get stuck in the immediate neighbouring countries "
No, the Germans would never close the door per se, they'd just stall and delay things till the bordering countries end up having huge camps while the famous EU bureaucracy does it's thing. Macedonia was clever and quickly managed to get them all across the country and dump it off on the next guy. Croatia pulled off something similar.
And ofcourse Croatians aren't painting all muslims with the same brush - sorry if I gave that impression. But one group, the one they seemingly don't want, comes from a land of boogeymen full of religious extremism Al Qaeda and the IS while the other is their war-buddies/neighbors (and as far as I know hasn't yielded a single terrorist - though with all the money coming from Saudi and Turkey that may change..)
GCHQ wants this too. So if tech companies comply with China's law, why wouldn't they comply with the U.K.'s? And if they comply with the U.K. law, why couldn't there be one in the U.S.?
"Secure" communications systems that rely on a trusted central third party to vouch for keys are no more secure than allowing that same third-party to implement key escrow.
If profits from the rest of the world would increase for any company saying no to China, then companies might do so. But if it'll obviously cost them more, then they'll roll over.
Credit Suisse this year determined China has a bigger middle class than America, and it's growing faster. So I think Apple, Google, etc will roll over. If China actually thought these tech companies would say no, they wouldn't have actually enacted this law, they'd have continued to have conversations. The conversation is basically over.
Mods / admins can we get a more representative title here?
Her point being that no one should be surprised when an authoritarian government exerts its authority. Also, water is wet.
"We do what it takes to get a billion people to first world middle class standard of living. Yes, there's a bit of collateral damage but you guys' industrial revolution was not all roses, read some Dickens. We can have the luxury of rights when we're there. You're telling me to eat cake since we ran out of bread."
In other words the majority of Chinese citizen (that I know - YMMV, selection bias, etc.) think that the government is doing an alright job considering its constraints, and don't feel particularly oppressed - the authoritarianism is population-sanctioned. Just like the new French anti-terrorism measures.
These are my thoughts exactly, down to my favorite Dickensian analogy.
Everybody's favorite pastime, pointing fingers on China on everything from "freedoms" to the environment, is really more of a reflection on the commentators' astonishing lack of historical perspective.
There's no shortage of fifty-year-olds around China today (say, about a population of Sweden's worth) that will tell you how they were plucked out of the university and sent to work the fields for years during the Cultural Revolution, and point out the exact level -- somewhere between knee- and waist-deep in shit -- that the country was at prior to Deng Xiaoping. I'm sure anybody that witnessed the change from then to now would have a richer and more nuanced opinion on China's government.
The majority of economists would disagree. More economic and political freedom would accelerate economic progress, not hold it back. Check out Why Nations Fail by Daron Acemoglu for an in depth discussion of this in relation to China.
In any case, surely more freedom in China would not be a bad thing.
What about Russia in '90s?
So far as Chinese companies are concerned, the government has just standardized and formalized rules already in place. So far as foreign companies are concerned, they planned for this possibility and can now proceed accordingly. If there's any international company that doesn't have their Chinese infrastructure in a silo, their friends and loved ones should take away their keys RIGHT NOW because they're a danger for themselves.
This brings back memories -- back when they were making lots of money, RIM had a row with Indian government over the same issue. They did a little "we're outraged" dance and promptly forked over the keys -- they'd be idiots not to (and idiots with a lawsuit for breach of fiduciary duty on their hands).
This is also far better for the users, although a lot more work, than pulling out of the country entirely, as some companies have done in the past. The world is a complicated and hairy place, and you can either pretend otherwise or be a global company.
For instance, I suspect that it might be more than a coincidence that large telecom companies that have any presence in emerging markets tend not to have any presence in the US (someone had a bright idea to pass a law that gives US courts jurisdiction to punish companies with presence in the US for "engaging in corruption" abroad). I'd suspect everyone else goes out of their way to create a wide moat between the mother corp and their offspring (Nestle India comes to mind, which trades independently on NSE)
That may very well be the defining difference between the Chinese and Western-governments.
This an area under very heavy active debate at the legal and political levels and that fact might change in a year. There have also been numerous cases where the lack of such law hasn't prevented agencies for requesting the decrypted data itself, in lieu of the keys. But it's not quite a done thing just yet. So if you oppose key disclosure, there are still plenty of chances to fight it at the political level in many countries.
Even though I side with encryption, I think it's worth at least exploring the other side's argument.
Does access to encryption give increased capability to China in such a way that it "profits" in matters of national security / finance / etc. Or will such a move ultimately "cost" China due to the side effects of weaker technological infrastructure, privacy, etc?
Will it be a detriment to the United States (assuming current government snooping laws remain the same)?
I think the answers to these, while they can be theorized and predicted, will best be fleshed out in due time, hopefully influencing US politicians to make the right decision.
However, what I meant to convey is this: despite the obvious problems with such a program, the government sees value in control and centralization of the country's secure communications. If we ignore the obvious problems with "We have all the keys" & "Secure communication" and look to recent initiatives and programs with similar contradictory goals, we've been told by politicians that they were implemented because everyone else is doing it and it's necessary for national security.
I see how nonsensical this is, but if a similar program is pushed, this is how it would be pitched to the public.
> If anything, the fact that China is doing will be evidence that we'll need to do it as well to maintain national security.
Never attribute to stupidity that which is adequately explained by cynicism?
There are obvious reasons why the government would want to implement such a program, many of them having little to do with national security. Based on previous propaganda that's been fed to us over the past few years, this is the likely conclusion to be drawn.
I don't agree with it.
Now that I'm done with that this is a critical issue. Mass surveillance is one of the many issues of our time. Time to get to work and time to throw some money at this.
In 1915 when a discovery subpoena goes out for all records relating to dumping dioxanes in a river, the company legitimately unlocks the filing cabinet and hands the files over. They don't get a key to the executive washroom or the telegram private code directory (unless that was in the subpoena) or the complete customer list or really pretty much anything but the paper files relating to dumping dioxanes in the river.
In 2015 when a discovery subpoena goes out for all records relating to dumping dioxanes in a river, the company freaks out because if they hand out "the" public key then both the .gov and any .com they're affiliated with and probably individual theives will pown every VPN they ever had and ever will, and all their records of every sort so "oh no we can't hand over keys never to no one".
When you look at it from that point of view, the abject failure of IT and IT companies to properly handle encryption is by no means any reason for the judicial legal system to be inconvenienced. In 1915 no judge would have tolerated a response like "Well we can't give you the dioxane pollution paper files and telegrams because then criminals would pown our company because we're incompetent at IT"
The other part is sociological. You may hold that phone in your hand, but its not yours, and using it is as dangerous as talking to a police officer or government official or hacker. Its not your phone, never has been, and any illusion to the contrary will result in tears. Ditto a site on the internet. Government protection of privacy assumes the privacy ever existed in the first place, which it doesn't.
Consider, as an analogy, the (poor) practice of using shared passwords. What do you do when you fire someone who had legitimate access to this password? You have to change everything or risk a compromise of all the systems sharing this password. Hence, the need for tools like sudo that separate authentication (what password / auth key) and access control (what rights).
With encryption, it's similarly possible to break one big risk domain into lots of smaller ones using things like separate trust anchors (for authentication) or encryption keys (for access control). For example, If your org gets served a subpeona for your financial records you can give them your tape backups for the relevant time periods plus the necessary decryption key, but withold the decryption key for the backups of your R&D data and the signing key for your VPN.
Not that it's not worth working towards, but encryption is just a tiny corner of the problem there. Nothing that threaten the stability of the ruling party is going tobe allowed.
"Kill metadata and other crypto-issue-overdone diversions.
Metadata and other crypto-workarounds resulted from the crypto wars of the 1990s which were bragged to be won rather than faked out.
The fake-out was orchestrated by some of the very same crypto warriors claiming to be against gov-controlled crypto.
A way to identify them is to note who rose to prominence and wealth in crypto com-edu-org. Still at it, ratcheting up the need for ever more crypto, acknowledging the workarounds but, but, but: Let's Encrypt, HTTPS-HTS everywhere, secure drops, freedom of the press and courage foundations, Snowden talks and tweets, FISC amicus curiea, POTUS and TLA advisories, industry lobbyists, dual hats riding the crypto gravy train and more likely, the subway out of sight.
The money and prestige to be gained by working all sides of the crypto phony war is, as Greenwald crows of Omidyar's $250M bribe, irresistable."
If they're requiring backdoors on technology imported into the country (source: http://www.theregister.co.uk/2015/03/05/obama_criticises_chi... ), why wouldn't they require them on their own technology that they build themselves? It doesn't make sense from a purely logical standpoint. Of course they're not going to come out and admit it, but we're also starting to see evidence of it:
Example 1: http://www.zdnet.com/article/former-pentagon-analyst-china-h...
Example 2: http://www.geek.com/chips/spy-agencies-shun-lenovo-finding-b...
Example 3: http://www.computerworld.com/article/2860742/chinese-android...
Is it really so hard to believe? Especially when the indirect evidence and logic is so overwhelming? I'm no tin-foil hat wearing conspiracy nut, but come on here... It's China.
Well, in China the government controls the companies, in the west the companies control the government. Sort of the same end result, with the two being in bed with each other.
>Is it really so hard to believe? Especially when the indirect evidence and logic is so overwhelming?
Well, haven't seen anything "overwhelming" in the list. E.g. the Chinese government had Huawei and ZTE add backdoors to their stuff. But we know that Cisco has done the same in the west -- and the government asked other companies to do the same thing, pressuring Apple etc. So isn't "overwhelming" a kind of a double standard?
No, not really the same at all. When the companies have all the political power, they do what's best for their shareholders - their bottom line. Whatever helps them acquire more profit and revenue. Here, it's all about the money.
When the government controls the companies (As it is in China), the government does what's best for the people in power (the government). And that usually means doing whatever helps them hold onto or increase their power by way of strict authoritarian rules & laws, censorship and all the indirectly related things that go along with it.
Their goal is to keep the population under control because that means they get to stay in power. China's biggest fear is a revolution or an uprising which is why they're so strict when it comes to public demonstrations, censoring things like Tienanmen square, and cracking brutally hard on rights activists and the leaders of these "change-bringers" (Source: http://world.time.com/2011/02/26/chinas-fear-of-a-jasmine-re...). The last and absolute worst thing that could happen to China is a revolution. They will commit atrocities like you can't even begin to imagine to keep that from happening.
In the west, you don't have to worry about that. Why? Because it's bad for business. Not good for profits and not good for revenue. The best environment for capitalism and for businesses to make the most amount of money is one of peace (Source: http://www.theguardian.com/politics/2003/jan/22/iraq.economy)
And hopefully, in the latter case, the people. Because governments, even if not democratic (and I'd wouldn't call that 2-party/donations/gerrymandering system democratic either) have an interested in pleasing the population (e.g. out of fear of revolt etc). Whereas companies mostly in maximizing profit.
>The last and absolute worst thing that could happen to China is a revolution. They will commit atrocities like you can't even begin to imagine to keep that from happening.
Well, the absolute worst thing that could happen to China could actually BE a revolution. It's a huge ancient country, and it has always had its ways of government and its tradition of mandarins/confucianism etc.
Besides, places like Libya and Iraq, where "democracy was restored" are hardly success stories for toppling a stable system of power. China could well become a hell-hole, and have massacres that rival the ones in the "cultural revolution", EVEN if they manage to get rid of the ruling party easily -- the fight for the succeeding situation could make the US Civil War look like a Disney movie.
But then, all laptops and tablets are manufactured in China, right? (even Dell outsources the parts to Chinese companies like FoxConn and sometimes, the assembling too). So, you mean to say each and every Dell laptop has some sort of back door?
Nope, we're not (mostly) talking about devices that are just assembled there, but China's own brands (the ones that are designed in China). I'm sure companies like Samsung have strict controls in place to make sure China isn't messing with their products.
So I seriously doubt the Chinese government thinks the U.S. won't have the ability to get those keys. But these are device encryption keys used to encrypt data at rest on the device. This isn't a demand to escrow the private keys used for data in transit for email and messaging; I don't know how that works in China, i.e. the Great Firewall, if that just depends on blacklist/whitelist sites, or if all devices are required to use a Chinese government certificate for such communications.
UK is a great example and a good place to not store any valuable data.
I'm guessing they will make concessions for the sake of market, whreas Google, so far, has resisted that temptation.
I wonder if we're far beyond the point when we could actually stop following the law if it becomes bad enough and it's already virtually 1984 but we just didn't really notice. Or if there's still some hope out there, somewhere.
Second, I'm betting the US Government has enough sway to get special treatment for American companies.
I don't think they do in this case; this is why Google pulled out and Cisco collaborate with the surveillance.
Nice of China to create a central repo with everything one could want.
In times when big brother knows you're using AES and forcibly asks you for the keys, it makes sense to not advertise your encryption scheme at all. Steganography.
[ * ] It actually makes more sense to enlarge the search space of an attacker by not providing him the fixed form of a known encryption algorithm/scheme.
It has more to do with defining what the "key" is, and is quite compatible with steganography.
If your method is simply "cipher data", it can never have steganographic properties.. If instead it's "two redundant-looking blobs, one random and one AES", then you've got a leg to stand on.
I'm arguing that "security through obscurity" is not equivalent with the "Kerckhoffs's principle" but with adding more obfuscation layers (on which steganography may be one of them) on top of default schemes.
People who know better don't advertise their internal network topology. Nor do they show off with their encryption schemes (they might use known schemes but they won't tell you they do it).
I'll repeat - Kerckhoffs's principle is more about analysis than design. If you insist on eschewing it, what you're actually doing is making it so the "key" of your system includes the design of the system itself. And while it intuitively seems "more key" should make the system more secure, the net effect is the opposite as that poorly-specified "key" merely functions as a difficult-to-analyze crutch.
Gödel basically guarantees that anybody can make a cryptosystem so secure they themselves cannot break it. Don't be that guy.
As horrible as many of things the US has done in the name of its citizens (and on its citizens) one thing you'll never see happen here is internet censorship
(instead one-day some US agency will just record every page you've read, or maybe they will have the UK do it for them, so they are technically not spying on their own citizens)
You mean the same place that had the Hays code for movie censorship and that gave free reign to Senator McCarthy to prosecute its citizens political ideals (and stop them from writing and making movies and plays influenced by them), and to E.J. Hoover to do surveillance, blackmail etc in an even larger scale?
Or the place were any crackpot teacher/parent association can get something like The Origin Of Species or A People's History of the United States out of a school's curriculum?
The main reason they don't do direct internet censorship is because nobody cares. There are so many sources, so many confused opinions, and so many conditioned citizens, that anything posted is just a drop in the ocean. They just need to control the "serious" or more mass appeal media, and that they do (from the NYT and WP to FOX).
When the press was really influential and the people were more radicalized (e.g. back in the days of unions or later with student protests etc), not only they did censorship and pressure on journalists as to what to write (plus "character assassinations" a la Hoover), but the government started directly manipulating and dictating what would be written to change public opinion (Operation Mockingbird).
Internet censorship happens in the US, though its mostly in the form of government pressure on major internet companies to remove access to disfavored content rather than direct government censorship.
Because I've seen US law enforcement takedown US websites that were breaking US laws but I've never heard of law enforcement forcing US isps block foreign content, even if it is breaking US law. I could be wrong though and I'd like to see an example in that case.
Maybe the government making youtube or facebook take down terrorist content, that would be censorship I guess if the content is not technically illegal but that's a pretty extreme example.