China Passes Law Requiring Tech Firms To Hand Over Encryption Keys

Mark Wilson writes: Apple may have said that it opposes the idea of weakening encryption and providing governments with backdoors into products, but things are rather different in China. The Chinese parliament has just passed a law that requires technology companies to comply with government requests for information, including handing over encryption keys.

Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists. China already faces criticism from around the world not only for the infamous Great Firewall of China, but also the blatant online surveillance and censorship that takes place. This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.

Damn! They beat us to the punch!

This is like Sputnik. Now we have to do something "before this decade is out"...

-F

Re:Damn! They beat us to the punch!

[penguinoid]

Wait, if the Chinese are doing it, doesn't that mean that it's an evil commie tactic that no God-fearing American would ever even suggest using?

Re:Damn! They beat us to the punch!

Dont worry Nuclear Hillary will do much worse than steal your privacy. She'll steal your guns and then your life. How can a person threaten nuclear war with China over currency fixing? Either incredibly stupid or incredible evil.

Re:Damn! They beat us to the punch!

[RabidReindeer]

Wait, if the Chinese are doing it, doesn't that mean that it's an evil commie tactic that no God-fearing American would ever even suggest using?

Not if they sell them in Wal-Mart.

Re:Damn! They beat us to the punch!

[BarbaraHudson]

Nah, it only means that China is now imitating the west.

Re:Damn! They beat us to the punch!

Dont worry Nuclear Hillary will do much worse than steal your privacy. She'll steal your guns and then your life. How can a person threaten nuclear war with China over currency fixing? Either incredibly stupid or incredible evil.

Why can't Hillary be both incredibly stupid and incredibly evil at the same time?

Re:Damn! They beat us to the punch!

In other news James B. Comey does a 180 and announces backdoors are pure evil and must be stopped at all cost. DHS reveals plan to erect giant neutronium fences around backdoors. Trump pledges to nuke backdoors until there are no backdoors. Ben Carson tells the story of how he defeated 9 backdoors with a fork and rubber band.

Re:Damn! They beat us to the punch!

Would it matter at that point given that the vast majority of our electronics are manufactured there?

Re:Damn! They beat us to the punch!

[currently_awake]

You are suggesting this is a recent change. China has been imitating the USA for a long time. It's likely the US also demands encryption keys, but the law is probably secret.

Re:Damn! They beat us to the punch!

[losfromla]

Yay, go Trump!

Was the cheese worth it?

Because you're stuck in the trap now.

Apple should leave China

It's not like they don't already have a mountain of cash.

Re:Apple should leave China

Or load up "Chinese" version of iOS which uses encryption keys approved by the Chinese government.

Re:Apple should leave China

Seeing as it's hardware encryption I think that may be difficult. Apple would have to have it's Chinese factories make specific models for China. Or just let the Chinese continue to make garbage knock offs and stop selling there.

Re:Apple should leave China

That is a fucking atrocious idea. Giving into China here nullifies their "we don't play that" stance. Uncle Sam will know that they DO play that way; if you threaten Apple's profits. Once that door is open Uncle Sam will get what he wants.

This isn't a vague slippery slope fallacy either. This is a direct consequence.

Re: Apple should leave China

[awehttam]

Why not? Region coded crypto keys...

Re: Apple should leave China

Well said, Sir.

Re: Apple should leave China

Won't work. As soon as a diplomat with a North American set of crypto keys travels into china, China will demand these keys. Apple either complies or it breaks the Chinese law. Eventually China's government will have the crypto keys for every iphone set in the world.

What is the implication for companies

that don't have keys to hand over then?

Re:What is the implication for companies

[xxxJonBoyxxx]

>> What is the implication for companies that don't have keys to hand over then? Backdoors, key escrow pushed into the applications, etc.

Re: What is the implication for companies

So business as usual then?

Re:What is the implication for companies

Or phones that allow 'onetime user configuration'. That IS good and it could end the 2nd hand market.

Apple is now big enough that this 'we want we want security nonsense' is costing profit. And if they buckle their market cap is buggered as the rest of the world market will stop assuming 'safe' monkier leading to a freefall and long term shorts.
If word EVER leaks out there is a drive-by attack, wireless download, or dongle - their market cap will halve overnight. Samsung would love to see this outcome, after that patent spat -only not yet.

I suggest they say this:
All the stuff going through phone towers is already intercept-able, as are optic fiber and exchanges.
Everything else you have to physically get the phone and use a $1 million machine to install platinum gas pipes and probes,and yeah, we will tell you how to do this. We will sell you a forensic lab - then its up to you.
Or you can try non invasive reverse engineering if you are clever enough, with clock and power messing about.
Or you can send it to any number of 'for profit' enterprises worldwide, especially ending with .ru
But if the user has another app, you can torture/persuade him/her by other means - we cant help there.

Ultimately the answer is 100% yes, you already know and can do this NOW.

In the US context, police are gong to have to pony up a thousand or so bucks to read the perps phone after a bust and a delay while forensics does it. This is not a problem. Well maybe it is - low paid technician monkeys are out of the question. Downloading a persons phone is flat out piracy, and the new Hollywood (Apple) is doing what Sony couldn't - making it more expensive and trouble than its worth.

Re:What is the implication for companies

[johanw]

Not to mention things like open source encryption software like GnuPG or Signal. They sell nothing so need no local front to deal with payments. Only remaining option is they get blocked (hi Brasil).

whatever China wants

[turkeydance]

China gets.

Re:whatever China wants

[khasim]

So tech companies will have at least 2 product lines.

a. for everywhere EXCEPT China
b. for no place BUT China

What will happen to this law once Chinese tech is not accepted anywhere except inside China?

And how many Chinese companies will be able to produce anything from category "a"? Remember, there is a LOT of tech that is manufactured in China but still belongs to non-Chinese corporations.

Re:whatever China wants

Devil's advocate here:

I understand that this is a missive from the Chinese government to hand over keys if needed... but there is still a big gap between handing over keys that are in a company's possession as opposed to actively having to build in backdoors or key escrow by law.

I would say that what China did is what a lot of Western governments have done. For example, the UK has the RIPA act. Other governments have the same, or they use a mechanism similar to search warrants.

Am I worried about this being a mandatory back door law which allows China to have access to any and all components before they go out the door? Great for conspiracy theories, but China would lose a lot of face and piss off a bunch of companies. Of course, one can say that China does do some coercion on execs to allow this... but I have never heard anything other than an AC or two with a tale on that.

Re:whatever China wants

>> So tech companies will have at least 2 product lines.
>> a. for everywhere EXCEPT China
>> b. for no place BUT China

I was still waiting for the part where you said the products would actually differ. Silly me.

Re:whatever China wants

[rtb61]

To say it is China 'only', is really inaccurate, there are a whole bunch of countries with similarly repressive regimes. You can understand their need to do so though. You have hundreds of millions working in poverty, working extremely hard, for bloody little recompense, this cheered on by western corporations (the idiots are cheering their own demise, fools) and keeping a lid on that social injustice takes real effort but that lid is loosening all of the time and they simultaneously seem to be easing off whilst applying more controls. Other regimes around the place are just down right evil or just becoming that way (lipstick on a very greedy pig, looks at us).

What it means is rapidly rotating encryption keys and different keys for different users (1 per, have fun untangling that mess) and user to user encryption keys, completely separate from user to server encryption keys. You can not give them a copy of what you do not have.

Re:whatever China wants

Having two product lines means jack. Any company that wants to be able to sell something in China will simply strip out the encryption hardware and do pure software based crypto. (Altering where needed to comply with local authoritarians. ;) ) or they simply won't do business with China anymore.

The latter is more likely at this point as companies don't want (and may have legal restrictions against) a foreign government committing espionage with their data, and the fact that China is increasingly not as cheap as it used to be for product manufacturing. (Their middle class is getting bigger and getting access to more expensive luxuries, so they want better pay.)

At the very least if China tries to enforce this, the US government is not going to be buying anything that's been near China's jurisdiction for fear of compromise, and I have a feeling other countries will follow suit. (They definitely complained when the US PRISM program was leaked to the public.) That alone will get companies wanting to ditch China to keep their customers.

Re:whatever China wants

What does this mean for Apple devices manufactured in China? lol... I think the Chinese government will soon have root on your phone!

Re:whatever China wants

[amiga3D]

I don't really see why China needs the keys. They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require. I guess they're just lazy.

Re:whatever China wants

[Gavagai80]

China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?

Re:whatever China wants

[ShanghaiBill]

They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require.

That doesn't work when you have 1.3 billion suspects. This is not about investigating a few specific individuals, but about mass surveillance of the entire population.

Re:whatever China wants

[ShanghaiBill]

China has to oppress/spy very hard to prevent the poor working class from starting a communist revolution, eh?

Actually, yes. There are a surprising number of "reactionary" communists in China, that want to go back to Maoism, despite the disastrous outcome of his policies. It is fairly common to see people with little Mao pins on their lapels, especially in inland areas, and some Hunan restaurants have little "Mao shrines" (Mao was from Hunan).

Re:whatever China wants

I don't have a phone. Haha all you people who don't know how to live without one.

Re:whatever China wants

Bingo. Look at Android. Its encryption of /data is in software, using encryption built into the Linux kernel. It doesn't depend on any hardware on the device. One can also change the password for /data so one's PIN isn't the same as the password that mounts the partition. This way, if an Android phone was completely compromised, the fact that the encryption is done in software can make it a lot tougher to recover keys from, just by using a different OS version.

iOS, on the other hand, is dependent on a black box chip made in China, that magically unlocks the data on it when it boots. If that chip gets compromised, there goes security for all iOS devices of that model/vintage.

Of course, there have been issues where the US government has balked at buying Chinese goods. Even though Lenovo is green-lighted, there was that issue a few years ago where intel agencies would refuse to buy that brand of computer.

Re:whatever China wants

[AmiMoJo]

This is already the law in many other countries, China is just catching up. Apple and everyone else will use the same privacy enhancing technique to avoid complying as they do everywhere - they won't have access to the keys. They will only be forced to turn over metadata, which is as bad or worse but hard to avoid.

Re:whatever China wants

[rtb61]

I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).

Re:whatever China wants

Tech companies already have two product lines, one for Chinese Intelligence Agencies and one for Western Intelligence Agencies.

Re:whatever China wants

What will happen is that the rest of the world then buys or steals it from China....

Re:whatever China wants

[arth1]

I don't really see why China needs the keys. They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require. I guess they're just lazy.

That doesn't work for international companies, where the only key holders reside outside China. No matter how many people they strongarm in China, they don't know the passwords and don't have the other end of dual-key pairs needed to decrypt anything vital.

Re:whatever China wants

That doesn't work for international companies, where the only key holders reside outside China. No matter how many people they strongarm in China, they don't know the passwords and don't have the other end of dual-key pairs needed to decrypt anything vital.

You misunderstand. Companies that cannot or will not comply will simply be bared from doing business in China or selling their products there. That's the trump card that the Chinese government has always held. It's the reason why Google decamped from China years ago and probably now will never return. This is good news for those of us here in the United States. The Chinese are essentially cutting themselves off from the world technology market. It's exactly the sort of law that we hoped our government here in the United States, FBI director not withstanding, wouldn't be stupid enough to pass. Instead, the Chinese beat us to the draw and promptly shot themselves in their own foot. The smartest thing that our government here in the United States could do now is to say that they will pass no law limiting the use of encryption and that as a free and open society we're open for business. If there are any smart people from the US government reading this, please don't copy the Chinese. You won't stop terrorists by doing it and you will have handed the future leadership in the technology markets right back to them. The Chinese have just made their first major strategic mistake, an own goal of massive proportions. Let's not return the favor and cut off our nose to spite our face, as the Chinese have done.

Re:whatever China wants

Actually, yes. There are a surprising number of "reactionary" communists in China, that want to go back to Maoism

Let them. It would be a great day for the American middle class if the Chinese were to do something so foolish. Although, I doubt that the Chinese will be so accommodating, essentially throwing the match, but one can always hope and if we win because our adversary behaves stupidly, I shan't complain.

Re:whatever China wants

Yup, NSA playbook chapter 3.

Re:whatever China wants

Apple and everyone else will use the same privacy enhancing technique to avoid complying as they do everywhere - they won't have access to the keys. They will only be forced to turn over metadata, which is as bad or worse but hard to avoid.

The Chinese government isn't used to hearing the word "no" from foreign corporations or foreigners in general for that matter. I doubt they will be satisfied with your answer. No, I suspect that they will tell Apple and other companies to "give us the keys or you don't do business in China". The Chinese have just called Apple's bluff. Soon enough we will see the river card and who holds the winning hand, Apple or the Communist Party of China.

Re:whatever China wants

[arth1]

Oh, I understand it well enough. I was commenting on someone who thought that China could always strong-arm the keys or passwords, which won't work. Companies will protect their assets from the Chinese, and pull out if the Chinese won't play ball.

It's not necessarily good news for Americans as much as it is good news for other countries with cheaper manufacturing than the US. Korea comes to mind.

Re:whatever China wants

What You misunderstand is that China is not cutting themselves off from the technology market. They are cutting the rest of the world off from the technology market.

Re:whatever China wants

And where was Your computer manufared? Does it have a little "made in China" sticker?

Re:whatever China wants

[johanw]

That doesn't matter much, Chinese workers are getting more expensive already. Foxconn is opening factories in cheaper India already.

Re:whatever China wants

[drinkypoo]

I see you completely missed the bit where the Government of China switched from communism to fascism without changing the name (left wing, right wing, reach around far enough and they touch).

Was China ever really communist? The guys at the top have always had it much, much better than everyone else. I doubt perfect Communism is even possible without a computer running the show, but they didn't even come close.

Re:whatever China wants

[DigiShaman]

So tech companies will have at least 2 product lines.

No. You and everyone else here is WRONG! Let me tell you what will happen.

China, India, the EU, America, etc, will come together on a treaty binding agreement by which each nation has access to their own citizens data without compromising the sovereignty and rights of others. Born out of this unholy alliance will be a "Government API" baked into the next iOS, OSX, Android, Windows, and other commercially available OSs**, and possibly at the hardware level too. What this means is that when you activate your new devices, you choose where you live (as you abide by their laws). From there, your encryption will be chosen with the system that the respective nation has access too.

**I begin not to suspect what will happen to open source platforms other than deemed to be illegal (possibly).

Re:whatever China wants

[KGIII]

20 years ago, I'd have called you an idiot. Dunno what to make of that but, alas, that's how it was - at least on the surface.

Re:whatever China wants

[Agripa]

So tech companies will have at least 2 product lines.

a. for everywhere EXCEPT China
b. for no place BUT China

The difference could amount to no more than a change in firmware or configuration.

Re:whatever China wants

[Agripa]

They can just slap the suspects in jail and start applying electro-shock therapy until they spit out the passwords they require.

That doesn't work when you have 1.3 billion suspects. This is not about investigating a few specific individuals, but about mass surveillance of the entire population.

It also does not work if I took steps such that when my hardware was seized, the encryption key in physical form like the ordering of a deck of cards or bills was destroyed.

"Why yes officer, I will be happy to hand over my encryption key. The key was encoded in the stack of bills which was in the envelope next to the computer so I will need those to recover it ... Um, these are out of order and the higher denominations are missing."

Re:whatever China wants

[Agripa]

To say it is China 'only', is really inaccurate, there are a whole bunch of countries with similarly repressive regimes.

And while these smaller countries may not have the moxie to enforce key recovery on the manufacturers, they will not need to if the US (or China?) does it for them.

It's kinda horrifying

It's kinda horrifying that we are so close to chinese draconian laws or even further advanced that we can't even complain about them. This is about to be implemented in the U.S. and in U.K. you get to stay in jail until you reveal your password.

Re: It's kinda horrifying

[Noah+Haders]

Weve definitely lost the moral high ground.

Re: It's kinda horrifying

Staying in jail is the right way to handle the situation. If the court orders you to legally turn over the information and your lawyers fight and lose the counter argument. The only two recourses is you comply with the order or refuseniks are held in contempt. Encryption doesn't mean you never have to give information, but it does mean the government needs to use public legal methods to request the data. What we should be avoiding is secret courts where keys can be accessed without the knowledge of the owner.

Re:It's kinda horrifying

Funny how when I was in school they'd hold up things like this as examples of things communist countries would do that we in the freedom loving west would never even think of--and now we seem to be leading the charge here. China is scarcely the first country to think of this sort of thing.

It will be hard to implement in the US because even this disgusting group of politicians and judges have not shredded the Constitution that much yet. They'll try to pass something and the federal government will do absolutely everything it possibly can to try to keep it from getting to the Supreme Court.

That's the tactic they used with gun control laws for decades--they'd fold on a case when they thought they'd lose just so it couldn't be appealed higher because the Second Amendment means what it says. So when gun rights activists finally got cases to the Supreme Court their rulings came as a huge shock and big change when it didn't have to be that way.

Now encryption proponents, knowing that the First and Fifth Amendments mean what they say just as much as the Second means what it says, are going to have to adopt the same tactics--be uncompromising and do not allow the feds to keep this stuff bogged down in lower courts as was done to gun owners. They might have to get politically militant too. Other than the brilliant fighters at the EFF and the ACLU (with apologies to organizations I'm accidentally omitting), tech people aren't really used to that yet just as gun owners used to not be. Then we have the problem that the ACLU is a bigger more well known organization but thanks to conservative propaganda they're absolutely despised by a lot of people on the right because reasons, the fight on a user advocacy level is going to have to be carried by the smaller organizations.

One big advantage is the tech industry is a lot bigger than the gun industry, isn't as polarizing to a lot of people, and some of them aren't going to be too happy about this either, though others will be traitors to all of us and cooperate with the government willingly. Those traitor companies need to have their customer base dry up so they can be sued by their shareholders for not acting in the shareholders' best interests. It's sad to have to resort to big money politics but it's going to be required now that we live in the Corporate States of America.

Meanwhile, be sure to support the EFF or other freedom fighting group of your choice because this kind of stuff needs to be put in an early grave.

Re:It's kinda horrifying

It's kinda horrifying that we are so close to chinese draconian laws or even further advanced that we can't even complain about them. This is about to be implemented in the U.S. and in U.K. you get to stay in jail until you reveal your password.

I forget my passwords any time I am under duress.

China

[liqu1d]

Please stop being the UK govs role model...

Like it would matter much

[daniel23]

If a key which is in the hands of a company (Apple, Huawei, ...) is your only line of defence WRT the security/privacy of content you supply or save, then you should regard this content to be public and open for preying eyes already. I think it is called "trusted" in that negative, military sense.
Just like email sent to a @gmail.com account or company secrets in an office365 account. Your grandma and neighbour won't get there, police/law enforcement will have sever problems. But 3LetterAgencies of many governments will read it if they want to.

Why?

This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.

Why would they view it suspiciously? They'll fall into line and do what the Chinese government requires of them because they'll deem it worth the cost. Money and profits above all else.

Re:Why?

[Rick+Zeman]

This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.

Why would they view it suspiciously? They'll fall into line and do what the Chinese government requires of them because they'll deem it worth the cost. Money and profits above all else.

Yep. Research In Motion paved the way when they handed over BES encryption keys to the Indians.

Re:Why?

This latest move is one that will be view very suspiciously by foreign companies operating within China, or looking to do so.

Why would they view it suspiciously? They'll fall into line and do what the Chinese government requires of them because they'll deem it worth the cost. Money and profits above all else.

Yep. Research In Motion paved the way when they handed over BES encryption keys to the Indians.

Blackberry doesn't have access to BES which is end to end encryption and uses your own company's server, they gave them access to the local BBM (consumer) chat messages which Blackberry is able to access.

This might be good for the USA

[giltwist]

Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.

Re:This might be good for the USA

The NSA and friends are behind all of this.

Re:This might be good for the USA

Too late, they already passed CISA. America has already demanded the encryption keys as "information sharing."

Re:This might be good for the USA

Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.

How unbelievably naive. This will just make American politicians envious.

Re:This might be good for the USA

There is *way* too much money to be made by having access to these keys. Every government in the world will demand them.

Re:This might be good for the USA

[93+Escort+Wagon]

Politicians in the U.S. and Europe will have no difficulty in, on the one hand, decrying this as an oppressive move by a non-democratic government while simultaneously, on the other hand, continuing to demand that THEY need exactly the same thing in order to combat terrorism.

Re:This might be good for the USA

[penguinoid]

There is *way* too much money to be made by having access to these keys. Every government in the world will demand them.

Funny you should say that. Cue the NSA (plus some more daring entrepreneurs) getting access to the Chinese backdoors, and thus p0wning every device in China. Lots and lots of money to be made, easily enough to pay huge bribes to whatever government official can sell you the backdoor.

Re:This might be good for the USA

America hasn't demanded jack squat. The politicians did it because the three letter agencies black balled them. Most Americans are against warrantless surveillance on both sides of the political spectrum. Corporations are the ones in control though, and those who run the copyright alliances are the ones demanding broken security. It's all about robbing the coffers in a declining country.

Re:This might be good for the USA

Haha, no. This will just give the USA more ammunition to use in the War on Encryption. I imagine that the US State Department are actually collaborating with their Chinese counterparts here. A win in China is a win for wannabe authoritarians everywhere.

Re:This might be good for the USA

[EvilSS]

Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis, maybe China demanding encryption keys will get some American politicians to back off of the idea.

Well china also has laws against murder and rape. Just because we don't see eye-to-eye doesn't mean that we can't ever agree on something if it makes sense and protects innocent people.

That is what the politicians will say. Or some version of that anyway. Don't think for a minute that they won't find a way to argue around it.

Re:This might be good for the USA

Just like the USA distanced itself from eugenics (such as the mandatory sterilization of people with mental disabilities) when it got popular with the Nazis...

Perhaps I'm forgetting history, but IIRC the USA actually embraced eugenics with the rise in popularity of the Nazis and it was only AFTER the war and the holocaust that eventually the USA quietly back-peddled on support of such things--in private, there was still plenty of support as even today Social Darwinism and eugenics are still here.

...maybe China demanding encryption keys will get some American politicians to back off of the idea.

As if there was some idea that China wasn't or isn't demanding (or secretly creating) backdoors, encryption keys, etc. If anything, this just gives more fuel to the "well, we got to do it to protect ourselves" bullshit. Because it's all bullshit and the people who want it want the same sort of inherent tyranny that China has. The whole "for law enforcement purposes, we need to be able to get the information [under a court order]" is inherently bullshit for the obvious reason that the argument justifies putting cameras everywhere, recording all phone calls, opening and copying all mail, etc with the "[under a court order]" to search it.

How about we just call the people for what they are: wanna-be Stalins and Hitlers. There's no reason to pussyfoot around it and discuss the relatively minor shit that China does or use/abuse their actions for justification for/against anything.

Re:This might be good for the USA

[arth1]

Most Americans are against warrantless surveillance on both sides of the political spectrum.

Most Americans have no idea what encryption or data surveillance entails, and are more concerned with the price of TV dinners at Wal-Mart.

Re:This might be good for the USA

[galactus66]

LoL, most Mricans don't even know who Snowden is and what their government is doing under their noses..

Re:This might be good for the USA

Most Americans are concerned with real issues rather than flipping out because nobody is going to disappear you for watching midget porn like spastic geeks keep carrying on about.

Re:This might be good for the USA

[Jason+Levine]

I wish this were so but politicians will call for China to not have encryption keys and then turn around and demand that the US government have all the encryption keys without any sense of cognitive dissonance. Many of these politicians will continue on to rail against big government while still arguing that government should have back doors into all encryption.

Re:This might be good for the USA

Most Americans are against warrantless surveillance on both sides of the political spectrum.

Most Americans have no idea what encryption or data surveillance entails, and are more concerned with the price of TV dinners at Wal-Mart.

Most people have no idea about much of anything, and are more concerned with obtaining their daily food.

FTFY.

Manufacturing in China

Shows they endorse Communism over American freedom.
Sad really actions tell the real story not words ask any American Indian.

Re:Manufacturing in China

Shows they endorse Communism over American freedom.
Sad really actions tell the real story not words ask any American Indian.

The politicians used to rant about the evil communists of Russia yet are lap dogs to the repressively evil corporate "communists" in China. Western Governments are China's bitches.

solution: don't have the keys to hand over?

if you work on different security models where the keys aren't owned by Apple they can't hand them over and then voila.

Democrats

[AndyKron]

Don't the Democrats want basically the same thing?

Re:Democrats

No.

Re:Democrats

[penguinoid]

Both the Democans and Republicrats want to kill encryption, albeit for different ultimate purposes. (Amusingly, both you and AC just below had the same thought simultaneously.)

Re: Democrats

No, they want to do more.

Re:Democrats

I disagree with your assertion that it's for different ultimate purposes. IMHO they're for the same ultimate purpose, they just justify it differently.

Re:Democrats

[cavreader]

China can make a law such as this because they do not have to worry about any domestic protests or complaints. They do not have an adversarial forum to debate new laws. The only discussion in amongst the top Party leaders behind closed doors.

Re:Democrats

[amiga3D]

It's actually a bipartisan issue. Almost any time the Repukes and Dumbcraps get together on something you know the American people are about to get reamed.

Re:Democrats

[penguinoid]

The Democrats want to spy on us to get more power, without losing too many votes from Democrat voters.
The Republicans want to spy on us to get more power, without losing too many votes from Republican voters.
Thus, the justification for the spying is different because it has to appeal to different demographics.

Re:Democrats

Republicans sponsored, chaired, "wrote", and passed CISA all in behalf of their lobbyist-masters. Don't kid yourself for one second. They aren't bootlickers.

Re:Democrats

[Darinbob]

Most of the politicians do. They don't understand the math, or the economics, or any other of the concepts. What they do know is that they have to respond to accusations that they're being weak on fighting terrorists. There's no left or right ideology here other than to look like you're being useful to the voters.

Law enforcement if left unchecked will assume more and more power, and the government is being lax in its duties by not saying "no" to those grabbing hands more often. If their only goal is to stop all crime then the logical end result is to remove all freedoms from all citizens; prevent crime by incarcerating or separating everyone. The rule in law enforcement is to assume guilt until innocence is proven, and if innocence is proven then submit a press release that objects vigorously to letting the suspect go. And so they are lobbying the politicians trying to get their way, "it's easy" they say, "just let us have a back door!"

Re:Democrats

[Bite+The+Pillow]

It don't matter. Civil disobedience is still a thing, and if you're willing to spend some time in jail, not because you are guilty, but because you believe in something, then it doesn't matter what any political party wants.

Gonna do like they did during the prohibition and drink anyway? Gonna do like they did when being black was a crime?

Or you gonna post nihilistic garbage every time some other country does something that, due to the deep tradition in feudalism and monarchy, and willingness to disappear people basically in public, is really only possible there?

Oh, make parallels if you like, but be sincere. Don't be stupid so that I have to point out your stupidity.

Re:Democrats

The occupy movement did all of what you just said, no one listened. Until someone at the top who cares gets in and the USA takes a hard left turn towards expanded civil liberties then it doesn't matter. Republicans need to lose control of congress for things to get better, along with an actual liberal in the White House and not a DINO.

Re:Democrats

[DigiShaman]

Everyone is Washington DC that's pushing this will be Investing in BlackBerry (RIM) stock. Once the law goes into effect, stock will soar!!! And the best part? You won't do fuck-all to stop it! Democracy all a charade because the populous stopped giving a damn a long time ago.

Re:Democrats

So Democrats == Chinese Commie ?

This is what Republicans...

want for the US.

Re: This is what Republicans...

China is more free than the USA.

Re: This is what Republicans...

They already did this to us. Did this to us.

Re: This is what Republicans...

So much more free. So much more free.

Re: This is what Republicans...

Want? No, they already have.

Re: This is what Republicans...

It always has been.

Re: This is what Republicans...

Hey don't want it. They already have it.

Re: This is what Republicans...

It's so sad how much they hate us.

How interested is Apple in selling stuff in China?

[QuietLagoon]

The answer to that question is the answer to the larger issue here.

.
If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.

It's as simple as that.

Weird.

[MakersDirector]

They've tried asking for this before in the past, and also tried asking for complete system blueprints of the things being built as companies outsource components to China but assemble them domestically.

China's rotten history in regards to respect for Intellectual Property and Human Rights aside, if any policing agency attempts to reinforce this law, the company will quite likely move out and then outsource to another country such as Vietnam or Cambodia should they push it.

China needs to find better and less invasive ways to police those who choose to do business with them.

Apple's response will be...

[ameline]

Apple's response will be that they have handed over all the keys they have.

Unless China is mandating that devices can't negotiate their own keys without the involvement of Apple. But that would mean banning entire categories of apps.

Re:Apple's response will be...

And that is somehow beyond their capabilities, legislative power or interest? Why would China care that they are doing so? Let me remind You that pornography is illegal in China -- what's a category of apps to most of the Internet by volume?

Easy solution

[Dishwasha]

Give Chinese consumers crippleware products so no company cares enough to protect its Chinese sold IP.

Re:How interested is Apple in selling stuff in Chi

[amiga3D]

Seems simple enough. An iPhone 666.

Deliver keys remote by 3rd party

If keys were distributed on initial boot by a 3rd party, could the law as it is currently written be circumvented?

Yet another reason

[swillden]

Yet another reason for companies to make sure they don't have the keys to their users' data. You can't provide what you provably never had.

Of course, if governments require vendors to escrow the keys that strategy won't work. But it doesn't appear that China has gone that far.

Re:How interested is Apple in selling stuff in Chi

[Sir+Holo]

What does a law passed by the Chinese Parliament have to do with Apple, particularly?

non story

This is a non story China is a communist dictatorship. They can and will do whatever they want. The Chinese people should rise up and destroy the communist party and join the rest of the world as a free and democratic nation.

Re: non story

This is a non story the US is just like a communist dictatorship. They can and will do whatever they want. The American people should rise up and destroy the two parties and join the rest of the world as a free and democratic nation.

Re:non story

HAHA. Yes. They should join us in the West. Where our governments are doing the exact same thing against our will, but at least we are free and democratic!

Re: non story

Nice try, China.

Re:non story

This is a non story China is a communist dictatorship. They can and will do whatever they want. The Chinese people should rise up and destroy the communist party and join the rest of the world as a free and democratic nation.

Chinese just want their bowl of government issued rice each day. They care not for a better society free of oppression. Chinese culture is rooted in oppressive rulers from the earliest days. Not a country to celebrate much less do business. With the price of Apple iPhones Apple can afford to build them in North America and only reduce their profit margin by a few percentage points.

Re:How interested is Apple in selling stuff in Chi

But um, Apple has no keys. Apple, says, WTF?

Re:How interested is Apple in selling stuff in Chi

[EvilSS]

What does a law passed by the Chinese Parliament have to do with Apple, particularly?

Apple, in particular, has been fighting against pressure from the US Government to do exactly what this new Chinese law requires. Back in iOS 8 (Or was it 7?) Apple stopped storing the encryption keys for iOS devices on their systems, so they cannot comply with government orders to unlock or decrypt user data on phones. The US DOJ and the CIA have been throwing an fit ever since. Now it looks like if Apple wants to continue to sell phones in China, they will have to give in and then that will give the US government some leverage to try to force them to do it here as well.

Certs

[darkpixel2k]

...and removing all Chinese certs from my trusted certs list in 5....4....3...

Re:How interested is Apple in selling stuff in Chi

[BigBuckHunter]

then Apple will comply with the laws of China.

As most of us have found out when going for PCI compliance, the best way to protect data is often not to possess it. If the keys are generated by the consumer, than it is the consumer that needs to hand over the keys, and not Apple. My understanding is that Apple cannot decrypt customer data, even if they wanted to, as only the customers possess the key(s) to do so.

Clinton does, Sanders doesn't

Sanders voted against CISA while Clinton wants a "Manhattan Project" where Google, Apple, and MS give the government your keys "voluntarily".

Re:Clinton does, Sanders doesn't

[Viewsonic]

She said no such thing. Read her comments again, she said she understands the danger of having keys like that from companies. Her Manhattan Project quote shows she wants to work with companies to try and come up with a solution, if there is one, nothing more. We all know there is no solution other than having better hackers than everyone else.

People falling for headlines over the actual substance again.

Re:How interested is Apple in selling stuff in Chi

[StormReaver]

If Apple wants to continue selling devices in China (which is a needed market for Apple, as the US market is becoming saturated), then Apple will comply with the laws of China.

Which is why it is better for all tech firms to not have access to encryption keys. End to end encryption needs to be the standard, so there are no keys to turn over.

Re:How interested is Apple in selling stuff in Chi

The Chinese people will always be able to download non-corrupted OS's and install them, Comrade. The hackers of the free world will see to that.

Iceberg dead ahead

[nehumanuscrede]

A difficult choice for tech companies is coming. If they provide the Chinese with the backdoors they ask for, they can't very well deny any other governments who ask for the same thing now can they ? They'll have to build country compliant models to appease every little dictator on the planet :|

Otoh, if they refuse to play ball, they'll be blocked from selling products in the country, depriving them of large amounts of revenue. Perhaps this is how China will force it's citizens onto China authorized products instead of Apple, Androids, etc.

After all, it's easier to control people when you limit their choices.

My guess, however, is that the dollar signs are flashing before their eyes even as I type this. If we know Google and Apple half as well as we think we do, you know they're going to cave in because it's just too much money to give up. In the business world, $$$ > morals every time.

Re:Iceberg dead ahead

Didn't Google already pull out of China? Or was that something else?

Re:Iceberg dead ahead

[R3d+M3rcury]

Well, that depends.

Consider that Android is Open Source. Google can easily not include it on their phones sold in the US. I'm not sure how many Nexus phones Google sells in China but I can't imagine that it's that many. Google wouldn't take a huge hit in sales if they just didn't sell their Nexus phones in China and they'd probably make promotional hay out of it--"We'll forgo our sales in China to keep your data as safe as possible." As you say, there are plenty of Chinese companies who already sell Android phones in China and I'm sure it wouldn't be a big deal for them to come up with a version of Android that has breakable encryption.

Re:Iceberg dead ahead

I would point out that there was an absolute correlation between Blackberry starting to cooperate with governments and their products falling out of favor with everyone. They gave up the one advantage in the market they had willingly and they lost big time because of it.

Re:Iceberg dead ahead

[currently_awake]

Everything China does is for their own benefit. They only allow foreign corporations to do business in China so they can steal their technology and trade secrets. As soon as they have done that they set up home grown competition and block the foreign sales. Doing business in China is corporate suicide.

No different.

[MadMaverick9]

So how is this different from what the UK and the US and other governments want?

http://it.slashdot.org/story/1...
http://tech.slashdot.org/story...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...

etc.

View of the law via Chinese press

[QuietLagoon]

China adopts first counter-terrorism law in history

...The law establishes basic principles for counter-terrorism work and strengthens measures of prevention, handling, punishment as well as international cooperation, he said.

Under the new bill, telecom operators and internet service providers are required to provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities.

They should also prevent dissemination of information on terrorism and extremism.

Li Shouwei of the National People's Congress (NPC) Standing Committee legislative affairs commission, said the rule accorded with the actual work needed to fight terrorism and was basically the same as other major countries.

"The clause reflects lessons China has learned from other countries and is a result of wide solicitation of public opinion," he added.

"(It) will not affect companies' normal business nor install backdoors to infringe intellectual property rights, or ... citizens freedom of speech on the internet and their religious freedom," Li said.

China's national security law adopted in July also requires Internet and information technology, infrastructure, information systems and data in key sectors to be "secure and controllable"....

Re:View of the law via Chinese press

Under the new bill, telecom operators and internet service providers are required to provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities.

This is the wording. There's no mention of "hand over encryption key."

And requesting *encryption* key just doesn't make sense.

The reporters are obviously fooling you readers.

Wow

They're as bad as the UK.

Apple should NOT leave China

[TiggertheMad]

Apple should comply with this request, it is actually a very good thing for the US (and terrible for china). By creating this backdoor, China is painting a huge target on the server(s) that store these 'master keys'. Every foreign intelligence agency in the world will want in and they will get in. Someone will forget to check a password buffer when coding it, or someone with an admin password will be presented with embarrassing pictures, and then wham! every western Intel agency will have access to the phone data for all the important people in China. This data will need to be used by so many people that it should be trivial to compromise someone with a master key.

Apple will then be complying with China's laws, and can keep raking in the bucks by selling them easy to compromise phones and personal gadgetry. Nothing requires them to then cripple their phones in other parts of the world, which they will presumably not do so they can claim that they have a secure platform as a sales point every else. Win Win.

Of course, the person getting fucked is the average Chinese person. They are being ass-reamed even harder by the government stooges, but perhaps this will be the thing that finally pisses the populace off enough to finally rise up and start hanging all the communist stooges running the country.

I bet the NSA is having a massive Christmas circle jerk over this one. Their job just became a million times easier...

Re:Apple should NOT leave China

[mark-t]

Apple should comply with this request

When Apple doesn't have the keys in the first place, is that really non-compliance? And if so, how would they be expected to *POSSIBLY* "comply"? How can they hand over encryption keys they do not have?

Re:Apple should NOT leave China

[nullchar]

Seems trivial to:

if (region == china) {
    uploadKeychain(...);
}

Re:Apple should NOT leave China

[Jason+Levine]

Step 2 will be banning any encryption where the company doesn't hold the keys (and thus can't give them to the government).

Re: Apple should NOT leave China

Except they don't have the fucking keys to upload. What don't you understand? Your little pseudo code is worthless.

Congrats to you for figuring out a fucking if statement. You must be proud. I remember my first beer.

Re:Apple should NOT leave China

[c]

Apple should comply with this request, it is actually a very good thing for the US (and terrible for china).

I'd actually like to see Google produce a phone, calling it, say, the "Nexus Patriot" or "Nexus Law Enforcement Edition", implementing full backdoor capabilities. And, when they start selling it, pre-emptively send the decryption keys and all necessary software to all government security agencies, including those of pariah nations like North Korea.

If that doesn't make a lasting point... ah, who am I kidding. These fuckers still wouldn't get it.

Re: Apple should NOT leave China

Did you have your first beer while posting that?

The code runs on the Chinese-market phone, where the keys are stored, not on Apple's servers. Duh.

Re: Apple should NOT leave China

[nullchar]

Yes, this "code" runs on the phone where the keys reside. If Apple doesn't store the keys on its servers and you don't store the keys on your phone, how can anyone use the keys?

Re:Apple should NOT leave China

[Agripa]

When Apple doesn't have the keys in the first place, is that really non-compliance? And if so, how would they be expected to *POSSIBLY* "comply"? How can they hand over encryption keys they do not have?

US law and court decisions matter not one whit to China however in the more restrictive US, I expect it would go something like this at least as far as the courts:

The US already has a court decision which says ephemeral data, that which was stored in RAM even momentarily, is subject to court ordered seizure even if that requires alteration the programming. This could just as easily apply to any temporary state used to setup encryption. So at least in the US, the court can order Apple to change the programming of its devices to record and seize the ephemeral state used by the encryption which can then be used to provide any encryption keys.

I assume Apple would fight this in court but a secrecy order would prevent any of their customers from knowing about it even after resolution.

The problem as I see it as least in the US is more political. Unless this could all be done in secret through the executive branch and the courts, a law passed by Congress would create widespread resistance either in the form of challenges or subversion. The ideal situation for the government is where everybody *thinks* that their private communications are protected by the 4th amendment when in reality they are secretly monitored.

Re:How interested is Apple in selling stuff in Chi

[mark-t]

How would Apple not be complying with China's laws if they had no keys to hand over? Or would they assume that Apple was simply lying?

Does it force

... telecom operators and internet service providers are required to provide technical support and assistance ...

Assistance to do what? Wire-tapping, mass-surveillance, planting malware/evidence. That's a vague statement.

... including decryption ...

Is apple required to know the key on the device? Also, is there a time-frame for finding the key to a phone. Otherwise, it's a "Yeah, that'll be ready in 5 years" situation.

Re:How interested is Apple in selling stuff in Chi

What does a law passed by the Chinese Parliament have to do with Apple, particularly?

Money. That's what. How much do you figure the Chinese market is worth to Apple? Suppose that Apple was made "an offer they couldn't refuse" by the Chinese government: "You decrypt whatever devices we ask you to. If you can't or won't, you don't do business in China". It's quite interesting actually because now we get to see what sort of price Apple places upon its principles and core values. Do they sell out? Stay tuned.

Re:How interested is Apple in selling stuff in Chi

[penguinoid]

It's quite interesting actually because now we get to see what sort of price Apple places upon its principles and core values.

An Apple's core is the part you throw out.

Re:How interested is Apple in selling stuff in Chi

Easy.
China: Hand over the encryption keys to phone X.
Apple: We can't do that, we don't have them. They are generated by the end users.
China: We don't care. Either insert a harware capability for You or us to get the keys from the end users or get the fuck out of our market. You want to try and manufacture Your phones somewhere else? Have fun paying for it several times more. You want to try and fight this regulation? Good luck buying enough rare earth elements for Your electronics, because we control 97% of worlds market for them.

Now please tell me Your response.

What's the issue?

Can not Apple give them the key used by NS*?

Wording.

[drolli]

Always mind you wording in reporting of such things.

If China does it, it's oppression of liberty. If we do it, it's the fight against crime an terrorism.

at least they are forward about it

...unlike the self proclaimed champions of democracy and free speech that go about doing just the same behind everybody's back or pass laws requiring just the same right?!

worthless politicians they will be ruin to all of us for sure. .... back to the topic, it will be interesting to see Apple's response, they're already waist deep in China market and they depend on it for their latest number achievement announcements, as mentioned by others the American market is increasingly tough and since latest designs by Apple like the pencil or the hideous battery pack aren't rising any appraisals I don't think they are going to risk a non compliance to the Chinese government.

Re:How interested is Apple in selling stuff in Chi

[l0n3s0m3phr34k]

" Good luck buying enough rare earth elements for Your electronics, because we control 97% of worlds market for them." Too bad you posted as AC, because I think this is actually the biggest "risk" in general, and not just because of this recent encryption issue. All of our modern electronics needs these, the US shut down it's major rare earth mine at Mountain Pass, CA several years ago. We could try to recycle more phones...but once again most recycling centers are also over in China. Even if we found a new amazing rare earths deposit it takes years to build a mine. The most abundant source we've found so far is probably the Moon, but it will probably be another 25-50 years before we have a functioning mining colony there if ever.

This is a Wonderful Opportunity

[NReitzel]

This is a great opportunity for hackers to exploit back doors and move money from the Chinese economy to (say) the Russian economy.

A government mandated back door is otherwise known as a zero-day exploit.

Woohooo....

So.

[pruedz]

"But also the blatant online surveillance and censorship that takes place." Just like America... And Brazil....

Double-Standards

China already faces criticism from around the world...

Oh, so when China does it, it's all "evil conspiracy" this and "blatant censorship" that, but when good ol' U. S. of Donald Trump A. says the same thing, it's all about "National Security" against "Terrorism!" and "Immigrants!"

Perfect Sense!

Hyperbole

[fulldecent]

Companies / service providers which maintain access to locked containers may be compelled to unlock them upon government request.
In which country is this NOT true?

Of course the state of encryption nowadays is that companies are using the same lock combination for ALL their containers. That is a problem that needs to be fixed (perfect forward secrecy).

Another problem is that companies who carry information often do this by accepting a message from person A and then repackaging it for person B -- which makes them liable for the contents of the message. This is also also fixable (messages sent from person A should be locked only for opening by person B).

I fully support the content of this news article insofar as it has not infringed on The Universal Declaration of Human Rights and as it is bringing more attention to these two existing issues above.

Not just China's goal

[kilfarsnar]

"Under the guise of counter-terrorism, the controversial law is the Chinese government's attempt to curtail the activities of militants and political activists."

This is always the case, whether it's the Chinese government or any other. I wish more people in the general public understood that. At least I don't have to change my sig.

Re:How interested is Apple in selling stuff in Chi

[currently_awake]

I don't think the US government would allow Apple to sell a product that they couldn't spy on.

Re:How interested is Apple in selling stuff in Chi

[mark-t]

They already are.

The Death of IBM

[sdinfoserv]

Now that IBM has sold of the last of their server systems to Lenovo, after following dumping all their PC operations to the same Chinese Lenovo a few years ago... The legacy of IBM is compromised crap.

Unfortunately, No

The "that's a Commie tactic and we aren't Commies" interpretation does not favour the Three Letter Agencies. Therefore I predict they will sell adoption of these practices as, "the Commies have it and in order to be competitive, we must have it too!"

No, it will fall to citizens with a different perspective and agenda, to counter this narrative. We must sell this as "it's an evil commie tactic that no God-fearing American would ever even suggest using". In fact we should say that "only a closet Commie-Loving subversive would suggest our side should use such tactics. It's against God, Freedom and The Flag".

Sure, it's extreme. Given the tactics and wins the Three Letter Agencies have against privacy and the constitution, what choice do we have? They aren't even asking permission to spy on the innocent anymore. They just take the data and persecute anyone who calls them out. All in the name of terrorism and when they can't establish any security wins as a result. It's the triumph of a bureaucratic establishment.

Two girls with green eyes?

[Ham+Javelin]

China is here, Mr. Burton!

China passes law, loses tech companies

You'll get my encryption keys over my cold dead body, and even then, you'd have to have the tech to hack my brain. Ya, good luck with that.