upvote

points

by maltalex9 hours ago |
comments
upvoteby forgotaccount39 hours ago|
next
[-]
> many telecoms are reluctant to do it.

This really buries the lede. Telecoms are reluctant to do it because 'doing' it isn't aligned with their priorities.

Why would a telecom risk bankruptcy by investing heavily into a system that their competitors aren't?

If you want a back-door to exist (questionable) then the government either needs to have strong regulatory compliance where poor implementations receive a heavy fine such that telecoms who don't invest into a secure implementation get fined in excess of the investment cost or the government needs to fund the implementation itself.

reply
upvoteby maltalex8 hours ago|
parent|
[-]
Yes, telecoms should be forced to invest in their own security if they're not doing it. But the focus on the back door misses the point in my opinion. Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.
reply
upvoteby AnthonyMouse6 hours ago|
parent|
[-]
> Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.

This is only because of the design defect that "lawful intercept" requires.

Telecoms should be completely untrusted because everything is end-to-end encrypted. Compromising a telecom shouldn't allow you to do anything other than bring about a denial of service, and even that would only be effective against anyone who didn't have a redundant link with a different provider, which all actually critical infrastructure should. And a denial of service is conspicuous, as opposed to spying on required-to-be-unencrypted traffic which can continue undetected indefinitely and is a significant national security risk.

Our need to not be spied on is greater than our need to spy on ourselves and requiring designs that assume the opposite of that is a major self-imposed security vulnerability.

reply
upvoteby ddtaylor9 hours ago|
prev|
[-]
The problem is the back door.

Decentralized systems don't have the same faults.

Just because you want to force a structure or paradigm doesn't absolve it of responsibility for the problem.

Hand waving the problem away because a company is bad at management or scale doesn't change anything.

reply
upvoteby KaiserPro8 hours ago|
parent|
next
[-]
you are both confusing two issues.

Yes there is a lawful intercept system that operates inside telecoms networks, that is an issue.

The other issue is that there is no real security inside said telecoms networks. (side note, there is still fucking SS7 floating about)

Salt typhoon is not "just hijacking lawful intercept" its ability to fuck with the network in a way that is largely undetected. Sure the intercept stuff might help, but they don't actually need that. In the same way we learnt about state actors taking complete control of middle east telecoms systems, we can be fairly sure that other state actors have taken control of USA telecoms systems

Both the Executive and congress have done shit all about it, and will continue to ignore it until something happens

reply
upvoteby maltalex6 hours ago|
parent|
next
[-]
> you are both confusing two issues.

How am I confusing the two? My whole point was the same as yours - that the existence of lawful intercept is a separate issue and that the focus should be on securing telecoms.

reply
upvoteby pigggg7 hours ago|
parent|
prev|
[-]
This. The lawful intercept infrastructure is one facet of their network. The rest of their infra is also a deep concern: call records, SS7 signaling, the IP network, mobile infra and it's back end (sim swapping).
reply
upvoteby maltalex8 hours ago|
parent|
prev|
[-]
Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure. Telecoms should be highly secure. Period.
reply
upvoteby ddtaylor8 hours ago|
parent|
[-]
It's okay to have unlocked backdoors because you don't lock your front door?
reply
upvoteby Clent8 hours ago|
parent|
next
[-]
No, it's pointless to complain about the existence of a backdoor, locked or unlocked because there is a front door that is not being locked.
reply
upvoteby maltalex8 hours ago|
parent|
prev|
[-]
I get that you don't like lawful intercept. That's fine. But focusing on only that aspect of telcos derails the conversation and prevents us (in the very broad sense of "us") from making progress on things we all agree on. Can we stop bikeshedding and agree that telcos are critical infrastructure and need to be highly secure in general?

A hacker in control of a telco can do as they please regardless of any backdoors or lawful intercept systems. They can just use regular network functions to route calls wherever they want.

reply