Goldschlüssel 4

Es sind harte Zeiten für Goldschlüssel-Fans, nachdem auch die ungarische EU-Ratspräsidentschaft daran gescheitert ist, ein totes Pferd wiederzubeleben, und der Salt Typhoon-Angriff sämtliche Warnungen eindrucksvoll bestätigt hat:

That’s right: the path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers. That path was likely created to facilitate smooth compliance with wrong-headed laws like CALEA, which require telecommunications companies to facilitate lawful intercepts—in other words, wiretaps and other orders by law enforcement and national security agencies. While this is a terrible outcome for user privacy, and for U.S. government intelligence and law enforcement, it is not surprising.

The idea that only authorized government agencies would ever use these channels for acquiring user data was always risky and flawed. We’ve seen this before: in a notorious case in 2004 and 2005, more than 100 top officials in the Greek government were illegally surveilled for a period of ten months when unknown parties broke into Greece’s lawful access program. In 2024, with growing numbers of sophisticated state-sponsored hacking groups operating, it’s almost inevitable that these types of damaging breaches occur. The system of special law enforcement access that was set up for the good guys isn’t making us safer; it’s a dangerous security flaw.

Dem Resümee The only way to stop a bad guy using a backdoor is stopping a good guy implementing a backdoor. können Überwachungsenthusiastinnen wenig entgegensetzen, und die gerichtlich bestätigte Ausweitung des behördlichen Smartphone-Zugriffs ist sicher nur ein schwacher Trost. Man kann eben nicht immer gewinnen.