Interesting article in the New York Times – “How China meddled with the Internet,” based on a report to Congress by the United States-China Economic and Security Review Commission. The Times article talks about an incident where IDC China Telecommunication broadcast inaccurate Web traffic routes for about 18 minutes back in April. According to the Times, Chinese engineering managers said the incident was accidental, but didn’t really explain what happened, and “the commission said it had no evidence that the misdirection was intentional.” So there was a technical screwup, happens all the time, no big deal? Or should we be paranoid?
No doubt there’s a lot to worry about in the world of cyber-security, but what makes the Times article interesting is this contention (not really attributed to any expert):
While sensitive data such as e-mails and commercial transactions are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key, and there was speculation that China might have used it to break the encryption on some of the misdirected Internet traffic.
That does sound scary right? China has an “encryption master key” for Internet traffic?
Except it doesn’t seem to be true. Experts tell me that there are no “master keys” associated with Internet traffic. In fact, conscientious engineers have avoided creating that sort of thing. They use public key encryption.
So why would the times suggest that there’s a “master key”?
Phi Beta Iota: We have three thoughts:
2) Much more seriously, we have been told that many routers strip security as a routine means of increasing speed. We do not know the truth of the matter, since encrypted emails do arrive with encryption, but as a general proposition, security does seem to have been sacrificed to speed, and it may be there is no need for an Internet key in general.
3) Finally, we would observe that 80% of signals intelligence is pattern analysis, and being able to pull a massive amount of Internet into a place where pattern analysis of who is talking to who can take place, might, conceivably be worth doing.