The 30-year-old internet backdoor law that came back to bite

A few routers stacked on top of each other. Various Ether cables are plugged in, and green LED lights can be seen by each connector.

News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans.

The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.

But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.

“I think it absolutely was inevitable,” Matt Blaze, a professor at Georgetown Law and expert on secure systems, told TechCrunch regarding the latest compromises of telecom and internet providers.

Fact is, any intentional backdoor is not going to be secure. Secrets don’t remain secret. That is just the way things are, and more so if more than one person knows about it.

“There’s no way to build a backdoor that only the ‘good guys’ can use,” said Signal president Meredith Whittaker, writing on Mastodon.

The theory around backdoors comes from the same era as changing your password every 30 days. Times have changed, and we should know better in 2024.

See https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite