top | item 46946890

(no title)

> many telecoms are reluctant to do it.

This really buries the lede. Telecoms are reluctant to do it because 'doing' it isn't aligned with their priorities.

Why would a telecom risk bankruptcy by investing heavily into a system that their competitors aren't?

If you want a back-door to exist (questionable) then the government either needs to have strong regulatory compliance where poor implementations receive a heavy fine such that telecoms who don't invest into a secure implementation get fined in excess of the investment cost or the government needs to fund the implementation itself.

discuss

maltalex|20 days ago

Yes, telecoms should be forced to invest in their own security if they're not doing it. But the focus on the back door misses the point in my opinion. Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.

AnthonyMouse|20 days ago

> Even if the back door wasn't there, you wouldn't want nation state hackers anywhere near telecoms since they're critical infrastructure.

This is only because of the design defect that "lawful intercept" requires.

Telecoms should be completely untrusted because everything is end-to-end encrypted. Compromising a telecom shouldn't allow you to do anything other than bring about a denial of service, and even that would only be effective against anyone who didn't have a redundant link with a different provider, which all actually critical infrastructure should. And a denial of service is conspicuous, as opposed to spying on required-to-be-unencrypted traffic which can continue undetected indefinitely and is a significant national security risk.

Our need to not be spied on is greater than our need to spy on ourselves and requiring designs that assume the opposite of that is a major self-imposed security vulnerability.