National-Security Concerns Threaten Undersea Data Link Backed by Google, Facebook (wsj.com) 45
U.S. officials are seeking to block an undersea cable backed by Google, Facebook, and a Chinese partner, in a national-security review that could rewrite the rules of internet connectivity between the U.S. and China, WSJ reported Wednesday [Editor's note: the link may be paywalled; alternative source], citing people involved in the discussions. From the report: The Justice Department, which leads a multiagency panel that reviews telecommunications matters, has signaled staunch opposition to the project because of concerns over its Chinese investor, Beijing-based Dr. Peng Telecom & Media Group, and the direct link to Hong Kong the cable would provide, the people said. Ships have already draped most of the 8,000-mile Pacific Light Cable Network across the seafloor between the Chinese territory and Los Angeles, promising faster connections for its investors on both sides of the Pacific. The work so far has been conducted under a temporary permit expiring in September. But people familiar with the review say it is in danger of failing to win the necessary license to conduct business because of the objections coming from the panel, known as Team Telecom. Team Telecom has consistently approved past cable projects, including ones directly linking the U.S. to mainland China or involving state-owned Chinese telecom operators, once they were satisfied the company responsible for its U.S. beachhead had taken steps to prevent foreign governments from blocking or tapping traffic.
Because... they can't do it at THEIR end? (Score:3, Interesting)
Re: (Score:3, Informative)
If you have access to our end, you can typically tap a lot more than just the one connection. These things aren't terminated on an island in a lone building, they end up on an Internet Exchange that carries multiple connections and carriers, gaining access to one means gaining access to potentially hundreds of trans-pacific and even national connections.
It sounds like the Chinese government wants Huawei to have access to the US Internet Exchange and the NSA is having none of it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You can't have both kinds of security, since they're mutually exclusive. Better to just assume it's totally unprotected, than being "satisfied the company responsi
Firefox users (Score:3)
"[Editor's note: the link may be paywalled"
get the "Bypass Firewalls" extension if you didn't yet.
Re: (Score:3)
"Bypass Paywalls" evidently, damn spellchecker!
Re: (Score:1)
Re: (Score:2)
"Bypass Paywalls" evidently, damn spellchecker!
That extension is no longer available [boingboing.net] for either Chrome or Firefox.
Re: (Score:2)
https://github.com/iamadamdev/... [github.com]
crippling paranoia (Score:3, Insightful)
the USA is the country that destabilizes governments and regions, attacks those that didn't attack it, spies on its citizens, supports oppressive regimes....
but now we're going to limit our internet pipelines over irrational fears, what stupidity.
any threats to the USA from other countries including from China will continue to use the myriad other pipelines already extant.
Re: (Score:1)
Re:crippling paranoia (Score:5, Insightful)
the USA is the country that destabilizes governments and regions, attacks those that didn't attack it, spies on its citizens, supports oppressive regimes....
but now we're going to limit our internet pipelines over irrational fears, what stupidity.
any threats to the USA from other countries including from China will continue to use the myriad other pipelines already extant.
Tell that to Tibet, the protesters cutting down the government facial recognition cams, the North Korean defectors talking about Chinese support, locking up Muslims, etc. Perfect example in 2015 human rights lawyer Wang Quanzhang was "disappeared" by the Chinese government, he was tortured with electric shock, forced to take drugs held for 3x years with no outside communication allowed before he was finally allowed to talk to a defense lawyer and the Chinese government finally publicly acknowledge that he was no longer "missing" and that they had actually been holding him for "subverting state power" and then sentenced to 4.5 years in jail. That wasn't something from decades ago, he was sentenced *this year* in January.
Re:LOL InsaneGeek sock puppet...reactivate... (Score:4, Insightful)
Grand total of 7 posts since registered 2007 (12 years ago).
Last post prior to current post was 2011 (8 years ago).
LOL
Not a sock puppet, but even if I was you didn't refute a single thing I said.
Comment removed (Score:5, Insightful)
Re: (Score:1)
You should know that an "attack from a chinese address" is not the same as "attack by the chinese government"
riots? irrelevant to topic at hand.
maybe you should stay out of things beyond your ken
Re: (Score:3)
Re: (Score:2)
I'm not left, guess again. nor am I Republican (corporate fascist)
Addresses owned by a company and not the chinese government. Attacking South Korea. Guess what, the Chinese and South Koreans don't like each other. so what? it's expected.
This absurd paranoia, about China doing things that the USA is guilty of doing a thousands times as much, is silly. There is zero reason to oppose this fiber, anything the Chinese, government or business, wants to do that is bad can be done over existing connections too
Good Old "National Security" (Score:1)
The linchpin of all tyranny.
They are afraid a bunch of 0's and 1's will invade us to death!
If the connection becomes an issue we can just unplug the fucking things, until then there is going to be no mistake that all sorts of spying and monitoring will be running across those cables.
but at the very least... the scaremongering by the state will ensure that they get the spying in because the businesses just want the money, they don't care if government spies to do it.
Very legit concen (Score:5, Informative)
It would appear that if they would simply provide the same guarantees that the Chinese government would not block/tap into the traffic. This implies that they are unwilling to do that and it ultimately is meant to be a Chinese state controlled connection no matter what "private" company is fronting it. It'd be one thing to have a private to point link, but this being a general internet traffic link, it is guaranteed to have traffic not destined to for "the great Chinese firewall" flowing through it; it is a very real concern especially with all the BGP "mistakes" that have occurred directing public traffic between other countries accidentally to China.
Re: (Score:3)
How the fuck could they do that... how could they??? Maybe the same way the others one did as a start?
All the Facebook, Google, etc traffic between China and the rest of the world is unencrypted to pass through the great firewall, certain businesses can get special exceptions from the Chinese government to allow site to site VPN's but it's not easy. This link is no exception to that, it still has to go through the firewall unencrypted so you aren't getting anything there
Re: (Score:3)
I'm thinking you don't understand things fundamentally, I guarantee you that they are using datacenters INSIDE of China already. The issue is that data traffic NOT destined to China would also go over this link, this isn't a point to point tunnel it'd be another major Internet trunk line meant to handle any traffic. A Canadian going to Samsung's website in Korea might travel over this link. The US concern isn't that Chinese citizens are going to be spied on by China over this link, the concern is that w
Re: (Score:3)
Re: (Score:2)
Hey, that one's concrete. It's the one I mentioned, actually.
The thing about is that you can't do it on a wholesale basis, or you get caught, your CAs get distrusted, people switch to crypto that's not dependent on the X.509 dumpster fire, etc. Especially if you do it to people in hostile countries full of loudmouths. In fact, you have to do it SO selectively that you don't need a whole submarine cable into your own country to pull it off. You can do it covertly in other people's countries, on links as clos
Re: (Score:2)
Oh, my God. I've blown my anonymity! I'm doomed! :-)
Re: (Score:3)
Re: (Score:2)
If you want to pull off a targeted attack against an individual, it's obscenely clumsy to divert a whole swathe of international traffic across a strange path to do it. That gets you noticed. You do your attack close to the target if you really care either about the results or about preserving your future capability to do other attacks.
They may have tried targeted attacks that clumsy a few times, but if they did they'll be climbing the learning curve and the window will be closing.
And even if they do keep u
Re: (Score:3)
Sure it's clumsy but they've done it in the past, and why would you think it won't in the future? I'm not sure how many times BGP routes that shouldn't have been were mysteriously routed traffic through China so pretty sure they don't care how visible it is.
It's not that they can't do it already, it's that this link if the end point is under direct control of the Chinese government is significantly easier than an end point that terminates in a business not directly controlled by the government. That's wha
Re: (Score:2)
Doesn't make a lot of difference to me. All large Chinese businesses are, if not directly operated by the government, extremely cooperative with government requests. I mean they're even more cooperative than large businesses in other countries, which ALL tend to be a bit pliant. And even if they weren't cooperative as organizations, they'd be easy to infiltrate. If they're already running BGP attacks, then obviously they've overcome whatever obstacles may have existed.
Re: (Score:3)
Facepalm... I'll try and dumb it down to the simplest level. How many times a week do you see people getting scammed left and right because they thought they were going to their bank when they weren't, lots of other possibilities just got to use one tenth of one percent of your brain and think about it
Re: (Score:3)
If you're going to worry about those people, then you're going to have to stop talking about arcane routing hacks and start talking about basic social engineering, phishing, and even fake certs... which are also things on which a fucking cable has no effect.
There is NO PLAUSIBLE SCENARIO in which this cable would have a serious effect on anybody's national security or even a very significant effect on anybody's personal security.
You keep twisting around and coming up with new vague threats, and I keep shooting them down. Getting more vague does not help your case. Describe a concrete, plausible set of actions, with enough impact to make them worth the Chinese government's trouble, and we can maybe talk. The best I can come up with is DNS hijacking coupled with cert fraud, and that's not something they could do for long or to very many people.
Do NOT try to give me bullshit about diverting the rest of the world's traffic through the Great Firewall. The rest of the world is not going to intentionally send its traffic through that. If hacked or blindsided into doing it accidentally, the rest of the world would change its routing configurations within hours... which would leave us no worse off than we'd be if the cable hadn't been lit up to begin with.
1) CNIC issues bad cert allowing google.com, etc be used by them (found in 2015 by Google) 2) Issue bad BGB route forcing non China traffic over the link (done repeatedly, 2010-this year) 3) Do MITM SSL attack because of your BGB route you control where the traffic flows throw (GitHub attack 2013) Now you have access to the data unencrypted. Prove me that those attacks 1-3 didn't happened, those aren't hypothetical, those are real, actual, events. You are simply wrong, you are shooting nothing down, you a
Re: (Score:2)
Totally independent of this cable, not made easier or harder. Therefore totally irrelevant.
By the way, it's "CNNIC".
Can be done if you have any one link, even a stub link. Once you have one link to a given vulnerable peer, or to any member of the very large class of vulnerable peers, adding another link makes it no easier.
Chinese taps (Score:2)
I'd be willing to bet that the US end of this cable will have its own "Room 614A" [wikipedia.org].
I'd feel better about this... (Score:2)
... if the current administration didn't treat legitimate national security concerns as if they were just another trade bargaining chip.
And this is a surprise? (Score:2)
No it isn't. Trusting these companies with your data is just stupid. Of course they are going to slurp everything that they can. After all, they paid for the cable and need to show a return for all that capital outlay.
Doh!