China passed a new, wide ranging anti-terror law this week that includes provisions requiring telecom operators and Internet service providers to provide technical assistance, including decryption, to government authorities investigating terrorist activities.
According to the report by China’s official Xinhua news agency, those firms will also be called on to “prevent dissemination of information on terrorism and extremism.”
Li Shouwei, deputy head of the parliament’s criminal law division under the legislative affairs committee, said at a press conference that the new law would “not affect companies’ normal business nor install backdoors to infringe intellectual property rights,” reflecting an approach that, at least publicly, appears to be similar to that advocated by U.S. politicians who have been engaging in the debate over strong encryption.
“The clause reflects lessons China has learned from other countries and is a result of wide solicitation of public opinion,” Li told reporters, adding, that the new anti-terror law would not infringe on “citizens’ freedom of speech on the Internet and their religious freedom.”
U.S. legislators recently passed the oft-criticized Cybersecurity Information Sharing Act promoting information sharing between the private sector and federal government, and now members of Congress and law enforcement officials such as FBI Director James Comey have called for greater access to encrypted communications. Speaking at RSA Conference 2014 in San Francisco, Comey said that surveillance is necessary for effective law enforcement. Earlier this month, in senate testimony, Comey said: “We want to get to a place where if a judge issues an order, the company figures out how to supply that information to a judge and figures out on its own how to do that.”
North Korea’s Red Star OS takes another approach to security
Meanwhile, software researchers presenting their analysis of North Korea’s Red Star OS at the Chaos Communication Congress in Hamburg this week reported that the totalitarian regime’s homegrown OS features customized encryption algorithms, tamper protection and file watermarking to track illegal copying.
The operating system, based on Red Hat Fedora and KDE and emulating the look of OS X, has been extensively modified by North Korean developers, according to researchers Florian Grunow and Niklaus Schiess of German IT security company ERNW GmbH.
Red Star OS was designed with security in mind and includes a firewall, virus scanner and encryption software that, while based on standard encryption algorithms such as AES, includes modifications which the researchers speculated were to avoid any backdoors that might have been placed in those algorithms. However, Grunow said that the operating system is a “privacy nightmare.”
One feature incorporated into Red Star OS is a mechanism that adds a watermark to any file mounted to a Red Star OS file system, which allows North Korean authorities to trace files passed from one user to another whether by network or passed along in portable storage media like USB drives.
Red Star OS also continuously monitors hashes of certain key files to protect the integrity of the system. If any of those files have been modified, the OS will reboot, instantly.