Interesting article in the New York Times – “How China meddled with the Internet,” based on a report to Congress by the United States-China Economic and Security Review Commission. The Times article talks about an incident where IDC China Telecommunication broadcast inaccurate Web traffic routes for about 18 minutes back in April. According to the Times, Chinese engineering managers said the incident was accidental, but didn’t really explain what happened, and “the commission said it had no evidence that the misdirection was intentional.” So there was a technical screwup, happens all the time, no big deal? Or should we be paranoid?
No doubt there’s a lot to worry about in the world of cyber-security, but what makes the Times article interesting is this contention (not really attributed to any expert):
While sensitive data such as e-mails and commercial transactions are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key, and there was speculation that China might have used it to break the encryption on some of the misdirected Internet traffic.
That does sound scary right? China has an “encryption master key” for Internet traffic?
Except it doesn’t seem to be true. Experts tell me that there are no “master keys” associated with Internet traffic. In fact, conscientious engineers have avoided creating that sort of thing. They use public key encryption.
So why would the times suggest that there’s a “master key”?