Wiretap Backdoors: How China Walked Through the Front Door of U.S. Telecoms

3 min readOct 8, 2024

The Inevitable “We Told You So”

Well, well, well. Looks like the sky didn’t fall. Except it did, but only for the wiretap systems of a few tiny companies like AT&T, Lumen (formerly CenturyLink), and Verizon. You know, just your average telecom giants whose systems were reportedly compromised by Chinese government-backed hackers. The news dropped over the weekend, and if you’re surprised, congratulations!! You’ve either been living under a rock or working in Washington.

The Shocking Surprise That Wasn’t

Matt Blaze, professor and secure systems expert, basically said, “We knew this was coming” when asked about the intrusions into some of the most sensitive systems in the U.S. telecom sector. These systems, mandated by a 30-year-old law, are designed to let law enforcement tap into communications — and apparently, China too. Hackers from Salt Typhoon decided to rummage through America’s wiretap infrastructure, reportedly collecting vast amounts of internet traffic along the way.

According to The Wall Street Journal, this isn’t your run-of-the-mill cyberattack. No, this breach has been labeled “potentially catastrophic.” What kind of damage can be done by having access to internet traffic from three of the biggest telecom companies in the U.S.? Nothing too serious, I’m sure.

CALEA: The Backdoor That Keeps on Giving

The 1994 Communications Assistance for Law Enforcement Act (CALEA) — a law older than most TikTok users — requires telecom companies to make their systems accessible for wiretapping. Because, you know, in 1994, cell phones were the size of bricks, and no one had even heard of Snapchat.

The law made sense then, perhaps, when “the internet” sounded like something you’d dial into using a screeching modem. But 30 years later, it’s becoming increasingly clear that backdoors, designed to let the “good guys” in, also let the bad guys have a field day. And surprise, surprise — China is the latest to crash the party.

“The only solution is more encryption,” says Stanford encryption policy expert Riana Pfefferkorn. Encryption? What a novel idea! Maybe that would have stopped Salt Typhoon from pillaging through U.S. internet traffic like it’s the Black Friday sale at Best Buy.

Snowden Was Right (Again)

Remember Edward Snowden, that guy who blew the whistle on U.S. surveillance tactics in 2013?

Turns out he might have been onto something. While the world was busy debating whether his leaks made him a hero or a traitor, Silicon Valley took his revelations seriously. Tech giants started encrypting data like never before because they realized — wait for it — that they couldn’t be forced to hand over what they couldn’t access.

Meanwhile, telecom companies, those bastions of customer privacy and security, decided to just keep on keeping on. Encrypt customer phone and internet traffic? Nah, sounds like too much work. Fast forward to 2024, and Salt Typhoon waltzes in and helps themselves to the buffet.

CALEA a cautionary tale. No kidding. The law might have worked back in the days of flip phones, but in today’s world, it’s like putting a padlock on a barn door while the horses are already halfway across the country. So, let’s all give a slow clap to the geniuses who thought backdoors were a solid idea.

After all, it only took 30 years, a few cyberattacks, and some Chinese hackers to prove the experts right.

About the Author :

Yash Bansal is an Associate Principal Engineer at RedBus. More info about him can be found on his LinkedIn profile.