當年今日
關於我們

Hunting for Communist Spies Threatening National Security: Possibility without a Trojan Horse?|Lin Yu-xiong

蘋果日報 2020/12/13 10:13


A few days ago, the Taipei District Prosecutor’s Office indicted Ho Jianghua, head of the China Unification Promotion Party’s (CUPP) women’s department and her secretary Pao Ke-ming (包克明) over charges such as espionage for the communist China under the National Security Act. This case sprang from another case of bribery in the general election at the beginning of this year. The defendant and others were suspected of receiving financial aid from China to develop a spy network in Taiwan. They not only disseminated the information about the fake Ph.D. credentials of President Tsai Ing-wen based on press releases provided by China but also helped China attack their blacklisted individuals.
This case is of indicative significance as it is very likely the first indictment by the prosecution under the new law since the amendment of the National Security Act in July last year. However, it also exposes a legal loophole in the amendment of our National Security Act, which focuses only on substantive aspects (including aggravated espionage crimes) but overlooks the methods of the investigation. This case was exposed because the prosecutor seized Ho’s cellphone over the bribery case and found the espionage case by tirelessly looking into the undeleted WeChat messages they dug up from her phone. It followed the exact same track as the espionage case previously exposed by the bribery case concerning Han Kuo-yu (the Taiwan Affairs Office of the State Council in Changsha allocated funds to meddle with the elections in Taiwan).
These cases of espionage concerning national security share two common features. One is that almost without any exception, the defendants use WeChat as their software of communication. The second is that prosecutors could only passively and statically retrieve stored WeChat messages from the seized mobile phones without being able to monitor activity in real-time. Even if they have identified certain actors in the execution process, it is difficult to investigate upward along the stream to expose the mastermind. The espionage case could only go so far! Case closed.
WeChat as Safe Haven for Communist Spies
As everyone knows, if drug enforcement can only catch small dealers at the lowest level, it will not be able to right the wrong from the source. Therefore, those who could actually handle a case would “cultivate a case,” without budging when they hear something while monitoring small deals. They would follow the evidence all the way to the source and catch the real cartel. However, encrypted communication softwares have long changed the rules of the game. In the current reality of insufficient legislative authorization and technical capabilities of the government of Taiwan, WeChat has become a safe haven for communist spies and presents significant threats to our democracy, constitutional order, and national security. The following briefly explains possible solutions against communication softwares such as WeChat that use endpoint transmission encryption technology.
Plan A: decrypt the message. The first solution is “you encrypt, I decrypt.” After all, in accordance with the existing regulations of the authorization of monitoring communications in the “Communication Security and Surveillance Act,” these encrypted messages can be legally monitored and intercepted, and the original messages could be restored by cracking the encryption key. Isn’t that a case closed? The problem is that, for one thing, it is too demanding technically. An algorithm is a high-tech that all communication softwares depend on. Cracking either takes more than a few years or is not possible at all. There is no meaningful gain in practice. For another, even if it is cracked, for the time being, software will upgrade with its loopholes patched. Once the update is done, all decryption must be repeated.
Plan B: go directly to the communication software company and ask them to hand over the decryption key or the communication message stored in the server. However, the ball is in the court of the proprietors, For one thing, communication softwares are mostly run by foreign or transnational players with very different degrees of willingness to cooperate (LINE and Messenger have limited cooperation with Taiwan’s law enforcement agencies, while WeChat does not), and they have various reasons not to cooperate (proprietors claim that only both communication users have the decryption key, that their servers do not store backup data, or that they question the basis of their obligation to cooperate. Or even worse, they are nowhere to be found at all). For another, WeChat is an authentic communication software with “Chinese characteristics.” Just imagine if we issue a letter to demand data from WeChat for the investigation of communist espionage and the exposure of the mastermind behind the scenes. The naivety is self-evident.
Plan C: since the above methods are difficult to implement, there are countermeasures and methods for implanting monitoring software (trojan horse programs) to obtain communication information, which is called “source telecommunication surveillance” (Quellen-TKÜ). The technical principle is to implant a (small) Trojan horse monitoring program in the information equipment to obtain the original message “after the sender has entered it before its decrypted transmission” or “after the receiver has decrypted it.” This is also called “Device-Centric Monitoring.” To compare different legalities, many European countries under the rule of law have moved toward using Trojan horse programs in recent years to deal with crimes connected through monitoring communication software, such as the United Kingdom (2016), Germany (2017), Switzerland (2018), Austria (2020), etc.
Plan D: surrender directly and give up the case. The communist spies are as cool as a cucumber. They use WeChat as a safe haven for communication, and our law enforcement agencies could only shrug in despair, which is roughly equivalent to the idea of “giving up the war at the first battle” with a white flag.
Making up for the neglects in the amendment of the National Security Act
Which of the above solutions should Taiwan adopt? This is a big question. Legislative policies should strike a balance among national security, efficiency of prosecution, and protection of rights. But the real and urgent question is, if Taiwan is unable to monitor WeChat in real-time, how will the espionage cases be prosecuted? At present, none of Taiwan’s National Security Act, The Communication Security and Surveillance Act, or the Code of Criminal Procedure has any legislative authorization for device-centric communication monitoring. There is only an initiative in the draft of the “Science and Technology Investigation Law” that authorizes its use for specific cases of national security or crimes in accordance with the specifications of communication monitoring.
In view of the resistance of the drafted “Science and Technology Investigation Law,” another possible legislative option in the future is to target the “characteristics of local national security crimes,” separating source telecommunication surveillance from the Science and Technology Investigation Law. It should start with the legal authorization to prosecute the cases of espionage and make up for the procedures neglected in the last amendment of the National Security Act and monitor the effectiveness of its implementation. In any case, faced with the emergence of only a tip of the iceberg of communist espionage, those in power who have the obligation to guard the democracy and rule of law in Taiwan, please make a legislative decision!
(Lin Yu-xiong, Professor of Law Faculty in National Taiwan University)
Click here for Chinese version
We invite you to join the conversation by submitting columns to our opinion section: [email protected]
Apple Daily reserves the right to refuse, abridge, alter or edit guest opinion columns for accuracy, length, clarity, and style, and the right to withdraw and withhold columns based on the discretion of our editorial page editors.
The opinions of the writers do not necessarily reflect the opinions of the editorial board.
---------------------------------
Apple Daily’s all-new English Edition is now available on the mobile app: bit.ly/2yMMfQE
To download the latest version,
Or search Appledaily in App Store or Google Play