https://threadreaderapp.com/thread/1779885123363635572.html
Buried in the Section 702 reauthorization bill (RISAA) passed by the House on Friday is the biggest expansion of domestic surveillance since the Patriot Act. Senator Wyden calls this power “terrifying,” and he’s right.
This bill represents one of the most dramatic and terrifying expansions of government surveillance authority in history. I will do everything in my power to stop it from passing in the Senate.
NEW: House votes 273-147 to extend FISA Section 702 surveillance powers for two years.
After rejecting an amendment to bolster warrant requirement when spying involves US persons.
126 Rs and 147 Ds voted for the bill.
Now to Senate.
Deadline: April 19
If the bill becomes law, any company or individual that provides ANY service whatsoever may be forced to assist in NSA surveillance, as long as they have access to equipment on which communications are transmitted or stored—such as routers, servers, cell towers, etc.
That sweeps in an enormous range of U.S. businesses that provide wifi to their customers and therefore have access to equipment on which communications transit. Barber shops, laundromats, fitness centers, hardware stores, dentist’s offices… the list goes on and on.
It also includes commercial landlords that rent out the office space where tens of millions of Americans go to work every day—offices of journalists, lawyers, nonprofits, financial advisors, health care providers, and more.
https://news.ycombinator.com/item?id=40062271
This is the bill: https://www.congress.gov/bill/118th-congress/house-bill/7888/text
This is the report introducing the controversial amendment: https://www.congress.gov/congressional-report/118th-congress/house-report/456
The amendment is the last item in the report, under this heading:
An Amendment To Be Offered by Representative Turner of Ohio or His Designee, Debatable for 10 Minutes
This is the transcript of the session where the amendment was discussed and voted on: https://www.congress.gov/congressional-record/volume-170/issue-63/house-section/article/H2328-1
You can find the discussion within the text using this search term:
Amendment No. 6 Offered by Mr. Turner
I checked it out out of curiosity and some Huawei models have LineageOS available for them which means you could use gmscore(microG) instead of google framework services on LineageOS. A cursory search also shows videos where people get microG on the official Huawei OSes but I can’t say how well that works. That would invalidate the reason to get Huawei though(no Google surveillance). You can remove Google services from any device with enough tinkering, especially if you’re willing to install an open-source OS.
Lineageos is as secure* as stock android. If you’re going to be using stock might as well just use your normal phone, the NSA definitely has shit worse than NSO Pegasus for stock android devices
Shouldn’t we assume the same for Huawei devices?
Yes, we shouldn’t trust, but the devices that run Harmony OS are significantly rarer than stock Android phones (meaning less interest/pressure to develop malware for them) and are also distinct from stock Android (so malware that could infect stock/LOS/OneUI/other Android “flavours” might not infect Harmony OS). I don’t know about hardening on Harmony OS, but I doubt it implements any hardening, so yeah it is technically as secure as stock Android, but considering the time horizon for threat actors to develop malware, it’s less likely to be successfully targeted. Not good enough to rely on.
oh also it’s developed in China which doesn’t have any incentive to “accidentally leave” vulnerabilities
I understand. My concern with the security of say a Huawei device is, that while domestic surveillance and NSA backdoors into American tech is a significant portion of the state’s security apparatus, I imagine the majority of effort spent by our spy agencies is in compromising and penetrating foreign tech. Yes, its easier for the state to coerce our tech industry into cooperating, but that’s why most of the offensive cybersecurity funding goes towards breaching non-US tech.
Where can I read more about that? Because lineage and eos were my go to digital self defense solutions
Search up “lineageos vs grapheneos” for some reading. Basically the difference is in hardening and the magnitude of the attack surface vector - a truly secure OS would try to minimize the potential for every type of breach even at the expense of usability. While I do use grapheneos on one phone, I personally don’t put any faith in it either as A Truly Secure™ solution simply because it’s American and vulnerable to many attacks outside of the phone (even if we assume it was built perfectly as of now, which it isn’t).