The way the last administration rolled this out was certainly with a political narrative, but my guess is it originated with people that weren't thinking at all about politics.
The simple story is that core infrastructure is of strategic national importance, and an elevated risk that infrastructure is compromised can never be worth whatever the benefits are of using a particular supplier's equipment. There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean. Chips are especially scary (the push to have domestic chip fab by the US and other countries is about more than just supply chain).
This is true when it comes from what are considered trustworthy suppliers as well, but you're dealing with probabilities. I think that regardless of whether this move fits into a political narrative about China, or "economic warfare", the practical basis is that for some types of equipment, the risk is just too large and the ability to mitigate too limited, in general.
Unfortunately this was figured out with Huawei/ZTE after the fact, but tbh I don't think the specific company matters at all, it just happened to be they were in this business at the time & based in the wrong country.
"There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean"
If we really cared about security and reliabilty, all critical infrastructure would be open source, both software and hardware, so that multiple suppliers could produce the parts.
Instead we choose 'free market' with a thumb on the scale. This does nothing to protect from random hackers and criminals, ignorance, sloppyness and lazyness.
I agree 100%. But we don't really care about security and reliability. The political system is both corrupt and poorly incentivized. It doesn't reward robustness, but saving money on paper while really, truly, funneling money to cronies[1].
[1] Corruption doesn't look like mobster movies. It's mostly backyard barbecues, buddies helping their buddies' business grow by throwing them a bone. At so many different scales.
Like I've always said, if there's something to be learned about society, you'll learn it in Star Trek.
"Mr. Worf, villains who twirl their mustaches are easy to spot. Those who clothe themselves in good deeds are well-camouflaged."
- Picard and Worf, discussing both the investigations and the misguidedness of Admiral Satie
"Open source" hardware would be a step forward, but how do you know that the hardware on the chip(s) matches the published design(s)?
You'd have to randomly sample some statistically significant number of the chips in the distribution/retail/whatever pipeline and, I guess, scan them with the appropriate tools? And verify them that way?
It's worse than that... functionality testing wouldn't be enough. Short of putting every chip under an electron microscope you can't really guarantee it.
Right, yeah, I was thinking physical verification.
Functionality testing could verify known behaviors, but could never formally prove the non-existence of unknown, hostile behaviors.
- "time bomb" style hostile functionality that only unlocks after a certain time
- hostile functionality that can be remotely unlocked by obscure behaviors. think: more advanced versions of port knocking, specially (mis?)crafted TCP/IP payloads
I'm sure somebody can correct me if I'm wrong, but I'm quite certain that scanning the chips with an electron microscope would destroy them. You'd need to decap the chips, and so on.
There’s really no way to ever be 100% sure of hardware. Sure we could use FPGAs for all hardware and then the hardware “source” is software, but who makes the FPGAs? There’s techniques even under X-ray to mask a rogue chip.
Are you 100% sure of anything? That there aren't any NSA employees bribed by the CPP? Just like Chelsea Manning and Snowden took gigabytes of confidential information right from under the US government nose, they could do the same without any elaborate techniques. Soviet spies were very successful and stole atomic bomb secrets.
But let's suppose everyone working for the government or subcontracted by them is 100% loyal and CCP never manages to blackmail them.
What does it take to bribe a DPD guy on minimum wage delivering your 'American produced' equipment, who can't afford a dentist and is in pain every day? Let's say you ask him to 'mistake' one package for another, and have millions at your disposal?
You talk about "techniques even under X-ray to mask a rogue chip", but do network operators even bother opening the casing of the router to validate the motherboard has not been replaced entirely?
What if it's networking equipment where China replaced a single chip, who is ever going to find out?
Does the network operator validate firmware of every single chip?
We have security holes all over the place, this talk of 100% certainty is basically fantasy.
I think we need to do defense in depth more. There was a funny pic in one of the sysadmin subs about buying firewalls from everyone and putting them in a chain, with each firewall labelled with which nation state compromised it. The joking idea being that sure, the U.S. has backdoors into your Cisco gear, but it you put that behind a Huawei firewall they may not have the backdoors to both, add in a Russian firewall and then an intruder needs all three. Funny but I think not so ridiculous these days if you are paranoid.
Security folks recognize that 100% certainty is impossible. Instead, the problem is always trying to balance the acceptable risk for each application of tech against the increased costs for an extra "9" of confidence. Although I suppose the minimum should always make the adversary jump through enough hoops to deter opportunistic & medium effort attacks, along with close monitoring for rapid detection of anything that gets through.
In this case, it's pretty low hanging fruit to make a policy w/ financial backing that says "we won't use hardware from companies controlled by slightly hostile countries with incompatible values".
Even if the hardware is only what is spec'd in the Open Source model, the model itself has a lot of complexity for bugs to hide in. Those bugs might be intentional, they might not be. The same obviously goes for software.
Even really-high-profile open-source security suites have seen critical bugs that have been around for many years. Being open source is a good start but it's hardly sufficient to guarantee anything about the supply chain. The opposite may actually be true in some cases.
Didn’t the heart bleed exploit originate from an open source library?
I don’t think open source is the panacea you think it is, exploits will exist as long as they’re profitable and state actors have incentives to stock pile zero days. My guess is it’ll make it even easier to identify zero days if everything was open source.
They've been making this same argument for as long as I can remember, and it keeps being false. Open source means vulnerabilities get found and patched much quicker and people bring large-scale software bug-finding techniques to bear on the problem. For really robust software, we need better languages, better verification, and more and more testing and tools. All of which work best on source code.
I don't know exactly the US story, but the UK has forced operators to remove "5G" huawei equipment. This becomes pretty farcical when you realise they are still allowed to use it for 4G (and indeed most 5G configurations bands 4G+5G signals together), and they are used in nearly every single fibre to the cabinet deployment (and at least some of the newer FTTH).
It's clearly political. If it was a real threat then they'd be forcing operators to throw at all Huawei equipment, OR banning future installs, but at getting them to trash just 5G equipment is a political stunt, IMO.
> This becomes pretty farcical when you realise they are still allowed to use it for 4G (and indeed most 5G configurations bands 4G+5G signals together)
No, it is not a purely political farce. There is a fundamental architectural difference (that amounts to a technical one as well) that translates into a reason why 4G deployments are more «secure» as opposed to 5G deployments.
Unlike in 4G, where the data that is tunneled through the core network is always encrypted, 5G allows for encrypted tunnels to get terminated near 5G base stations to enable the mobile edge computing amongst other reasons. Server equipment that is deployed at the 5G base station site then can take an advantage of the substantially decreased latency for latency sensitive workloads (ehrm, 5G enabled Doom/Quake, anyone?). AWS have a product, Wavelength, that does precisely that, and I am pretty confident there are other telcos/products doing the same.
4G, on the other hand, never terminates encrypted tunnels and passes them through the core network unchanged. Therefore, retaining the potentially compromised 4G core network equipment alongside the 5G one is somewhat «safer» – in the sense that at least the unencrypted email etc traffic won't leak out. Especially considering that 4G is on the way out (medium to long term), hence there is no need to rush and start pouring massive amounts of money into replacing/decommissioning the 4G equipment now, although it might speed up the demise of 4G in the UK and other countries.
But if the 4G equipment doing the encrypting tunneling at both ends is potentially compromised how does that encryption help?
Also, nearly everything is HTTPS these days so I still don't see a massive attack vector here (at least one that wouldn't be spotted immediately like MITMing TLS connections).
I think the much greater "threat" rather than messing round with traffic itself is just to shut down masses of the towers and core networks remotely. In that case, switching off 4G would be way worse as (at least in the UK) all networks doing 5G require a 4G signal as well to bond against. So having separate 5G equipment wouldn't help one iota if the 4G stuff is down.
> But if the 4G equipment doing the encrypting tunneling at both ends is potentially compromised how does that encryption help?
The major attack vector for the compromised 4G equipment is the remote deactivation (or a wipeout or both) of it by an adversary. Breaking the encryption on the fly for volumes of traffic traversing mobile core networks is still technologically challenging. Hence the plain text communication can still be considered somewhat protected.
More on TLS and MITM. Even though our security unit deems TLS v1.2 and, until recently, v1.1 (!) to be secure and acceptable for the purpose of encrypting sensitive datasets in motion, I vehemently disagree with them and consider anything that is not TLS v1.3 to be insecure. The best compromise I have managed to coax out of the security unit is that the cost of a MITM for TLS v1.2 is still prohibitevely expensive for most players with nefarious intentions, albeit it is not entirely improbable.
Openreach in the UK are deploying 0% new Huawei for FTTP and have basically stopped using them for FTTC because of the 30% rule. EE still use Huawei for new 5G deployments - but only in the access leg and for no more than 30% of their new builds.
They've already forced removal from core/security-critical roles, but that takes serious time to actually implement.
Well not just that. If the government mandates all Huawei equipment to be thrown out, the providers will go to court and the government will most likely end up paying for it.
In the middle of a global pandemic and resulting supply chain crisis, a rapidly intensifying fight against climate change and other expensive issues it's probably not a great idea to throw more billions away.
Of course it could be a risk but it can be mitigated in other ways like multiple layers of encryption. That's never a bad idea anyway.
Is that an euphemism for corruption? It's almost certain hands were greased. That however seem to have been aligned with many interests, also of those who are supposed to protect us, but nevertheless it's worrying that there is no investigation of any kind.
No. The 5G part does not make any sense, but I think politicians think that 5G is some all seeing dancing future (it isn't, it's a marginal improvement over 4G) that must be secured at all costs.
They really won't. 2G is going very strong, and 3G is maybe getting shut down in next couple of years. 4G will be the primary access technology for at least 10 years and probably longer.
If this is such a big security problem then surely 10+ years is an unacceptable amount of time to have potentially compromised equipment in the supply chain?
>my guess is it originated with people that weren't thinking at all about politics
How is everything you just described not "politics"? In fact it is the epitome of political action, and this doesn't make it of lower quality thinking. China has been identified as geopolitical adversary, and all decisions flow from that distinction.
"The specific political distinction to which political actions and motives can be reduced is that between friend and enemy." - Carl Schmitt
They took what had been viewed as simply a free market, or technology, or economic competition and applied "politics" to it.
I’m pretty sure GP meant that whoever in the USA started the push to eliminate Huawei equipment wasn’t thinking in terms of American party politics- as in, this didn’t arise during the Trump administration because Trump wanted to look tough on China, it arose because some American government researcher discovered some backdoors when Trump happened to be president. The whistle was blown not to give one party an edge out talking point, but because the researcher wanted to help their country. So political in the USA vs. China sense, but not political in the commonly used Republicans vs Democrats sense.
And the supply chain issues alone are alarming enough, if your high-tech military (and its vast civilian tributaries) rely on chip factories within easy bombing distance of your largest geopolitical competitor.
> The way the last administration rolled this out was certainly with a political narrative, but my guess is it originated with people that weren't thinking at all about politics.
During the last administration there were multiple reports of Huawei hardware containing backdoors, which were originally criticized by the mass media; a Bloomberg piece comes to mind. I don’t think that the political nature of the initiative has changed at all. It has always been about national security.
I understand that the most serious and unrecognised problem is the wholesale outsourcing of network infrastructure to vendors, down to single digit head office teams in certain European operators.
ANSSI, the French agency for information systems security, has severely tightened authorizations for vital infrastructure. Though Huawei is still kosher in many network functions, French telcos have had to remove a few thousand nodes they had already deployed, especially in network cores. All authorizations are temporary - between three and eight years.
This is not just about security in a narrow definition, but in a large part about ensuring that mastery of strategic functions remains with European firms.
Like armaments, telecommunication infrastructures are not a normal market.
> Like armaments, telecommunication infrastructures are not a normal market.
I don’t disagree, but how far are we going to take this? Under the strategic regime of 超限战, is any sector a “normal market”, or do all sectors take on strategic significance?
If I could put on my conspiracy hat... Perhaps this is related to Canada's detention of he Huawei executive. Someone put their foot down and said Chinese hardware is spying on us, and perhaps they forced China to give up how.
At it's core, the world absolutely cannot trust China. Because Huawei is a de facto company owned by the Chinese government, it stands to reason that the distrust must be extended to Huawei. The product may be good, but China has very little credibility anymore, and should absolutely not be trusted.
US "asks" Canada to detain prominent Corporate exec. China "convicts" Canadian spies. You're right that this is all related to global politics.
Should you really trust a modern nation? All three nations I've mentioned prove that they spy on their own and each others citizens.
Its been well established that encryption standards have been tampered with from the outset, all our modern CPU's exploitable microcode, if not backdoored.
I don't even consider this a conspiracy, from a strictly technical perspective, if it's possible, its probably either been tried or fully implemented to exploit.
> US "asks" Canada to detain prominent Corporate exec.
The scare quotes here are completely unnecessary and inappropriate. A formal extradition request was made by the US government and Canada was treaty-bound to follow it.
There were formal fraud charges against Meng Wanzhou filed in the US and since there is equivalence in Canadian law (often a prerequisite for extradition), there was no legal reason not to proceed. There was no '"asking"' involved.
I prefer a revolving door of elected leaders more than a false democracy. It's more the non-transient "state" that worries me how we get to elect our representatives, but many of their staff are in practice there across many terms influencing the direction of the country across their career[1].
I prefer countries with a better track record on human rights and freedoms than the CPC.
[1]: Edward snowden talks about this in his book Permanent Record
"An independent British-American group, the Iraq Body Count project (IBC project) compiles reported Iraqi civilian deaths resulting from war since the 2003 invasion and ensuing insurgency and civil war, including those caused directly by coalition military action, Iraqi military actions, the Iraqi insurgency, and those resulting from excess crime. The IBC maintains that the occupying authority has a responsibility to prevent these deaths under international law.
The IBC project has recorded a range of at least 185,194 – 208,167 total violent civilian deaths through June 2020 in their database.[8][19] The Iraq Body Count (IBC) project records its numbers based on a "comprehensive survey of commercial media and NGO-based reports, along with official records that have been released into the public sphere. Reports range from specific, incident based accounts to figures from hospitals, morgues, and other documentary data-gathering agencies." The IBC was also given access to the WikiLeaks disclosures of the Iraq War Logs.[9][87]
Iraq Body Count project data shows that the type of attack that resulted in the most civilian deaths was execution after abduction or capture. These accounted for 33% of civilian deaths and were overwhelmingly carried out by unknown actors including insurgents, sectarian militias and criminals. 29% of these deaths involved torture. The following most common causes of death were small arms gunfire at 20%, suicide bombs at 14%, vehicle bombs at 9%, roadside bombs at 5%, and air attacks at 5%.[88]
The IBC project, reported that by the end of the major combat phase of the invasion period up to April 30, 2003, 7,419 civilians had been killed, primarily by U.S. air-and-ground forces.[8][86]
"
-- https://en.wikipedia.org/wiki/Casualties_of_the_Iraq_War#Ira...
So about 7k directly attributable to US forces, a very large multiple of that due to instability, insurgency, and crimes. I'm not sure that's the most fair take on US culpability vs CPC direct action against Uyghurs .
So about 600 thousands well documented extra deaths attributable to US forces - because without US invasion none of that would happen. How does that compare to Uyghurs, which are - differently from their bretheren in Iraq - not being systemically killed off?
One of the ways to look objectively at this stuff is net migration. So on the one hand you have people like Snowden who have migrated to Russia and on the other hand you have millions of Chinese people and many high level Chinese officials moving to the US and Canada.
The 152 documented killings (and doubtless more undocumented) of African Americans between 1945-1951 are very sad, but you do realize that China carried out millions of political slayings about a decade later during the Cultural Revolution, right?
As for crimes abroad during the period you selected, China actually annexed an entire country (Tibet).
None of this is to excuse US failures to defend human rights and civil liberties, but China is in a whole different ballpark.
> The 152 documented killings (and doubtless more undocumented) of African Americans between 1945-1951 are very sad
I'm not even sure what this is trying to do except lowballing numbers? African Americans were not just killed, also not only "152", they were assassinated and locked up as political prisoners [0].
In places like US occupied Japan, it was weirdly enough only black soldiers that got court martial and executed over the blatant mass rapes that were going on [1].
> As for crimes abroad during the period you selected, China actually annexed an entire country (Tibet).
As opposed to the US, who never annexed any countries? I wonder how the people of Hawaii would feel about that claim, or any of the people in the dozens of countries the US has bombed to rubble and left with mines and unexploded ordnance for many future generations to worry about? At least they didn't get annexed! At least most of them didn't.
> None of this is to excuse US failures to defend human rights and civil liberties, but China is in a whole different ballpark.
"Failure to defend human rights"? Wow, that's some seriously weird language you are using there to handwave away the fact how the US government didn't "accidentally" commit atrocities but in many cases committed them with full intent.
Tbh it's saddening to see these "American exceptionalism!" response on HN out of all places.
China is violating fundamental human rights of over a billion people - both Chinese nationals and others abroad who can't speak negatively of China out of fear of repression - on a daily basis due to its heavy curb on freedom of expression. Whatever restrictions western democracies have on expression cannot even begin to approach China's.
China's stance on freedom is a calamity and the magnitude and impact of its state policies is one of the great tragedies in human history.
+1 And it's worth noting that the CCP* is still actively pursuing these repressions, increasing it's extent, and unapologetic for it. Versus, for example, Steven Harper as Prime Minister of Canada in 2008 made an apology to indigenous people for the residential school program and established the TRC to progress to reconciliation.
This is a world of difference than a 2021 report of torture and sexual assault of Uyghurs[1]. I think the most damning part to western cultures is just that we were willing to go to war over this happening to Jewish people, but not willing to do it over Uyghur people.
*: (i'm careful to not say Chinese, because there's a collision with race and this is not a genetic thing, there is actually many good aspects of long standing Chinese culture!)
Will all due respect and speaking as somebody who hates the CCP, painting the "Great Leap forward" as anything other than a tragedy borne from massive government incompetence and a breakdown of communication is propoganda.
The US keeps trying to paint it as if the CCP decided (for some reason) that what would best help their goals is to kill millions of their own population and plunge their country into a food crisis.
It would be like the CCP pretending like the mass deaths of the indigenous people of America from smallpox was intended genocide by the Europeans instead of a consequence of the lack of knowledge of microbes and the lack of domesticated animals for the indigenous peoples, except at least that lie is some level of plausible.
> massive government incompetence and a breakdown of communication is propoganda.
The difference is that many of us believe that the authoritarian communist style of government they have causes these issues. No one believes that the US government of the time causes small pox.
Now there maybe a good argument about the profit motivated system not placing sufficient value on human life over growth & exploration.
Except it had little to do authoritarianism or communism, it had to do with the fact that at the time, telecommunication technology had not sufficiently proliferated in the rural communities for individuals aside from the beauracrats sent by Mao to oversee the project would have been able to report the unfolding disaster.
The beauracrats were ironically sent to those rural communities precisely because Mao was worried that the government was becoming overly Byzantine in it's structure so the motivation was in fact to flatten power structures. The problem is that those bureaucrats were motivated to misrepresent the level of success the agriculture project was having out of a desire for increasing their standing.
Mao primary fuck up here was in assuming that these cushy officials would somehow be "purified" by being forced to interact with the salt of the earth rural people. In fact, they just recreated the social hierarchies that they were used to prior to the revolution - using Mao as their justification which would have been fairly effective since he was fairly beloved in the rural communities at the time prior to the cluster fuck that was about to unfold.
Ultimately, the real lesson is that the myth of the "strong leader" is innately counter revolutionary. Mao should have realised this since he had studied some anarchist theory as well as what happened with Lenin when he decided to patronise his entire population and murdered all the independent worker communes and any chance of democracy in the post-Tsar Russia.
Mao tried many experiments including trying to form equitable arrangements with capitalists and land owners, and a national day dedicated to facilitating criticisms of the government. Ultimately though, a combination of ego and niavity ruined what could have been a far more successful and less destructive revolution than what happened in Russia.
Of course the modern day CCP is so byzantine in structure and dehumanising that even Mao's worst nightmares couldn't have imagined it.
in addition to what others have said, Canada is also in there. And yes I think both the US and Canada have a better track record than a country actively committing genocide (Uyghurs, Fallun Gong) or persecuting its people (tibet, taiwan, hong kong) ...
> all our modern CPU's exploitable microcode, if not backdoored.
I wonder how the M-series Apple chips will do with this over time. The predecessors have done OK so far, but are definitely not bulletproof. As these move up the stack, I wonder how it will go.
Please don't break the site guidelines like this. If you have evidence of abuse, you should email it to hn@ycombinator.com so we can investigate. In the meantime, please stick to this rule: "Please don't post insinuations about astroturfing, shilling, brigading, foreign agents and the like. It degrades discussion and is usually mistaken." Groundless speculation about manipulation is basically the most common weed growing on internet forums, it nearly always turns out to be a function of cognitive bias (e.g. people see posts they don't like and conclude that their enemies have the run of the place), and it makes for tedious, low-quality discussion.
Somebody who is dogmatically following an ideology; think of an ideologue as somebody who is running an abstract program in place of their normal ability to think about information using the principles they have naturally acquired through their life experiences.
Having ideas that map 1:1 to those of an ideology does not intrinsically make you an ideologue. Forming those ideas, based on conformity to an ideology that you have subscribed to, does.
Are you implying that ethnic cleansing is not underway in Xianjing, or that there undue media coverage compared to US torture? Because neither one is accurate, in my opinion...
The article you cited states unequivocally that the CPC has committed crimes against humanity in Xinjiang. Further:
> There is little dispute within the U.S. government that China’s treatment of the Uighur population has been horrific and criminal: More than 1 million Uighurs have been detained in reeducation camps, and many have reportedly been subjected to forced labor and sterilization. China has committed numerous crimes listed in the convention as acts of genocide, including the prevention of births and infliction of bodily or mental harm on members of a group and the compulsory separation of children from their communities, according to human rights groups.
Crimes against humanity are different han ethnic cleansing which is different from the UN notes in Genocides
Please avoid intermingling all the terms, they are very specific for a reason, and the reason being to avoid US, Canada,, Colombia, Brasil and many others to also fall within the label of being genociding or ethnicly cleansing their own people
It is called the 5th Amendment of the US Constitution
> .... nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
The US government decided to make a judgment call on the legality of Huawei; the US government in keeping with the Law, paid just compensation to the owners of the equipment.
This isn't a "bail out". Government is essentially paying telcos to replace all of this gear, after previously having no problem with the fact that they installed it in the first place.
If you make a poor business decision and the government pays to fix it then that's a bail out, where smaller businesses would need to eat those costs themselves.
If we enable E2E encryption on the end points, why do we care if Huawei makes it since the local gov't retains local monopoly of force? The reasons I can think of are:
- meta-data
- denial of infrastructure. This is a big reason and a good enough reason.
Aside from reason number two, I really don't see the security threat. Not to minimize the threat of meta-data, but I think, on a national level, it too is solvable for the sovereign (by, for example, having phones make fake random calls to each other to poison the information)
EDIT: For the record, my question is genuine - I really want to understand this - and not some backhanded way to defend Huawei
Denial of service/parts/maintenance is a very real concern. Telecoms put a lot of effort into deploying this infrastructure. If we end up with a telecom system entirely of Huawei gear, we're one sanctions declaration away from a completely unsupported, unpatched, unmaintainable telecom network.
The US already puts tech sanctions on China. It is not at all hard to imagine China reciprocating.
And, even if they never actually do anything -- once our telecom system is mostly Huawei gear, they can now use it as a political chess piece against us. And on the opposite end of the spectrum, if we hypothetically go to war, they unquestionably would use that power to their advantage. All of our public/government services rely on functioning telecom networks.
China does the same stuff. They know if we go to war, we're likely to cut them off from GPS service, which is why they have their own system: https://en.wikipedia.org/wiki/BeiDou
encryption is good at ensuring data confidentiality in the near term, but not long term. all major state actors vacuum up and retain encrypted communications and store them until the time it is possible to crack. the average Joe's vacation planning with his friends over txt won't matter too much. but a senators phone call, or a ceo phone call, or even an engineers txt, email and phone calls can lead to io theft, Intel leak, etc. once encryption is cracked a few years later.
"encryption is good at ensuring data confidentiality in the near term"
Very interesting. I knew that state actors syphon everything, but I assumed it was since they can afford and it's a Hail Mary if they stumble on a breakthrough or a side channel. Some further Qs:
- What's near term?
- What's in the far term?
- I thought that encryption could be made arbitrarily more difficult to crack at little cost. Is this not the case?
- Does this future assume quantum computing is feasible?
Finally, if encryption is no longer believed to be safe in the long term, shouldn't we be moving towards making one-time pads practical? Given modern data storage densities, it's not that unpractical for many use cases (say embassy communication, etc)
In theory if large scale quantum computing becomes practical then it might become possible to decrypt traffic encrypted using certain public key algorithms. Basically by using Shor's algorithm to factor large numbers. But there's no guarantee that will ever work in practice, and even if it does there are alternative encryption algorithms which are resistant to quantum computing attacks. It's also not easy to identify and exfiltrate high bandwidth data streams even if you compromise a piece of network equipment.
If Chinese intelligence services want information on a certain politician or business leader they're more likely to skip the decryption nonsense and just recruit one of the target's associates as a spy.
I don't see how they can possibly exfiltrate meta-data undetected, unless that's explicitly in their terms of sale.
As for denial of infrastructure, that's possible if we're running huawei software... in which case don't? Is software really their strong point anyways?
The US is really against Huawei; this war has been happening since the rise of the 5G technology. They did various things against Huawei, like removing the Android OS and Google Playstore.
> The U.S. is about to start destroying tons of Huawei and ZTE equipment.
Whiskey Tango Foxtrot?!? Tons of perfectly good, top notch quality and 100% reliable RF gear are going to be destroyed because they fear there is spyware contained in the digital chips? I totally understand the arguments, but it's like throwing away a car because one doesn't trust the brakes. Just strip out the logic and sell the rest! Pollution aside, this is an insult to those who struggle to buy RF parts because of the shortage prices.
Do you mean the story about tiny super spy chips, so advanced that not even the US could manufacture them, allegedly being planted on thousands of US server boards?
Remind me: How many of these chips were actually found and presented as evidence? Not a single one, yet to this day this story remains alive and repeated...
> Even if the government finds one, they won't say it out loud. Nobody would hold them accountable. You cannot just incite WW3.
Did Snowden incite WW3 when he blew the whistle and delivered literally troves of evidence?
> It is suboptimal but probably the best that it can be.
That's just the same old "You just have to trust the government/intelligence services, they can't reveal their evidence/sources without endangering them!".
After decades of civilians getting droned and innocents getting tortured I think we should maybe have learned something from trusting such accusations from institutions who do not only have a history of lying, but literally a agenda to do so.
Particularly when timing wise most of these accusations fit very neatly into a pivot from the ME to Asia while also serving as a bit of "whataboutism" for the recent nasty reveals coming out of the Five Eyes camps in regards to human rights abuses and mass surveillance.
All my knowledge about this has come from Media articles
Covering the dangers of using huawei tech, but I haven’t seen anything that describes Chinese attacks using huawei equipment. We do know the long history of China sponsored hacking and it’s not a leap to go so far as to think Huawei could be compelled to backdoor equipment. For that reason not using Huawei is safer for national security one way or the other.
However, on Capitol Hill, I think the idea is more to harm China than protect. I remember that the Washington metro trains were almost blocked because they are built by a Chinese company. Someone in congress dreamed up a Tom Clancy plot where the Chinese could bring down Washington by hijacking their transit system.
Just about every data center in the US has a decent percent of its servers running as nodes of botnets for entities inside of China, not to mention the hundreds of millions of "smart" devices. That leaves out of the equation TickTock and Reddit and every other above-board Chinese communist party partly owned tech in the US.
Assuming that you know what your exact attack surface is is a pretty clear sign that you are very vulnerable to attack.
Too bad that nobody ever managed to find any of those tiny super spy chips, even three years later.
But hey: The poop was thrown, some of it stuck, and now you are repeating it as established fact, when even the sources named in the Bloomberg piece found it quite lacking after publication [0]
So the narrative successfully did it's FUD job, and here we are under a post about yet another Bloomberg headline that nobody even questions in the slightest.
> I wonder if some data center workers received a list of serial numbers that had to fail in the next few days and get decommissioned.
We are talking about dozens of data centers here, thousands of server racks, across half a dozen different companies and geographically spread pretty much all over the US.
Pulling that off would require a massive conspiracy involving hundreds of people, in addition to China being able to manufacture magic super tech that's even too advanced for the US.
> There's no way of knowing.
Sure there is a way of knowing: Show such a server board with such a super spy chip. But as long as we lack such extraordinary evidence such extraordinary claims should be taken with a massive grain of salt and not given the benefit of the doubt.
Particularly when they come out of a government/industrial complex that has a rich history of lying and making up stuff to serve their particular foreign policy narrative.
This is just a way for the government to subsidize telco equipment upgrades, using popular-with-voters nationalism and anti-Chinese racism as a pretext.
The US and China having a great power conflict - which will last for many decades, or longer - is not based on racism. The US conflicting with the USSR throughout the Cold War was also was not about racism.
It would be exceptionally irrational for the US to utilize the telecom equipment of a quasi enemy nation that is all but guaranteed to be a future enemy. It doesn't matter whether anyone likes those terms or not, that's how the US Government is increasingly viewing China - and vice versa - and that's what is coming.
I fail to understand why the press in western countries gives this story so much air time. It's a regular fixture in the Canadian, UK and NZ press as well. I think it speaks to the lobbying effort and quality of PR retained by Huawei.
There are certain things that a country, or group of allies, absolutely should retain control over. Communications infrastructure is absolutely one of those things.
There is a reason China and Russia both have their own GPS alternative.
There is probably no good reason to distrust Huawei. But equally there is no good reason to trust Huawei.
It's definitely about more than just national security. BT was explicitly pressured to remove "dumb" components that were thoroughly vetted after they'd started removing smart components where surveillance risk was higher.
At no point was any surveillance detected on any kit.
Removing it all (as opposed to just the "smart" kit) is extremely costly and if security was the real concern, not worth it.
They did bug the african congress but they were invited to set everything up in that building and nobody paid attention to anything they installed.
I suspect it's an attempt to wage "economic" warfare. Under WTO rules national security is a virtual get out of jail free card for protectionism. Huawei had just recently proven that China can overtake western technological capabilities in a key industry. That's the point when America flinched.
It also explains why they bullied all their allies into taking out all the tech all at the same time after years of seeminglh not being concerned about their own networks (let alone their allies) and without any evidence of a breach or anything.
I'm not following here. If they bug high-stakes customers when given freedom to operate, why should any country trust anything they build to operate as described? "We'll behave as long as you're looking over our shoulder" doesn't inspire confidence.
It's not really a question of trust though is it? Did you really think we blindly trusted every piece of kit they sold us until the US government kicked up a stink?
It's a question of eye watering costs of ripping out ALL of the very expensive hardware vs. simply vetting it & ripping out some of the more complex stuff that cant be vetted.
Nope. Scorched earth.
I have no doubt that they would have already bugged the west if they thought we wouldnt catch them in the act.
Which we likely would have.
Hence, probably economic, not national security (unless its about america wanting to install its own bugs in which case lord help us).
Can you even vet it, really? All you need is one chip with secret logic inside it, in just a handful of boards, and you are hosed. You'd have to physically inspect every single board, in every single piece of equipment, and even then that's not 100%. Often these devices look completely different inside from lot to lot, due to the way component sourcing works.
If it's in the core, to a certain level of confidence, but it's arguably worth ripping it out because of how hard it is to have enough confidence.
likewise anything that can address anything else on a network.
If it's, say, a radio antenna? yeah, you can.
The core was the cheapest and easiest thing to replace. It's the rest - the stuff it would be implausibly difficult to hack while we are watching which is eyewateringly expensive to rip out.
One of the things I have never seen, is an original source that details the type of attack that was done on the African National Congress HQ in Ethiopia. The only original source I have ever seen is a short piece from (of course) Le Monde. I have never seen a CVE, much less writeup of the attack.
We hear that the device was sending uploads to China in the middle of the night. But what type of uploads? And was it firmware based, or OS based? That whole Hussein(-Addis affair just seems very suspect to me.
Having spoken to someone involved in the investigation, it really did happen but like anything this politically sensitive it was quickly hushed up to avoid making it more of a diplomatic incident. The AU had tried to prevent the news from leaking in the first place.
That's quite typical for espionage, where unless there's a desire to publicly burn a few bridges countries would rather have it handled quietly through regular diplomatic channels.
I have no idea why I typed ANC instead of AU. But I'm not going to lie, it [0] does read a lot like Western Propaganda. The Yellow Peril trope, the Magical China-Tech (the Supermicro Magic Chips), the early morning uploads to Shanghai (those Chinese are playing the long game!)etc.
Generally, trusting Western media on Africa reporting is never a good idea. But at the end of the day, this, and Snowden's revelations show - if you don't make it, then you don't own it.
Do you have a source? I only recall the Le Monde [0] article. And was the nature of the breach? You have something uploading to Shanghai for 5 years - and nobody noticed?
According to the person I spoke to on the team that responded, and helped set up the new replacement system and network, there had been warnings for years about the adoption of the system and the lack of any real monitoring, but those were ignored because it was considered politically sensitive to double-check on what the Chinese had provided.
It was a new member of staff who did their own experimentation without authorisation who found it and sent it up the chain, to point where it couldn’t be ignored or hidden anymore. Mostly because that made the delegations aware of how terrible security was, whereas before it seems they’d assumed the organisation had that covered.
> BT was explicitly pressured to remove "dumb" components that were thoroughly vetted after they'd started removing smart components where surveillance risk was higher.
You say that as if there haven't been clever spy techniques using crazy things that took ages to detect:
I think you are correct here that this is a more a economic move than national security. The truth is Huawei networks switches and routers are equal to if not are better than equivalent Cisco devices. Cisco just cannot compete at this price point IMO.
That national security concerns about Huawei equipment has nothing to do with the quality of the equipment. The issue is whether the vendor can be trusted in hypothetical scenarios in the future.
If the US implements all Huawei equipment, and China sanctions the US from receiving support/updates/parts from Huawei (or worse, go to war and use it as a weapon), then the US telecommunication infrastructure is at risk.
I have first hand knowledge of IP theft by Huawei dating back more than 15 years. It's not surprising they can outclass competitors on price over the long term. Perhaps this behavior should not be rewarded?
We don't have jurisdiction over China. There is no such thing as IP theft across state lines without both states agreeing to recognize it as such. Even among countries that do recognize it, it's an insane kludge of treaty and the independent operation of fundamentally incompatible legal systems which can only reach within states themselves and tend to bump into serious obstacles whenever they try to reach across state lines.
Most major corporations deal with this by just registering IP in multiple jurisdictions simultaneously and litigating internationally, which can also be done in China just as you would do it in France or the UK. Redundancy is easier to manage than cross-border cooperation with foreign court orders.
>There is no such thing as IP theft across state lines
That may be true in the strictest legal sense when a Chinese company is the one doing the stealing from a Western corporation. But in reality, that's so laughably incorrect that it makes me question why you said it.
Exactly. And to put it in clearer terms, they have been continuously hacking into Western companies for 20 years and stealing design schematics and counterfeiting them. I'm sure you'd be cool with a Chinese APT rooting your servers and stealing all that you have in your company?
It's a simple statement of fact that the United States has no jurisdictional authority over the actions Chinese citizens take in China against American citizens and vice versa. This is a serious problem for reasons such as this, but you cannot refute it as a basic statement of reality.
Put simply, American courts have no authority over Chinese in China, Chinese courts have no authority over Americans in the US, and our courts do not cooperate reciprocally as they do in other countries with alternative diplomatic and legal relations.
> Put simply, American courts have no authority over Chinese in China
Fortunately, this is of no significant barrier.
It is not a barrier because we, in the US, can ban their hardware anyways, and cause serious economic damage to them anyway.
So it doesn't particularly matter if we use IP law itself, in the courts, against china, when we have other options, such as simply banning their products in this other way.
To do this the US would have to reset its entire diplomatic and trade posture with China. Despite all the rhetoric this isn't happening; the diplobureaucrats will be kicking that can for as long as they possibly can.
> To do this the US would have to reset its entire diplomatic and trade posture with China
No we wouldn't. Literally we are commenting in an article, about what I am suggesting is happening.
So the stuff that the article says is already happening, is what I suggested.
Could it go faster? Maybe. But like I said, we are literally commenting on an article, about how US telecoms are being required to replace certain equipment.
The US has jurisdiction over things imported to the US, and apparently over network equipment used in exchanges.
To my knowledge this has not previously been used as punishment for theft of trade secrets (Hwawei was sanctioned for doing business in Iran), but the legal mechanism is there.
My understanding is that many Western firms had willingly entered into business agreements with Chinese firms, primarily for manufacturing but also for access to the Chinese market. It was always understood that such agreements included technology transfer, even if that wasn't always communicated to e.g. shareholders of Western firms. Not all Western firms entered such agreements, but those who did can't very well start crying about "hacking" now. When you tell someone a way to make money, they're going to remember that.
Because the two countries do not share definitions on what that even means. They both have to agree and both need a set procedure for adjudicating such disputes for it to be real. If the US says it's "IP theft" and China disagrees, there is a dispute on the legality of the act in question.
So for example, in France, there are many acts which are trademark infringement in France that are not trademark infringement in the US. A Frenchman can accuse an American of trademark infringement for an act that is not trademark infringement in the United States, but is infringement in France. They can bring a lawsuit in France, win, and potentially enforce that judgment on assets in the US with the cooperation of an American court despite the fact that the American did not, by the definitions of American law, infringe on anyone's intellectual property.
There are no such cooperative arrangements between the US and China despite recent attempts to set them up. There are also only limited agreements on what is and what isn't permitted.
So if it is true that this is economics not security, what was offered or threatened to coordinate action across all the countries sending Huawei away?
Mass population is moved by fear, but is that how concordance is manufactured across the executives of a set of countries: a few terrifying top-secret presentations, and IC has successfully reputation-assassinated a foreign company? Why would these countries agree if there was no breach and a cheaper price? What offer or threat besides a more expensive but more secure infra? I suppose if you view telcoinfra as defense assets then it's a no-brainer, but was this the calculus? Blackmail/Mafioso-tactics would be a good one, maybe: You have to buy from us, or we will reveal/do such-and-such horrible thing.
But if it's true this is economic, not security, and also that Huawei has superior value for money, then is it not just these countries accelerating their already decaying infrastructure, for the sake of pride?
"The phones are down." "Yeah, whaddayagonnado? At least we're not paying the Chinese to make them work."
Replace phones with other critical things China makes better for a better price, and the future of these countries may look like the past of the former-Soviet ones: a whole bunch of weird anachronistic tech resulting from an (in this case self-imposed) embargo. But at least it will be 100% built by subjects of approved countries. I suppose that is one strategy to fight back against the dominance of Chinese industry: just outlaw it.
The hilarious thing is, probably all these "approved suppliers" will have to purchase significant inventory from what is essentially Huawei's supply chain anyway. Seems much more like the tail wagging the dog, with corporate dishonesty dictating so-called natsec policy. Could it really be so twisted?
> coordinate action across all the countries sending Huawei away?
It should be noted that up until early 2020, US campaign against Huawei had spanned 10+ years long, and only secured a few committments to ban Huawei, not even all of FVEYS. It was a spectacular failure. It wasn't until successive US sanctions against Huawei access to semiconductors that countries relented, not due to security concerns but Huawei's ability to supply hardware long term due to sanctions.
> Mass population is moved by fear, but is that how concordance is manufactured across the executives of a set of countries: a few terrifying top-secret presentations, and IC has successfully reputation-assassinated a foreign company? Why would these countries agree if there was no breach and a cheaper price? What offer or threat besides a more expensive but more secure infra? I suppose if you view telcoinfra as defense assets then it's a no-brainer, but was this the calculus? Blackmail/Mafioso-tactics would be a good one, maybe: You have to buy from us, or we will reveal/do such-and-such horrible thing.
Governments don't operate exclusively through sticks. The US has plenty of carrots to give out.
As of March 2019 [1] this vetting was not going very well in the UK. Only one piece of Huawei firmware was even able to achieve "binary equivalence" where the agency could determine that verified source was actually the source for specific firmware running on the device.
Reproducible builds are incredibly hard to achieve and require a significant amount of resources. Debian has been on this path for ages in a fully open ecosystem and still hasn't fully achieved it. Nobody could doubt their resolve.
All it takes is one tiny bit of proprietary software in the build chain that behaves non-deterministically (and they probably have several) and that's it. No equivalence until you rip it out and replace it. That's an expensive ask.
I'd be surprised if any vendors have achieved this. Hell, Cisco source code is probably riddled with spyware that they could spot at a glance, but "American IP considerations" 100% trump UK national security so I doubt they'd even get to see the source code.
I would love it if all of the vendors were made to have source code reviews and reproducible builds, but being realistic it's a standard that's only be demanded of Huawei. Even if they passed this high bar they'd only find some other excuse to rip them out.
Even so, unless you're talking about firmware for complex devices attached to the internet (what BT calls "the core", e.g. routers that they ripped out without much protest) you can still develop reasonable confidence that the firmware isn't exfiltrating sensitive data.
If it is simple and it is tightly scoped (e.g. firmware for an aerial) the spyware would have to be very clever and probably pretty obvious, assuming it was even possible. These kinds of devices are where the costs to rip out and replace every bit of hardware also became eye watering.
> I suspect it's an attempt to wage "economic" warfare. Under WTO rules national security is a virtual get out of jail free card for protectionism.
It's not like the US has to care too much about the WTO as the WTO has effectively been out of business for these past years due to the US blocking the appointment of new appeal judges [0]
So even if the WTO rules in favor of China, which it actually did on the steel tariffs [1], all the US needs to do is to appeal the decision and the WTO ruling will be stuck for all eternity in the appeals court, as that can't rule on the appeal without at least three judges.
I personally feel it is a pro-rated cost. I completely understand in China doesn't want to add US technology to their critical infrastructure and I hope China understands the practicality of it. It's a one time sunk cost, we would have to do it at some point. We aren't waging economic warfare as this is a tiny amount of trade that happens between the USA and China, if your theory was correct we would be doing it in all industries.
> At no point was any surveillance detected on any kit.
That's not proof of absence...
> I suspect it's an attempt to wage "economic" warfare. Under WTO rules national security is a virtual get out of jail free card for protectionism. Huawei had just recently proven that China can overtake western technological capabilities in a key industry. That's the point when America flinched.
> Huawei had just recently proven that China can overtake western technological capabilities in a key industry. That's the point when America flinched.
Here I was thinking it was because Tony Podesta et al were involved with keeping them clean in the first place!
The reason the press focusses on it so much is that it is, thus far, the only real step that the west is taking against Chinese hegemony. It's expensive and it's real. The rest of Cold War 2.0 hasn't really started yet. A couple of Mikes, a couple of tariffs, sure, but realistically if we really snap into a true standoff with China it's going to absolutely devastate the world's total economic output and stability.
I'm Chinese and writing from a Huawei phone, and the Meng affair is frankly ridiculous: kidnapping those two guys, probably "sort of spies" and not just random teenage students you'll agree pretending this had nothing to do with Meng then freeing them up immediately after was impressive both in boldness and stupidity - we could maybe have the strength to own up rather than act like weasels non stop.
That said, helping Iran shouldn't be a crime until they actually pose a tangible threat, and at my little level, I think the US is being way too strict on them, and I dont dislike Huawei trying to help them... as long as we're able to control the risk and focus them rather than have it blow up in our face "US in Afghanistan"-style.
It's like your daddy wants you to take the neighbourhood bully's toy, so you stole his toy, and now the bully came and took two of yours. What are you supposed to do?
The odd part is removing equipment after the fact is the most expensive way to reduce the risk. If one were serious about it governments should be reintroducing industrial investment policies encouraging investments over longer then 1-3yr time spans.
When I say "hasn't really started yet" I really mean it. China gutted Nortel here in Canada, and they've been hacking and ripping off IP wherever they can, but realistically this is nothing close to the scale of the Cold War. They've been biding their time and playing down their capabilities. Holding relatively small numbers of nuclear weapons and largely focussing on building soft power through investment ala belt and road over real power projection that the Soviets or Nato have done. That's starting to change, but it's not a real Cold War until the business class gets nervous going over the boarder and right now they're still piling into China.
China has hundreds of EV car startups and it appears that they are reaching the capability of making half decent cars. When these cars enter places like the US market, they are going to decimate the competition. We should probably expect an invasion of Chinese cars in the next few years.
NEDC range is about 80% of EPA range, so that would probably be ~150-200 miles of range if it sold in the US.
$16k is great though. The base Nissan Leaf is $27k for 150 miles. At the same time, I'm not sure how much importing it would raise that. If, like you said, it sells for $25k in the US, that's a decent value if it's other features are comparable to a base Leaf, but I don't think it would decimate the competition.
The 1980s wasn't called the "Cold War era" because Japan suddenly gave us nice cars. The USA welcomes economic competition with foreign rivals. May the best car win.
The issue is that China is beginning to aggressively take out interest in Democracies in their sphere: first Hong Kong, and everyone knows that Taiwan is in their crosshairs now.
We didn't (and wouldn't) go to war over Hong Kong. Taiwan however... that's different and is truly a serious threat.
---------
If anything: additional trade and cultural exchanges are needed to foster a spirit of competition / cooperation even in the face of our nuclear weapons being trained upon each other. We don't really know if the Moscow Circus prevented a US / Soviet nuclear exchange... but maybe it did??
EVs may be a winner take all market in the sense that there is a lot of software and tech that the incumbents (except Tesla) are traditionally bad at. If the market expects this it may take a long time for incumbents to catch up. We might see bankruptcies and consolidation. Auto manufacturing is the final large manufacturing industry left in the US and it going away will hurt the country dearly.
> That's starting to change, but it's not a real Cold War until the business class gets nervous going over the boarder and right now they're still piling into China.
It's sad, but this is one of the only avenues I can imagine that will bring real benefits and change for a lot of Americans.
Post-WWII, the ownership class had to offer a good deal compared to the Soviets, lest they risk communism coming for them, too. They had to provide working people opportunity and had to help build a thriving middle class in order to stave off sympathy and collaboration with the USSR.
Today, if owners don't want Americans to be bribed by the CCP into spying for them and handing over the IP they own, they're going to have to offer Americans another good deal in comparison. That's my optimistic take, but I can also see jackboot tactics being implemented instead of raising Americans' standards of living.
I don't think we can afford to raise standards of living across the US, in the sense of giving them more spending power. People will spend the money on lots of fossil fuel derived things.
Yes, and so what?? Find me a Western nation that would really take China over the USA. Do you really believe a world under a Chinese hegemony would be better?
Yeah but that's realistically not an option that is on the table. A decent part of the American electorate is not interested in that because honestly it doesn't benefit us directly. The choices today for most countries are the same as it was in 1945, side with the US, side with the communist, or be "non aligned" and have your government/infrastructure undermined by intelligence from both sides.
Why aiming for international democracy is not an option?
You didn't explain that.
And please, stop using communists to refer to anything on earth. There is no such thing as communist nowadays. If you think there is a communist in China, that person probably will be shunned as one would be in USA...
What is international democracy? We currently have the UN, but in practice it draws on the resources of the US to enforce its decisions (such as Iran sanctions).
So what system do you have to propose, and how is it better? Remember that your explanation must explain how International Democracy avoids interacts with conflict between nations, how it maintains the global economy, in particular the safety of the shipping lanes and banking systems / currency exchanges. You must be able to adjudicate border disputes and prevent large nations from claiming large swaths of sea as territory. You must be able to explain how your system avoids becoming a tyranny of the richest, strongest, or most cunning states, as well as how it remains stable and doesn't become anarchy.
International democracy is just what it denotes on the name, applying democracy principles between nations.
As the first step, let's make sure everyone goes through UN for any cross national conflict. Like if US unilaterally invade Iraq, US should be sanctioned according to some agreed upon rules. Etc etc.
When you say UN works because of US support, that's a problem. UN needs to hold actual power, not at the mercy of a few super powers.
One step to allow UN actual power, is to grant UN the ability to draft financial resources from member nations, and let UN invest on the behalf of all people on earth.
Simple fact is that there's no Chinese hegemony now and there won't be one in foreseeable future because there's existing hegemon that won't just give up.
btw one man's whataboutism is another man's uncovering of hypocrisy.
I agree with the general sentiment of your post. There is an undeniable national security interest in maintaining control over telecommunications backbones.
> There is a reason China and Russia both have their own GPS alternative.
As does the EU (ie Galileo).
> There is probably no good reason to distrust Huawei.
Here I disagree. Chinese companies are extensions of the state and tools for domestic and foreign policy to a degree that Western companies simply aren't. China's massive censorship policy doesn't exactly instill confidence in the principles of openness or independence either for either the Chinese government or the companies that enable these policies.
> to a degree that Western companies simply aren't.
NSA paid RSA Security $10 million in a secret deal to use Dual_EC_DRBG as the default in the RSA BSAFE cryptography library[1]
Juniper routers had an apparently deliberate Dual EC backdoor allowing VPN traffic to be decrypted.[2]
I'd say that there is probably more evidence of the west putting state-level backdoors in things than there is of China doing so. (although there may be sampling bias in this!)
How many journalists in China are you aware of that have investigated Chinese state interference in their technology companies, and reported on it? Yes western intelligence agencies do make use of western technology companies from time to time. I still think it's obvious that China is willing to go much, much further in the control it exercises. In fact exercising complete control over all aspects of business is official party doctrine.
There’s more evidence of everything in the west because of the openness of governments compared to China. China isn’t responding to FOIA requests all that much these days.
I don't believe this. Nearly anything complex and networked, after a few months investigation by a good security professional, will have a good number of exploits found.
These could be plain old bugs, or they could be planted backdoors. (usually indistinguishable)
Even after months of effort, there is a high probability there remain undiscovered security issues (either deliberate or accidental) that more effort would have found.
For that reason, I don't believe any claim when they say "nah, we couldn't find anything". They either didn't look, or don't want to reveal what they found.
They assessed the kit to ensure it was safe to install on British networks, they announced it was safe, and the kit was installed.
Further, when America's anti-Huawei panic started HMG were looking for an excuse to ban Huawei kit. If problems had been found it's likely they would have been mentioned.
> Huawei kit has been extensively analysed by GCHQ. They found nothing untoward.
That's not true. GCHQ looked at source that was provided and found many unpatched vulns, and then found that the firmware binaries were not matching the source that was provided (with a single exception), so only Hwawei really knows what their devices do.
The data you show isn't proof of anything other than ineptitude of western agencies and the freedom of the press in the west. Go look for ICMB and warhead leaks, you'll always find better and more extensive documentation for NATO weapon systems. Does this mean the former communist block had no such weapons? No. It has to do with freedom of press and the legal system in the west making plans and docs public knowledge compared to a pretty locked down system in Russia and china.
1) Huawei had a tech / competitive lead vis a vis western firms, so those firms have been pushing / lobbying / this narrative of distrust around Huawei.
2) Huawei has done itself NO favors by just ridiculous actions - I think not realizing they are trying to sell into a western market where some of these stunts don't come across so well. In China helping N. Korea not a big deal and makes sense, China doesn't want N Koreans flooding over border. But then I thought the claims that no assistance etc offered was silly, just say yes, for x reasons we helped y country with their telecom.
Maybe because the US vs. Huawei war has had a noticeable impact on laypeople.
I can understand why they remove network equipment and have no problem with that, but as a happy Huawei smartphone user from a non-US country, I'm still pissed that I need to change to another brand (and I don't see anything on the market that is as attractive, by far) because a foreign government decided to cripple this one.
I know, in theory I could go without Google, no one is banning Huawei from selling their phones to me. In practice, that's not feasible when e.g. your everyday banking apps rely on Google services. For all intents and purposes, a foreign government has banned me from using the phones I like. Imagine how many Americans would feel if new iPhones stopped being useful due to some foreign political offensive. This is similar (Huawei was the top-selling phone brand in my country). Thus, many people are interested in this kind of news about Huawei, even if they don't understand what network hardware is.
As a consumer, the tech war made me realize how the availability of my daily digital infrastructure relies on the whims of largely unaccountable corporations and governments.
I know what you mean about bank apps working only on unrooted Android devices and only with Google Play Services. It's an OS- and device specific restriction, because the desktop website does not have these limitations (besides 2FA, which is understandable).
The solution for me was to wait until I have my laptop on me to do banking. But I understand that not everyone will have this ability due to the nature of their business or workflow.
> I fail to understand why the press in western countries gives this story so much air time. It's a regular fixture in the Canadian, UK and NZ press as well. I think it speaks to the lobbying effort and quality of PR retained by Huawei.
I think it's the opposite. Without all of the anti-Chinese bluster, this would be seen as a simple government giveaway to privately-owned telecoms and domestic telecom equipment manufacturers. These press releases are being written by their lobbyists, not Huawei.
there are for sure plenty of pro Huawei apologists on the internet. It would be absurd to let a foreign power control critical telecom infrastructure, for that reason alone the decisions to ban and replace foreign gear is merited.
This isn't 'anti-chinese bluster' it's just critical thinking.
My view is that this is part of the single most important narrative that all news media ultimately contribute to: the story of the lead up to, causes of and justification for war.
We are a civilization based on sanctified violence: nowadays that sanctification comes from the news media.
Just to be clear: I am not blaming the media for war. I am also not definitively "anti-war" as I don't know precisely what that means.
As someone who has been in war, I think war should be reserved for very special circumstances and not driven by public opinion (positive or negative). The US does not have a framework for war that isn't somehow affected by popular opinion though. The current best-effort application is the Joint Chiefs, whom I used to trust when Mattis was involved. Whether the Joint Chiefs can continue to recruit stoics like Mattis is another matter entirely.
I wanna know: why in the hell did American managers OK CCCP H/W in the first place? Because it cost less? Because they didn't get that "communications infrastructure is absolutely one of those things" you don't hand out to the other side? You know, we graduate a lot of business majors but sometimes I seriously wonder what in the heck American management does. In fairness there's probably blame at senior "engineering" types who OK'd purchase of Chinese stuff too.
Given what you say, I don't understand why you don't understand.
For one, it's now quite clear that all network infrastructure has backdoors controlled by the respective producing governments. I know for fact that alcatel do, for example. Why else the strict purge against huawei; a spy can spot a spy.
And I think there are quite serious implications for free and open markets in certain sectors.
Sure but what changed between the time the equipment was purchased and installed and now? It’s not like the idea of malicious hardware is new. There was probably specific information about a credible or actual threat.
If the 'trust' of an entity used for critical infrastructure is not definitive, then we 'don't trust', i.e. 'distrust by default' in those scenarios.
We literally do not know who owns Huawei, legally. We know that the CCP wants to monitor all communications, everywhere, do the extent they can. We know that de facto, the CCP has the final say, and can bend Huawei at will to do as they please and interdict without consequence (see: Jack Ma).
While it's obviously a much more complicated question, there are other issues for sure, but in the end, it's as easy as that.
The same should be held for any bit of critical software, and legislation should be introduced to protect citizens from CCP oversight in consumer apps like TikTok.
The 'smart play' would be to play into the financial incentive of the companies - most of them are 'profit first' and adhere to CCP policy mostly 'because they have to' but with maybe some degree of national loyalty in some parties. But just like Hollywood can be very easily manipulated with the threat of China-blackout into making films the way the CCP wants ... Zoom and TikTok will act reasonably with the right regulation and oversight i.e. 'All US data has to be kept in the US, in certain terms, with some regulatory process etc'.. If they are forced to keep a firewall between non-China and China users by host nations, it makes it easier for them to rebuff CCP demands for interjection i.e. "Sorry Xi, but the data is kept on servers in the US on a different business unit, if we pass data across borders they will shut us down"
No, because the moral ambiguity inherent implied would kind of conflate different problems.
What is Facebook doing wrong? They're allowing people to share content. Some of that content, some people want censored, because they believe it has a negative influence, many (most) others would disagree. That's mostly it.
If Facebook, Google, Snap, Insta were all actively sharing all of their data with the Government, so that the Government could censor any and all criticism, throw people in jail arbitrarily, use FB to track down an ethnic group of citizens and throw them in brainwashing camps with no oversight, control the entire media, and stop people from accessing information outside the USA - then I would agree with your point.
"What is Facebook doing wrong? They're allowing people to share content"
I don't have a dog in that fight, I am reffering to them spying on people who have enevr even signed up tp facebook, enabling electoral fraud in Uk and conspiring with Google to manipulate the ad market. All of those activities are illegal and well documented.
What you're saying is a common thing I hear. I have been in the China watch camp for a few years now and there are a lot of major stories that you and most others are missing if the only place you get your news is from mainstream media, most of which has been captured by Chinese government. Bloomberg, CNN, AP, Reuters all receive Chinese money and/or coercion (not allowed to have offices/journalists in China unless you do what we say) to bring pro-CCP narratives to their audience. Same goes for most other international media. Just saying.
> I fail to understand why the press in western countries gives this story so much air time.
Huawei pays for "sponsored" pieces in major media outlets. Politico, Reuters, Wired and others are paid by Huawei to run puff pieces, clearly labeled as "sponsored" content. Should a sudden spasm of inner dialog cause you to wonder whether the checks getting cashed have any influence on editorial decisions related to non-sponsored news you're expected to suppress that as much as possible and also keep it to yourself. Thanks!
What backdoors? Didn't the UK audit telecoms and networking equipment and say that they have shoddy security in some places ( like having telnet) but aren't worse than the shoddy security in "good" vendors like Cisco and Juniper.
Indeed. As someone somewhat familiar with "underhanded code" contests (not as a participant) and publicly known espionage norms. I'm unsure why people expect backdoors to have massive MOTD banners and not be reintroduced OpenSSL vulns from 2006 that "accidentally" got into the build process for certain releases of firmware 11 years later (this happened with the UK Huawei audit iirc). I'm also unsure why people expect specific examples of known backdoors when that in itself hurts counter espionage efforts.
> Cozying up to bad actors like North Korea and Iran?
You'll probably feel a need to shit on a flag when you realise that an allied Swiss company (ABB) sold North Korea a two nuclear power plants when Rumsfeld was on the board of directors.
> communications infrastructure is absolutely one of those things
So is the media.
Perhaps it is not on account of the tremendous PR efforts of Huawei that American media outlets appear to be on the same team as the Chinese communist party, on many fronts.
> The findings to these lines of inquiry proved troubling to the Intelligence Committee. The probe examined Huawei’s and ZTE’s ties to the Chinese state, including support by the Chinese government and connections to the Communist Party of China, and their work done on behalf of the Chinese military and intelligence services. For instance, Congressional investigators were concerned with the background of Mr. Ren, Huawei’s founder, who had links to the 3PLA – China’s signals intelligence division – and the Communist Party, such as serving as a member to the 12th National Congress. They did not find credible claims or evidence that the company was, in fact, an employee-owned and controlled enterprise or had an independent board of directors.
> Instead, the Intelligence Committee found that the Chinese government and Communist Party exerted influence over and supported Huawei as a “national champion.” For example, Huawei admitted that an internal Party Committee existing within the company, consistent with Chinese law, but refused to discuss or describe the role, membership, or impact of this group on corporate decision-making. Huawei’s failure to provide further detailed information explaining how it is formally regulated, controlled, or otherwise managed by the Chinese government undermined, in the view of Congressional investigators, the company’s repeated assertions that it is not inappropriately influenced by the Chinese government.
> Huawei also refused to provide answers to direct questions about its financing and connections with Chinese state banks, nor did it provide internal documentation or auditable financial records to evaluate its claims that any financing arrangements comply with standard practice and international trade agreements. In support, Congressional investigators cited the earlier finding of the U.S.-China Economic and Security Review Commission that enterprises like Huawei rely on generous state-backed financing to make an investment project in a new market viable. To the detriment of U.S. competitors, financial subsidies from the Chinese government can enable its national champions to penetrate markets by offering products below the costs of production.
> Additionally, the Intelligence Committee found that Huawei exhibited a “pattern of reckless disregard” for the intellectual property rights of U.S. companies. Congressional investigators cited Huawei’s settlement in civil litigation with Cisco, in which Huawei agreed to remove certain products from the marketplace due to violations of Cisco’s intellectual property rights. Whistleblowers – former employees of Huawei – also offered testimony that the company deliberately used the patented material of other firms. In the judgment of the Intelligence Committee, these issues with intellectual property rights raised broader concerns of Huawei’s compliance with U.S. laws in general.
This can be summarized as "The Chinese Government Supports Huawei" + a lot of appeals to authority and claims of refusals to answer arbitrary questions that US companies certainly wouldn't answer if China asked.
The US government supports Cisco, and its diplomats are used to sell Cisco products. The forced replacement of Huawei equipment is an example of that.
If China were doing diplomacy and passing legislation that made US products illegal internationally, it would be worse than any of the accusations made here against China.
Only if you're already convinced that China and its people are evil, and that their winning an economic war against the US is a sign of the end times, will this reasoning convince you. China has triple the population of the US; it should be doing better.
The Chinese people aren't evil. One can reasonably argue, however, that the CCP is. The greatest victim of the CCP has been and continues to be the Chinese people, who live in a dystopian surveillance state controlled by an authoritarian ruler who has fashioned himself as a new Mao and uses whatever tactics he deems appropriate to crush political threats, suppress dissent, and eliminate ethnic and religious minorities.
I have been living in Asia and for the past several years have lived approximately 100 miles away from the Chinese shores in a free and democratic country that is in grave danger because a man who can't stand being compared to a cartoon character and his sycophants believe that it belongs to them.
The US is not the land of saints, but to anyone who feels the urge to engage in whataboutism regarding China, I encourage you to read about the history of the CCP, what it has done and continues to do to the Chinese and Tibetan people, its ongoing genocide of the Uyghurs and what its goals are for the Indo-Pacific.
> China has triple the population of the US; it should be doing better.
Doing better by what metric? Look at China's GDP per capita. The country is desperately trying to escape the middle income trap and a lot of the growing tensions in the region are related to the fact that the real picture of what's happening in China is not as pretty as the one the CCP projects.
one doesn't have to be convinced that someone is "evil" in order to not trust them.
>This can be summarized as "The Chinese Government Supports Huawei" + a lot of appeals to authority and claims of refusals to answer arbitrary questions that US companies certainly wouldn't answer if China asked.
how can you make this statement while ignoring the difference is basic relationship fundamentals between US corporations and the US government, and Chinese corporations and the Chinese government? the two are nowhere near equivalent.
>Additionally, the Intelligence Committee found that Huawei exhibited a “pattern of reckless disregard” for the intellectual property rights of U.S. companies.
Not just US companies. Huawei has stolen a ton of Nortel IP. This is largely the reason for their 5G tech edge[0]
It's really depressing to see such a wonderful Canadian owned company being completely dismantled and destroyed by foreign powers while everyone stood back and watched.
Maybe your definition of "destroyed" is maintaining this misunderstanding. Their definition of "destroyed" is some paper saying that the destruction is being handled by a specialized company. That company can "outsource the destruction overseas" without being liable.
Unless the destruction process is thoroughly documented so following up the mandatory requirements will ensure the hardware is totaled and whatever remains of it is beyond repair, there are always some chances it would be disposed of in a less than irreparable manner, and someone would just recover it and sell for profit.
It doesn't require malicious intent, just negligence, ignorance, lack of awareness and/or poorly worded instructions.
It probably is thoroughly documented, with approvals to recycle the materials to avoid running afoul of various environmental regs, etc. then it gets parted out on eBay.
It’s like when your insurance company destroys your car, that just means selling it to a wrecker that parts it out and eventually crushes what remains. The vehicle can’t be registered but as long as you have a frame with a good VIN you’re good to go.
My comment you replied to was not suggesting defrauding the government (definitely don’t ever do that, going on the record I don’t support that) but commentary on how frequently something that should happen (equipment destruction) as required by law, policy, or contract doesn’t happen. Very similar to how hard drives with very sensitive information on them always seem to end up on eBay (or marketplace of your choice).
Could be to emphasize that they didn't "remove them" by just turning them off and collecting a re-imbursement from the government. The article says the removed devices must be taken to approved destruction facilities, so the govt really doesn't want the devices popping up on ebay or in internal networks.
> All over the country, hardware from Huawei Technologies Co. and ZTE Corp. keeps American telecom networks humming. In the coming months, many of those networks are going to start ripping it all out.
I'm curious how this is going to affect the end user. Are some users going to have slower speeds?
Probably will only affect cost, the US already has high costs for fiber and cellular internet. (Cellular is about 3 USD/GB in the US vs less than 2 USD/GB in most of Europe and Asia according to https://www.cable.co.uk/mobiles/worldwide-data-pricing/)
"it’ll likely take a four-person crew a week to overhaul each of his 67 towers"
Am I being too cynical? This seems high. Searching around about how long it takes once work begins, it appears that upgrade time is roughly half of that. Which leads me to believe that network operators will be perfectly happy to take the money while padding their expenses significantly.
I'm surprised by this. I vividly remember that the mere suggestion of these common sense national security measures a couple of years ago would lead to others having a stroke.
Ban Tik Tok next, too. It's ridiculous that we allow foreign intelligence to operate social networks in the US. And before anyone says "ackshually" in response, yes, I think it's ridiculous that other countries let FB, Google and YT operate within their borders largely unimpeded, rather than force them to create local subsidiares whose execs could be hauled off to jail for violation of local laws.
Last I checked (2 years ago) no one else was actually offering 5G kit. Cisco's "5G" kit was just slightly improved 4G and at least 10 times slower. Has that changed?
While I get the geopolitical reasons for this, I just want to say that it sucks. E-wasting kilotons of functioning hardware, in the middle of a global silicon shortage, is not a good state of affairs.
What always disgusts me about news and dealings with the CCP is the double standard. They can play ball in western markets with impunity, enjoying our egalitarian legal systems and protections, while we cannot do so in theirs. I'd love to see an equivalent anti-ccp stance taken across every field.
This is true of every company headquartered in a country with an oppressive government. You can buy Emirates air line t-shirts all over the place, but the country is a monarchy with a poor human rights track record. For better or worse we've decided that we're ok with treating foreign companies basically equally to our own up until now.
There is a reason Ericsson threaten to move from Sweden if they would block Huawei from having market access.
Because it would mean Ericsson would lose a lot of tenders, they went from getting 12% of the 5G tenders to like 2%.
Part of their tenders went to domestic companies and Nokia scored some 5G tenders.
Same for a lot of other sectors and western companies on the background the Chinese market is by far their biggest market.
I'm all for it that western companies lose their Asian market share means more internal consumption for Asian made products.
It's a waste of tax payer money tbh, those are perfectly good equipment. Huawei is making better equipment than Ericsson, Nokia, and Cisco since Huawei has out spent these companies in R&D.
Also, these companies all source from a global supply chains centered in China.
this is a good move. from the beginning, the Huawei 5G push was full of cause for suspicion. John C. Dvorak quit PC Magazine [0] after they took down his entirely reasonable (especially for Dvorak lol) 5G-skeptical column [1] and replaced it with a pro-5G column, accessed from the same URL as the deleted column. once covid hit, the narrative shifted further and anyone who was skeptical of Chinese 5G infrastructure in the US and elsewhere elicited responses of "lol you think 5G causes covid, ok Alex Jones lmao." the whole thing was shady from the start and the cries of "conthpirathy theorieth" were extremely odd given that the subject being discussed was the telecommunications infrastructure of the country being replaced/augmented by a new technology from a rival superpower. plus, I don't know about anyone else, but I personally haven't seen an actual use case for 5G to date. and then when you throw in the last administration's Secretary of State Mike Pompeo's remarks at the 2020 National Governors Association with regards to Chinese influence on our States' leadership [2]...
Wow, I was not aware of this. I used to read Dvorak a lot when I was younger. It also appears that he did not quit but was, in fact, fired - according to [1]:
> As many of you know, I was unceremoniously fired from PC Magazine on Sept. 20th, 2018 after over 30 years of service. I just figured it was the new people coming in and I was an unneeded throwback to the old regime.
Edit:
> but I personally haven't seen an actual use case for 5G to date
Incidentally, the most "compelling" use cases I've seen for 5g are always-connected smart devices that don't rely on WiFi. E.g. a smart TV where you can't pihole its advertising or view-tracking "features".
Not against anyone, and I know -- given the state of company -- this is not the time to ask, but because of climate crisis, should Huawei be slapped a climate tax too?
Imagine all those resources used to produce spying hardware that now will be decommissioned.
The simple story is that core infrastructure is of strategic national importance, and an elevated risk that infrastructure is compromised can never be worth whatever the benefits are of using a particular supplier's equipment. There is no practical way to 100% ensure that every piece of software, and every chip, in every piece of equipment is clean. Chips are especially scary (the push to have domestic chip fab by the US and other countries is about more than just supply chain).
This is true when it comes from what are considered trustworthy suppliers as well, but you're dealing with probabilities. I think that regardless of whether this move fits into a political narrative about China, or "economic warfare", the practical basis is that for some types of equipment, the risk is just too large and the ability to mitigate too limited, in general.
Unfortunately this was figured out with Huawei/ZTE after the fact, but tbh I don't think the specific company matters at all, it just happened to be they were in this business at the time & based in the wrong country.