ha
This is fantastic. China emulating the US and Obama crying about it.
US prez Barack Obama has criticised China's new tech rules, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue. As previously reported, proposed new regulations from the Chinese government would require technology firms to create backdoors and provide source code to the …
I doubt that, all the non-Chinese companies would abandon tech manufacturing in China and have a pretty noticeable impact to their economy. Chinese wages are rising at such a rate that manufacturing in places like Vietnam becomes more attractive by the day. It wouldn't be easy to switch production on the scale of the iPhone to another country, but Apple has lots of cash and could easily make this happen.
Maybe China thinks its economy is ready to stand on its own two feet without all that western money flowing in, but I doubt it.
I doubt that, all the non-Chinese companies would abandon tech manufacturing in China and have a pretty noticeable impact to their economy.
You're clearly a techie, and not a Corporatist.
A techie applies that evil commodity called logic, and comes up with a conclusion like yours.
A Corporatist would look at this and think (or do what passes for thinking in those folks): I've just spent a metric buttload of Corporate funds to move my manufacturing to the slave-labor mecca called China. If I were to go to the board now and say, "Hey, we have to move our manufacturing again to Vietnam or Myanmar (is that near Burma?) or some other bu-fu place", I'd lose my bonus in a heartbeat. Maybe if we just hunker down and keep a really low profile, this will all blow over, and the vast unwashed...er...I mean, our customers, will get distracted by the next something or another, will forget about all this, and we can sell backdoor-laden products as if nothing ever happened!.. Brilliant! I need a Scotch...
You're not selling it to your board correctly. You tell them, "remember when I spent a metric buttload to move our manufacturing to China and how much that cut our per unit manufacturing cost? I want another metric buttload to move to an even cheaper location, which will cut our per-unit cost even more!" Then you'll get another bonus!
Or if they fire you, you'll put on your resume "responsible for outsourcing manufacturing of a large multinational, resulting in yearly savings of $x" (no need to mention the up front cost or how long it took to pay back) and you can get a job for twice what you were making because experience.
I think we need ISO to define an industry-standard worldwide backdoor specification and how multiple backdoors from differing countries and national security agencies should work together.
Tech firms would then know what backdoors were necessary and not try to go it alone with the usual sad results.
There could even be a global ad campaign - "Backdoor inside..." with a little jingle.
You could have an international ad campaign (kind of like "Intel Inside") with famous human rights activists, businessmen and porn stars saying "My backdoor is open".
Western sigint agencies have seriously degraded the West's ability to fight this without others invoking the hypocrisy card. Hell, David Cameron would still probably openly campaign for backdoored encryption if he thought it would get anywhere.
The term backdoor is considered "sinister", the correct term is "government mandated public security feature". This is a bit like a car seat belt or an air bag, except that it restrains your private life instead of your physical body.
Must give the Chinese double extra propaganda points, though. Can't wait to see how long it will be before the "unbackdoored" phones start catching on. I think its time to put one on the Christmas list.
I think you're onto something.... one key, one backdoor. Saves time, energy, and aggravation all the way around for all countries and malware authors. Erm.. that last is a bit of problem, isn't it? At least in the "free world" we know that everyone has access to us, might as well bring the Chinese on board too.
Oh - but we have that already: http://www.etsi.org/technologies-clusters/technologies/security/lawful-interception -> standards. The "Lawful Interception Interface"
I programmed some of it, unfortunately, I was too young and too stupid to put a private back-door in there. That would have been worth something today.
It's more an admission that their spies aren't capable of doing what the US and British are doing. Good spies don't need no stinking backdoors - at least not if they're proper hardworking British spies from Britain rather than lazy benefit scrounging spies coming over here to steal our secrets and use the NHS for free!
...coming from the head of the nation with on of the largest spy operations and military budgets one the planet.
Tell you what Obama, you show China how it's done by having the NSA remove all their backdoors from HDDs, BIOSes etc as well as revealing all the zero-days they are exploiting and to stop (along with GCHQ) hacking into private organisations. Hell, just disband the NSA.
Until you do that, you are hypocrite and not worthy of any respect,
"Until you do that, you are hypocrite and not worthy of any respect,"
I'm not privy to how much Obama and the NSA gives a shit about your respect but I suspect its not particularly high Their job is to protect US interests and they'll do that regardless of what a bunch of naive whining millenials think about it.
> Their job is to protect US interests...
That used to mean protecting the US from foreign powers.
As we know now, that (more often than not) is about working *for* American corporate and political interests and working against the American preople, particularly if they have the termerity to bring the US administration to book about what appalling things they're getting up to in secret in their name.
The theory is one thing, the practice is something else entirely.
Actually (see title), protecting US interests means protecting US corporate interests.
When stinky Chinese backdoor laws make people stop buying phones and hardware Made in China, the corps will simply move their manufacturing to countries where state repression is not the top priority.
$DEITY forbid, the corps might even move their manufacturing back to the West. So many people are now working multiple low-paying jobs just to stay alive, that grinding aluminum cases for 80 hours a week @ minimum wage will soon look pretty attractive. Where do I sign up?
"The Snowden revelations have effectively prevented the US from taking the moral high ground on internet security and technology policy issues."
Not exactly. Misdeeds by the NSA and CIA have prevented the US from claiming the moral high ground on these issues. The moral failure lies with US government agencies, not with Snowden's revelations.
"That the US uses it to fight terrorist etc."
The irony is that the USA uses it to fight the terrorists they also sponsor.
"The Chinese will use it to steal our tech"
Like the USA hasn't done this, or spied to disrupt trade negotiations, or interfered with democratically elected leaders.
"put us in the poor house"
Free market, baby. Suck it up. If the poor house is where you belong, the invisible hand will see you end up there.
"as long as the US gets a poke in he eye"
I'd rather they didn't. But pointing our blatant hypocrisy isn't a "poke in the eye", is it?
"you f*cking dimwits"
Oh, the irony. Again.
"Free market, baby. Suck it up. If the poor house is where you belong, the invisible hand will see you end up there."
One entity engaging in wholesale theft and market manipulation (hello China!) is not the free hand. It's the bound hand, as in bound to slap you in the face. The sooner the Western governments wake up and disengage from China the better for everyone.
"That the US uses it to fight terrorist etc."
And you really believe that?
I have yet to see a single example with a chain of evidence which undoubtedly proves that a terrorist plot could not have been avoided without mass snooping/surveillance.
And I mean a real terrorist plot, not one of those fabricated by the intelligence community to justify yet more powers.
"I have yet to see a single example with a chain of evidence which undoubtedly proves that a terrorist plot could not have been avoided without mass snooping/surveillance."
Most terrorist plots can be thwarted by simply not having terrorists. This can be done by not being a massive dick to other nations and/or by not supporting brutal dictatorships.
Thing is, that means considering a future beyond the next fiscal quarter/election and no leader/CEO has time/interest in the long term like that. Get the money/vote and do a runner. Tax free. KERR-CHING!
"But that leaves the "haters gonna hate" plots..."
Well, those "hatters gonna hate" dudes (and dudettes)(let's call them "sickos" for brevity) have to obtain funding, training, shelter... . They don't have some oppressed people backing their effort. Of course you could picture a terrorist group formed and supported exclusively by sickos. Said terrorist group would have some internal power struggle every six months of so, and would murder far more of its sicko members than innocent citizens. :-)
On the same vein, it could be argued that having all the sickos in a terrorist group makes it easier to deal with them. The current situation, with sickos spread everywhere, with extra thickness in politics and big money areas, makes the issue intractable. ;-)
"Well, those "hatters gonna hate" dudes (and dudettes)(let's call them "sickos" for brevity) have to obtain funding, training, shelter... . "
Well, the Islamic State doesn't seem to be having any difficulty getting men, material, or money. And all for a "Caliphate or Catastrophe" mission, it seems.
"Most terrorist plots can be thwarted by simply not having terrorists. "
Wow, man, so profound! Let me worship at the foot of your mighty intellect!
"This can be done by not being a massive dick to other nations and/or by not supporting brutal dictatorships."
Yes, because overthrowing dictators is all thats needed to bring about peace and harmony and goodwill to all men. Look at Syria, Libya, Egypt.... oh, wait....
I'm afraid the world isn't as simple as your Dummies Guide To Liberal Politics makes out.
> Yes, because overthrowing dictators is all thats needed to bring about peace and harmony and goodwill to all men. Look at Syria, Libya, Egypt.... oh, wait....
You do realise that the US government supported (at least in part) and instigated the creation of most of those regimes don't you?
Gadafi, Hussain, all puppets of the US government at one time or another.
The US administration is the worst kind of backstabbing hypocrite.
"You do realise that the US government supported (at least in part) and instigated the creation of most of those regimes don't you?"
Most large powers have either created or supported various regimes. The british empire, the USSR, china, they've all done it. The US is not unique in this respect.
You see the choice you have is
A) Upholding or supporting a goverment that can create some sort of order even if the guy who does it is a bastard.
B) Just leave alone and watch the chaos ensue. Which is whats happening right now across the middle east.
I'm not supporting US policy, god knows they've made a fuckup of Iraq and their continued support for the Saudis despite everything they've done makes me sick - but lets not pretend that politics in these sorts of areas is a simple black and white affair. Jackass Straw found that out the hard way and his "ethical" foreign policy disappeared almost as quick as you can write PDQ.
Yes, because overthrowing dictators is all thats needed to bring about peace and harmony and goodwill to all men. Look at Syria, Libya, Egypt.... oh, wait....
Exactly Jim-Bob: Sometimes leaving the monkeys inside the cage is much better than setting them free!
Besides - the CIA went out to help Big Oil, which cleared the way for Ayatollah Khomeni and his merry band of nut-boys. Now, one *could* have told Big Business that there is a *risk* involved in in business, especially in strange lands, and that this risk, regrettable though it is, is never the taxpayers problem - especially since corporations got super-lenient tax breaks and all.
But, no, apparently this just isn't done! Consequences be damned!! Now along the same vein of stupidity and greed, we got TTIP coming up ... supposedly we are all to become terrorists, since it seems very clear that there will be no democratic way left open to oppose this!?
The US has been caught doing targeted attacks to my company.
They hace used:
-Porn Sites (yes, really)
-MegaMovies
-MegaUpload
-Several "cloud drives" based in US soil
-Stealing/cloning laptops at US border. To such extent that we are forbidden from having confidential information if we travel to an insecure country. That includes the US, China, etc. They are encripted, but that would not stop them.
An we ARE a us army & navy supplier...
Anon of course.
The Gemalto hack is the product of poor use of cryptography that requires the private key exist somewhere other than on the SIM. The NSA/GCHQ took advantage of it, but they are one of many actors who are capable of doing so. Perhaps the result will be that GSM is redesigned so that it's no longer vulnerable to such an attack. If that happens the result will be GSM being banned in China. I.e. China aren't just taking advantage of other's incompetence, they are mandating incompetence. I think on that basis, the US does have the higher moral ground, if not exactly high moral ground. Of course our PM says he want so to take the same position as China, so perhaps we really should have an ISO standard back door.
The Gemalto hack is the product of poor use of cryptography that requires the private key exist somewhere other than on the SIM.
Remember that back when GSM was designed (1980's), mandaring public-key cryptography might not have been feasible. The first GSM phones had very little processing power. We are lucky to have any cryptography at all in the spec, some countries still force it turned off or weakaned in their networks.
What China are actually after are better backdoors, y'know, the UPVC ones with the integral bolts and not the old fashioned wooden ones that require continuous maintainance and warp in very hot weather. Don't know where you're all getting this 'crypto' thing from?
"Obama told Reuters: "Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I don’t think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a government.""
Was he saying this with a straight face or was he cackling like a madman? In any case US/European firms "get away with it" because they are served a gagging order so the public wouldn't know about it to complain.
"officials in Washington and Western business lobbies argue the law, combined with the new banking rules and a slew of anti-trust investigations, amount to unfair regulatory pressure targeting foreign companies."
At least it's only regulatory pressure for those companies actually doing business INSIDE China. Unlike the US which, contrary to international law, is bullying and threatening countries/companies that do business with Iran and other countries that they don't like.
...I can see one subtle difference between the two.
The NSA (there are other equally as nefarious agencies in the US, but I'll group them under the NSA umbrella for brevity's sake) wants backdoors into everything so they can spy on you and everything you do, irrespective of that annoying concept of due process. But, at the end of the day their hearts are in the right place, it's just they're being totally and utterly evil about it in every conceivable fashion. Any advantage they want is simply to disable the enemy in any way possible. Of course their methods are wrong and despicable, but since when did that ever stop a good spy agency doing whatever their dark hearts desired. (And if some of that tech should just "accidentally" fall into commercial hands then oops!)
China wants to backdoors not only to spy, but also to gain competitive business advantage to their state sponsored businesses and other businesses that will provide a competitive advantage over everyone else in roughly equal amounts. Much of the information gleamed will almost certainly make it's way to China's "Independent Commercial Business" (which honestly have no connection to the ruling Communist Party whatsoever...) as a simple matter of process. For them there'll be no accidents, it'll be methodical and deliberate.
Hence the subtle difference to me.
So the way I see it is that the NSA are only 99% evil, China's hitting the five 9's.
And GCHQ and our English Secret Service Pals? Well - we all know us British play the best evil characters in movies for a good reason...
OK, now please, downvote away!
Any advantage they want is simply to disable the enemy in any way possible.
There's the problem with the 5-Eyes so far.. they haven't identified "the enemy". So they assume it's you, myself, and any and everyone. As Pogo once said: "We have met the enemy and he is us."
"But, at the end of the day their hearts are in the right place, ..."
Are you sure of that? Totally totally sure? Are these TLAs and their staffs incorruptible? How many of them have already found ways to 'monetize' their positions, either by selling data to criminals or foreign states or private companies? How many will find said methods -and use them- in the future, given that corruption seems to grow exponentially over time in any big institution?
If we allow this to go on, who do you think will rule your country in say, thirty years? Yep, the ones that can blackmail or bully everybody, the ones that can have laws and rulings tailored to their liking, the ones that want to know where you are, and who is with you, and what you think at any given moment, day or night. Yes, those ones!.
If Americans don't fix the issue ASAP, I prophesy that the NSA and pals will have turned the USA into a full blown dictatorship by then. The current bunch, compared to them, would be like comparing Confucius with Hitler.
If you have read any Confucius, you would realise what a thoroughly unpleasant fellow he was: a nasty little civil servant to believed that civil servants should have arbitrary powers to push around the citizens - sorry subjects - of the realm. Confucius would heartily approve of the NSA &c. co. invading everyone's privacy.
I stand corrected. Needless to say I haven't read anything from the guy, except several aphorisms. It could be one of those cases when the theatrical trailer is far better than the film !. ;-)
And perhaps we should consider Confucius in his own historical context. Compared to the alternatives (bloodthirsty feudal warlords enslaving the rest of the population without any laws to restrain them) Confucius was a big improvement, imo.
There were other competing Philosophical schools - they just got it in the neck because the rulers loved Confucius' view that everyone should grovel to the rulers.
This "philosophy" basically prevented scientific and technological development in China for millenia. I mean when the 16th century Christian missionaries turned up at the Forbidden Palace, Euclidean geometry was news, despite China's neighbours, including the Mongols, being well acquainted with it for about a 1000 years (along with much of Aristotle, Galen, al-Basri and other scientific texts).
>China wants to backdoors not only to spy, but also to gain competitive
>business advantage to their state sponsored businesses and other
>businesses that will provide a competitive advantage over everyone else
>in roughly equal amounts.
This is a very very naive view of the world. Don Coppersmith, who was on the design team for DES, wrote a paper in 1994 about the design of DES. The team had discovered Differential Cryptanalysis, but the NSA prevented them from publishing the attack because it would reduce the economic advantage of the USA.
Much intelligence gathering by these agencies has commercial competitive value, and this value is passed onto US companies in the name of national interest. After all, US companies being competitive internationally bolsters the US economy and US political and military strength. It also provides an irresistable pool for money for failing US leaders to raid.
"their hearts are in the right place"
Their hearts may be in the right place...now. The issue isn't just now. Data is being collected and stored into perpetuity. And given the way they act above not just the law, but the constitution of the US, what will that mean for US citizens who do something innocuous now, but which may become illegal in the future, and find themselves retroactively prosecuted? On the basis of unconstitutionally collected evidence?
"And given the way they act above not just the law, but the constitution of the US, what will that mean for US citizens who do something innocuous now, but which may become illegal in the future, and find themselves retroactively prosecuted? On the basis of unconstitutionally collected evidence?"
Except that if the crime is committed prior to it being made illegal, they can't prosecute without it being made pretty obvious it is ex post facto and against Article I, Section 9. And the US still has tons of snoops who would have a field day with that revelation.
But, at the end of the day their hearts are in the right place,
But, we won't know that until the end of the day actually arrives, and when it does, we might be fucked!
The Weimar Republic surely had their hearts in the right place when they made it possible for the Jews to administer their own communities with a minimum of interference from the state - this self-determination included Tax Collection; which required records of where the "church-tax" was being paid to.
Hitlers SS and the Gestapo quickly realised a different use for that database!
The lesson is that your data is going to come back as an un-killable zombie and bite you on the ass, eventually. The less data there is, the smaller the wound will be.
Do we remember that time when we needed to giggle the mouse in a random pattern to generate entropy to then be used on encryption? I would laugh my scrotum off is that was the fall back to this globally. USA, UK and China get stuffed because we make our own encryption keys from entropy, for EVERYTHING, from the SSH key for a network switch etc ... right down to the IOT fridge !!!
Of course it was never random (at best due to RSI), and that does not account for a backdoor.
PS for everything made in China there is a more subtle answer, they make the hardware, the firmware and software get flashed somewhere else. After living in China, the USA and the UK if I HAD to have my data exposed I would rather it be here. Frankly the skills shortage and poor education over here make decrypting data pointless, safety through ignorance !!! Well at least until they offshore it.
Does nobody remember CALEA??? I can't believe it hasn't gotten a single mention!!!
http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
"CALEA's purpose is to enhance the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to wiretap any telephone traffic; it has since been extended to cover broadband internet and VoIP traffic... USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic."
What the hell is the difference between CALEA and what China is proposing? You don't need to bring up any NSA boogeymen to spot the glaring hypocricy, that's totally besides the point. "At least China is being open about it"?!? It's been the law in the USA for more than 2 decades!!!
I recently had to purge one of these state-sponsored backdoors from a new Chinese Android phone. The malware was sending the IMSI out across the net in plaintext and was designed for modularity so that it would be possible to install all sorts of interception capabilities. Code was sloppy and obviously written by an electronics engineer rather than a software developer.
It seems self-evident that China doesn't even understand the concept of privacy the way that the Western world sees it.