back to article Uncle Sam's treatment of Huawei is world-class hypocrisy – consumers will pay the price

Let no one say that America's political elites are losing their talent for hypocrisy. Washington DC has welcomed the New Year with a display of selective Sinophobia – and it likely spoiled Huawei's CES. The vendor was expected to announce its first major American wireless carrier win this week, with US network AT&T …

Silver badge

Facesaving indeed

Huawei would give full access to its source code to GCHQ experts in a clean-room environment. It was examined, and pronounced clean.

Completely pointless, since there is no assurance that this code is what actually goes into production devices. (It almost certainly isn't, if only because of bugfixes added after the inspection).

16
32
Silver badge
Joke

Re: Facesaving indeed

They probably quickly ran a sed oneliner over stock android source and served that with hot coffee ... I am almost sure they could have gotten away with handing over source of raspian instead as well ...

3
19
Bronze badge

Re: Facesaving indeed

I would trust that the code is supposed to be clean for devices intended for the US/other markets. However switch/router products for the Chinese market must support Lawful Intercept Gateways (LIG ports) which allow the state to eavesdrop and capture traffic on various criteria (phone no. IMEI etc.). Similarly consumer devices for the Chinese market must support the obligations for telcos, social media co etc. of the 2016 Cybersecurity Law that came in June 1st last year.

Where this can go horribly wrong for them is i) US division marketing a new product says "I need this freakin hot product now I have customers!" which ends up with Chinese spec'd product being diverted to US etc. ii) Products are way cheaper on Huaqiangbei street in Shenzhen, a 3rd party buys up a load, stuffs them in a container to the US and resells them, again Chinese spec product ends up somewhere where it is not intended iii) OK I can imagine some product could be deliberately leaked - maybe to Cisco staff lol.

7
3
Silver badge

Re: Facesaving indeed

"Huawei would give full access to its source code to GCHQ experts in a clean-room environment. It was examined, and pronounced clean. Completely pointless, since there is no assurance that this code is what actually goes into production devices."

Duh! Of course, none of the folks at GCHQ will have thought of that. It employs only some of the best mathematicians and software experts in the country, after all—every one of them too thick to even consider the possibility that actual production devices will need to be randomly sampled for checks to ensure that the digital fingerprints for the "clean code" can still be verified.

Thank heaven for the geniuse—, commentards at El Reg, to put those poor duffers straight!

67
1
Silver badge

Re: Facesaving indeed

Duh! Of course, none of the folks at GCHQ will have thought of that. It employs only some of the best mathematicians and software experts in the country, after all—every one of them too thick to even consider the possibility that actual production devices will need to be randomly sampled for checks to ensure that the digital fingerprints for the "clean code" can still be verified.

Thank heaven for the geniuse—, commentards at El Reg, to put those poor duffers straight!

I agree the CESG folks aren't dumb and would have spotted that a mile away.

6
0
Silver badge

Re: Facesaving indeed

Thank heaven for the geniuse—, commentards at El Reg, to put those poor duffers straight!

If I remember the reg story at the time. GCHQ outsourced the actual testing of Huawei devices to BT who passed it on to its "technology partner" Huawei

14
5
Devil

Re: Facesaving indeed

*ahem* We're not forgetting Ken Thompson's famous Turing Award lecture here, are we?

7
0
Silver badge
Holmes

Re: Facesaving indeed

And secondly, defining what is a "Chinese" chip and what is an "American" chip is increasingly difficult.

No, it's not. The owner of the chip is the one responsible for designing the chip's IP and test vectors. Designing a simple digital chip takes months. Designing or even modifying a processor core takes years, developing and running the test vectors alone can take almost a year.

If you designed the chip, then your test vectors will run and pass on those that survive the yield. If they all fail, it's not your chip.

0
6
Gold badge

Re: Ken Thompson's lecture

Well, anything based on Android is almost certainly built using Google's toolchain, which only runs on x64. And we know how secure *that* is these days. :(

0
5

Re: Facesaving indeed

Most Western governments have the same requirements for Lawful Interception Gateways. We are spied on by our governments in the West as well.

9
0
Silver badge

Re: Facesaving indeed

Intercept capability is how you collection traffic stats and diagnose network issues. It could also be useful for snooping.

I rather suspect that the real reason why Huawei is effectively banned in the US is anti-competitive pressure by US vendors (or should be say "US political donors"?). We in the US like the Chinese to make stuff for us at bargain basement prices but we get really upset when they start competing as equals. This isn't new; adding the Cold War twist to it is just a way of selling this crap to the (unfortunately rather gullible) US public.

Incidentally, I've worked with Chinese people, both immigrants to the US and people based in the PRC. I tend to think of PRC based companies as potentially formidable competitors -- if they're not up to speed right now they're getting there very quickly. Our (US) government can only think of them in terms of war -- they're not competitors, they're threats -- which will either lead to large scale conflict or will drag us down in the league table of skills as we waste increasing amounts of effort on overpriced and ineffective weapons programs. (Meanwhile the rest of the world is learning to get along fine without us.)

0
0
Silver badge

Also

What about all the personal information (some may be government and business info) that Google & Microsoft are stealing from individuals?

Windows Telemetry, Cortana, Edge, OK Google, Android, Chrome and Chrome OS.

What about when these people are working for business, law enforcement, under age students, government?

I've no idea what Apple are up to too.

Amazon are suspect too. The Echo, Fire Tablet and Kindle (Apps worse than actual eReaders which are easier to "airgap".

Really I worry more about American Corporations spying on me than the Chinese Government, as I'm not in China, nor Chinese, nor have and commercial/government secrets they want. The Corporations want to know everything about everyone. It's like some sort of dystopian Harry Harrison story, even more than Orwell (as 1984 was REALLY about 1948 politics)

46
2

Re: Also

And also. I worry more about UK (through the US too) government spying on me then kicking my door in for a thought crime e.g. porn age verification, looking into restricting encryption on the road to building our Orwellian society.

The Chinese government can't kick my door in!

To be honest the Kaspersky, are probably suffering from the same protectionism in the US.

32
2
Silver badge

Spies, damn spies and corporations?

Google record every last shred of data they can, but that's ok because they are American (Uncle Sam can "lean on" them to get what they want)

For those that don't like Google phones, Apple record every last shred of data they can, but that's ok because they are American (Uncle Sam can "lean on" them to get what they want)

For those that don't like Google phones or Apple phones, Microsoft used to record every last shred of data they can, but gave up because..... well because, but that's ok because they are American (Uncle Sam can "lean on" them to get what they want)

Huawei*** are Chinese. Chinese are bad. They do things. Weird, communist things. Weird, communist things that we don't really know much about but they must be bad, otherwise they wouldn't be communist, right?

We must fear them.

We must fear them!

We MUST fear them!!!

COMMUNISTS!!!! Aaaarrrrggghhhh!

*** They do however use Gooles phone operating system, and Google record every last shred of data they can, but that's ok because they are American (Uncle Sam can "lean on" them to get what they want)

38
4
Coat

Re: Gooles phone operating system

Is that somehow related to Hull's phone network?

10
0

Re: Gooles phone operating system

When I lived in Hull the Hull Daily Mail* launched a tabloid called "Now Then".

I'm guessing they might have renamed it given more recent events.

* Actually more like the Times in reporting style than the Daily Mail, and more like the Independent in political affiliation, if I remember right.

1
0
Gold badge

Re: Spies, damn spies and corporations?

"COMMUNISTS!!!! Aaaarrrrggghhhh!"

Where? China hasn't been communist for a couple of decades now. It's a monarchy, although not yet one you could describe as "heriditary", unlike its north-eastern neighbour.

Of course, all "communist" countries tend to follow this model, but I do think it would be helpful if those of us who don't live in them (and therefore are free to speak) stop using the C-word and start calling them what they really are.

10
1
Silver badge

Re: Spies, damn spies and corporations?

Certainly more like pre 1912 Empire China than Communist or 1912-1948 China.

Also ZTE is government and Huawei is commercial. Huawei often complain that they are not even considered for Chinese Government contracts.

Unlike the west, Mediaeval Chinese wasn't actually feudal and peasants could rise even to Emperor. Without proving themselves competent, the Aristocracies children would fall a rank. So not Monarchy in Western sense. The Emperor was divine, but unlike English "Divine Right", if a new guy killed the Emperor, he was obviously now the divine one. So less need to re-write history like the Tudors did.

5
0
Holmes

kettle calling the pot black

It does sound like protectionism, but who can blame them if the Chinese insist on joint ventures for Western companies. Apple and Amazon have to subcontract the running of their data centres to Chinese companies. Huawei is I suppose an innocent victim. If ZTE is state owned, then fair enough.

Back in 2012 I bought a Huawei Ascend G300 which was total crap, factory resetting itself all the time, I'm hoping they've improved as I'm in the market for a new phone, and their stuff looks quite good with 2 SIM slots.

2
5
Happy

Re: kettle calling the pot black

Between my wife and myself, we have had 3 Honor branded handset, and a couple of Huawei - the Honor devices have been fantastic value for money, and my current Huawei (p10 lite) is a budget device, better than the Honor 7 it replaced in many ways. My only issue with it, is the camera is not as good as the Honor 7 it replaced.

3
1
Silver badge

Re: kettle calling the pot black

As an owner of a Huawei manufactured Nexus 6P that boot looped shortly after the 1 year warranty expired, I suggest that they haven't improved by much. I wouldn't buy from them again.

0
5

Re: kettle calling the pot black

I think you might look at the Huawei Honor versions, I just got an Honor 5 and love it.

0
0
Anonymous Coward

The American consumer will pay in a poorer market without Huawei

I am fairly certain that I will sleep like a baby tonight.

China's state-sanctioned espionage (industrial and otherwise) is well-known, as are those occasions when Chinese manufacturers shipped mobile phones laden with spyware.

On numerous occasions, El Reg has correctly taken the U.S. to task for its lax privacy protection laws. In light of the goverment's failure to protect its citizens in this area, wouldn't keeping possible privacy-abusing products out of the U.S. be a good thing?

6
27
Silver badge

Re: The American consumer will pay in a poorer market without Huawei

"In light of the goverment's failure to protect its citizens in this area, wouldn't keeping possible privacy-abusing products out of the U.S. be a good thing."

So are you calling for Microsoft, Apple and Google products to be banned too?

25
1

Re: The American consumer will pay in a poorer market without Huawei

"So are you calling for Microsoft, Apple and Google products to be banned too?"

No, just the spyware from communists who seem to have a national policy of steeling technology from other countries.

BTW, you can tell which tabloid forums are frequented by the Chinese "50 center" troll army. It's the ones with all the down votes on any anti China comments. Looks like the Reg is popular across the Great Wall.

2
2

Re: The American consumer will pay in a poorer market without Huawei

It's more likely that America, having elected the buffoon and quickly established itself as a selfish bunch of protectionists, is not as popular as it once was...

2
1

Surprisingly good kit

Ignoring the consumer stuff, as I have no experience of it.

We sell the infrastructure kit here - switches, servers, storage. I'm reasonably certain the kit is 'clean' - Huawei will go out of their way to prove this, happily putting anything into a lab environment, including customer supplied kit (i.e. stuff that's been bought through the channel without Huawei knowing it would end up under the microscope). It's been a criticism of Chinese stuff for so long, they've stopped wincing when it comes up, and now just sigh and engage the process to prove otherwise.

Let's cut through the sales crap though - given the amount of Huawei kit already used in the UK, specifically where it underpins the carrier networks, the horse has long since left the stable. And, given the amount of traffic betwixt MURICAFUCKYEAH and this blighted isle, it has kinda left that one too.

26
1
Anonymous Coward

I'm sure the WTO will be next on the axe.

Let's all celebrate. Trump is a genius. :)

8
2

Re: Trump is a genius

A stable genius. Needs mucking out though.

22
0
Thumb Up

Re "A stable genius."

As in the fact that El Orange produces a lot of horse-shit?

3
0
Anonymous Coward

Problem elsewhere.

The issue originally was with surveillance features which Shrub made a requirement for all telcos and thus indirectly for all vendors. At the time nobody expected Huawei to have them which is rather daft as metadata in some cases wholesale data collection is something which Putin and the Chinese have had instituted since the late 90-es. China is its native market, it has been selling in Russia for years and compliant at that point.

So when Huawei (which was trying to break into the USA market at the time) managed to comply with relevant closed/confidential RFI sections people in the intelligence community freaked out.

This is the issue with any backdoor (and it will be the same issue with backdoors in encryption). It cannot be "just my backdoor". If the equipment is designed to do wholesale snooping instead of legal intercept that snooping can be controlled by people different from the requester.

And the rest as they say is history. That freaking out continues till today slowly expanding to other equipment. Initially it was core routers, then SME, then other stuff. The list grows as the ferals find out that their kit is compliant to RFI sections which supposedly do not exist and put in there to ensure that only "our guys win" and find that they already have features there which were put due to other customer demands or regulatory requirements.

6
0
Silver badge

Back doors

"Firstly, after last week, we know just how secure American chips are. If the security of US infrastructure is of concern to lawmakers, they should start closer to home"

America should be equally concerned about its home grown product but there is a considerable difference between an unintended design consequence and deliberately putting secret back doors in a product for the purposes of spying or espionage.

(I am not accusing anyone of having done such a thing!)

2
5
Anonymous Coward

Re: Back doors

Like home grown Windows 10 and the way it spys on users, or home grown Android, or home grown IOS...?

14
1

Looks like all the Russian and Chinese propaganda is working. Alot of white people seem happy to give their personal information & IP to the CPC.

Diversionary tactics, straw men, and false equivalencies everywhere.

"Look over there! Google can see your data! So why not let the Chinese steal your IP, right?!"

1
22
Bronze badge

Reading this on a huawei phone

Recommend the handset to all my mates with flagship fatigue.

Fact is huawei are run as a coop, that makes them, like, voluntary commies! The worst sort. Its unfair.

If they just had a board of fat cats to layoff half the staff every couple of years and then try to recover it would be a level playing field.

18
0

Its not an issue until you out a sniffer on an Huawei router and see it ping a Chinese IP every now and then even though your not doing anything and not accessing and IP's even close to there. I've seen this. By Chinese law, they have to do this. As a trade journal you might want to look into their laws and really understand what it means.

As far as not trusting google (which I don't). Its a point of picking the lesser of two evils. If I remember right Google got kicked out of china market because they showed what and how the Chinese government was accessing their servers and others. They are one of the few companies that put up and did what was right. Name another company that did this?

Or maybe go figure out why a lot of the Chinese drones are no longer allowed to be used by US military and other militarys.

4
5

Remember how the US Government (via the NSA) was accessing Google's servers via an exploit?

Blame is on all sides; the finger pointing can legitimately go in all directions. The point of this article is to make clear the hypocrisy of the finger pointing and deal-breaking.

6
1
Anonymous Coward

ZTE failed on software maintenance

Had two ZTE phones in the past and they never released a fimrware update for either of them.

One was Android, the other was FirefoxOS (which could be reflashed with ZTE's Android).

Shame, as the hardware was OK for the money.

1
0

FŬCK HUAWEI & CHINA!

Huawei's success was built off the theft of Nortel's IP, and who knows how many other companies. China can piss off.

1
15
Silver badge
Thumb Down

Re: FŬCK HUAWEI & CHINA!

Obviously you can't accept that US companies also plundered Nortel IP - much of which was financed by grants financed by the Canadian taxpayer, through the Canadian government.

And much of the Western IP China has / uses is supplied by greedy Western companies wanting to make maximum bucks from Chinese sweat labour.

The Chinese has great home-grown engineers, they don't really need the US except as a market.

13
0
Silver badge

Re: FŬCK HUAWEI & CHINA!

The Chinese has great home-grown engineers, they don't really need the US except as a market.

That is as much of the problem as the espionage side of things. China imports about $1 of US stuff for every $4.50 that it sells to them. Now I don't have any time for Trump, but China have been causing problems by a trade policy that results in huge imbalances. China want a very one sided form of free trade, so anything that reduces that is probably a good thing.

1
3
Silver badge

These Collies need to know their place!

We're fine with the Chinese doing the grunt work, making stuff cheaply for us so we can goose our markups. But they're really getting above themselves -- chips, smartphones, even airliners, who do they think they are?

Seriously, though, I've been living with the "Well, they're good at copying but they can't develop anything new" mantra for years. Its complete BS, of course -- go to any American tech company and count heads -- Chinese heads -- and you'll see a good many of them at all levels. So its not surprising that they're doing the same work in China; they've got the resources, the capital and the infrastructure (and it doesn't hurt that they're turning out north of 30,000 engineers a year from their universities).

This Sinophobia has to stop. Yes, they're formidable competitors and they're going to get even more difficult to deal with in the future. The answer isn't to Cold War like some dreadful remake of Dr. No, we've just got to step our game up. We -- in the US -- also need to reclaim some of our manufacturing capability; we let it all dwindle over the last 15 years or so, laying of experienced people because we could get stuff cheaply from China. Now we can't get experienced staff for love or money -- they don't exist (maybe we should start recruiting in China?).

17
0
Silver badge
FAIL

The US Government Is Racist and Untrustworthy

The US Government does't like level playing fields and it doesn't even honour international agreements and treaties. Canadians know, they have been screwed over royally by the US when it comes to softwood lumber (think 2x4 construction wood) and wooden roofing tiles (that can last 50-70 years).

Canada appealed unilateral US decisions and won. The US simply ignored the WTO rulings.

Take Iran - everyone signed an international agreement - the an orange haired orangutan becomes president and he repudiates these agreements.

The US can't survive without Chinese money and China can't prosper without the US market.

Of the two options - my data being stolen by the GCHQ and NSA OR China, I would go for China every time.

Here in VietNam we can buy Chinese electronic products at a FRACTION of what you pay in the West. And remember, American companies are already ripping off UK consumers by simply converting US prices by substituting the $ symbol with the £ symbol (check Apple prices).

The US is a fading world power and, like stars at the end of their lives, is making a lot of noise before it sinks in to oblivion.

20
3
Anonymous Coward

This is protectionist - not racist. Trump's actions are orchestrated to give internationalists the opportunity to blame everything on their favourite hate target (nationalists & racists). Cui bono? The wealthy - and probably Samsung.

China competing on a level playingfield? Pull the other one! The future of the US is decided by the 1% - they want Americans to be debt-ridden consumers to support the ROW.

1
1

Re: The US Government Is Racist and Untrustworthy

The US simply ignored the WTO rulings.

Not wishing to hijack this thread.... but...... can we put that up in 50ft flashing neon lights for those who think that the UK reverting to trading with everyone under WTO rules is a Good Idea ? Rules are useless if enforcement fails..

0
0
Anonymous Coward

Dogmatic Dominance

A Yank: Picked up Mate 9 after Note 7 blew. Great phone, best battery, nice Pic's, no bloatware. It’s made in China like everything else, except not by i-slaves.

The problem is with US hegemony. Won the cold war, have to find enemies everywhere, Russia, China, Brits, everyone who competes will find themselves on the list someday.

9
0
Silver badge

Re: Dogmatic Dominance

It’s made in China like everything else, except not by i-slaves.

Are H-slaves different?

0
1
Anonymous Coward

Politicised journalism over political theatre

Is the ARM an "American" chip? I thought it was British and now Japanese, with designers originating from many countries. Weren't the Intel cores susceptible to Meltdown first designed in Israel? Are you insinuating that Chinese CPU cores would be immune to design defects? The Kirin uses an ARM core.

If you want defect-free chips you need to change the design process to use a mathematically-verifiable method, not the country where they're designed or fabricated.

11
0

Re: Politicised journalism over political theatre

"If you want defect-free chips you need to change the design process to use a mathematically-verifiable method, not the country where they're designed or fabricated."

Using a mathematically-verifiable method is not going to help you protect against a type of side-channel attack that no one has ever thought of at the time of doing the design. The Meltdown and Spectre security flaws are exactly that: Multiple companies (Intel, AMD, IBM, Arm, and probably others) have been designing processors with speculative execution for years, some of them for a decade, and no one ever thought of these side channel attack.

One of the side channel attacks works by training the branch predictor in User code, so that speculative execution in kernel space will do a specific branch prediction so that it speculatively executes code that will use a secret in the calculation of a branch address or of a load address, so that the cache line that is loaded is dependent on the secret; and then user code can work out the secret by using timing analysis to work out whether the targeted cache line was loaded or not. It is seriously non-obvious, which is why no one found it for a decade.

Other side channel attacks have the same property - e.g. think of differential power analysis attacks. Before these type of attacks were thought of and demonstrated, you could design a perfectly secure chip with all of the mathematical proof of correctness that you want. Then someone comes along with a completely new tool for looking inside your design. Mathematics and formal verification won't help you, because you didn't know that that new tool was going to be invented.

Introducing mathematical techniques will not help if you don't know what you are protecting yourself from.

1
0

Re: Politicised journalism over political theatre

Arm started out as British (Original CPU designed in Cambridge by Acorn staff).

Arm added a CPU design centre in Austin, TX in the 1990s; a design centre in Silicon Valley that came from the acquisition of Artisan Components in ~2004, and has had a CPU design centre in Sophia Antipolis for many years. There is a GPU design centre in Norway, other design offices in Sweden, Israel, Grenoble in France, and more recently in Taiwan and China. There are probably others that I have forgotten. So in terms of design centres, Arm has been multi-national for more than 20 years. The Cambridge UK campus is growing significantly with the continuous construction of new buildings for the rapidly growing Cambridge workforce.

In terms of ownership, Arm listed on the stock market in 1998. Since then anyone in any country could buy its shares. Softbank bought all of the shares in Arm in 2017.

It seems to me clear that Arm has long been an international company, The main remaining claim to Britishness could be that its corporate headquarters is in Cambridge, UK; even though its British CEO Simon Segars very sensibly lives in Silicon Valley (nowhere else on earth is comparable in terms of proximity to other industry players). Mike Muller who is CTO and has been a director of Arm for 20+ years is also British and lives in Cambridge, UK. So perhaps some British culture remains, but by all other sensible measures it is an international company and has been for a long time.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018