back to article What do China, FBI and UK have in common? All three want backdoors in Western technology

The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are …

  1. Anonymous Coward
    Anonymous Coward

    Well, this resolves another question once and for all

    If these are the reqs, then Chinese vendors are compliant. Already. This is the way this is usually done in order to ensure that they have the competitive advantage.

    So what was that about no PLA backdoors in vendor X, Y and Z equipment? Can I hear that one _AGAIN_ please?

    1. Gordon 10 Silver badge
      FAIL

      Re: Well, this resolves another question once and for all

      Did you miss the part where they were new reqs?

      Oh you mean we should take a random statement from an AC on some alleged competitive advantage that a Chinese company may or may not have taken advantage of?

      Logic fail Mr AC.

    2. Version 1.0 Silver badge

      Re: Well, this resolves another question once and for all

      Exactly - all Chinese made gear is now insecure by design. If you are using a Chinese made computer (Lenovo, HP, Apple etc) then it has a backdoor built into it - maybe in the operating system or more likely in the hardware.

  2. Crazy Operations Guy Silver badge

    I'm all for audits

    I think that any government that cares about its citizens[1] should demand code audits for everything being imported. A proper[2] audit would reveal any backdoors that other countries have demanded to be put in place.

    As for forcing backdoors, that reveals the true nature of a Government in that they only care about staying in power, keeping its citizens safe is a side effect (need someone to rule over)...

    [1] If anyone knows of one, let me know.

    [2] meaning transparent and uncorrupted

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm all for audits

      In my experience, any audit of any type (whether in IT or engineering, finance etc.) , people get a heads up - so a few frantic weeks sorting things to _look_ like they are in order.

      When it is over, all goes back to normal.

      Much like the Royal visits to a hospital - it all gets cleaned up, red carpet rolled out, and all is hunky dory. One day later back to the mess and chaos.

  3. Marketing Hack Silver badge
    FAIL

    Understanding between nations is a beautiful thing!!

    Of course the understanding seems to be that these nations agree that their own people are the adversaries who need to be spied on, but hey, why quibble in the face of international solidarity! If nothing else, we can take comfort that "they" will be so busy trying to subjugate us that they won't have time to oppress eachother.

    Also, that proposed Chinese rule may be fine if you want to sell into China, but I think any non-Chinese IT customer might be pretty concerned that his new servers or routers are the same make and model as ones that have been recently approved for sale in the Chinese market.

    1. Yet Another Anonymous coward Silver badge

      Re: Understanding between nations is a beautiful thing!!

      So which is safer, a single common backdoor that you give the key to dozens of different agencies in a hundred different countries - or a 1000 separate backdoors each allegedly known only to that agency.

      1. NumptyScrub

        Re: Understanding between nations is a beautiful thing!!

        So which is safer, a single common backdoor that you give the key to dozens of different agencies in a hundred different countries - or a 1000 separate backdoors each allegedly known only to that agency.

        No backdoor. Due process takes care of investigatory powers against known targets already, like being able to record conversations at the telephone switch, or forward all internet packets to a separate router for storage and deconstruction.

        When surveillance is difficult, only important targets will be surveilled. When surveillance is trivial...

  4. Anonymous Coward
    Unhappy

    George Orwell

    1984

    Well, the guy was right. Open source code, foss etc. can be audited by 'many eyes', but hardware/firmware can't be.

    1. Bernard M. Orwell

      Re: George Orwell

      Now, everyone, as usual, chant after me: "There are no conspiracies. All conspiracy theorists are nutters."

      http://www.theregister.co.uk/2006/05/09/inside_nsa/

      1. Adam Inistrator

        Re: George Orwell

        just because you were right doesnt mean you are not a nutter

        1. Thunderbird 2

          Re: George Orwell

          The corollary being :

          Just because you are not schizophrenic, does not mean that they are not out to get you :¬)

          1. Adam Inistrator

            Re: George Orwell

            indeed ^_^

          2. Bernard M. Orwell

            Re: George Orwell

            Think you mean Paranoid, don't you? :D

  5. Anonymous Coward
    Anonymous Coward

    Communication equipment

    There is a requirement for all communication equipment commercialized in the EU that says the communications going trough it should be interceptable. So it is not just UK, FBI and China.

    Also, you cannot sell any encryption device that use unknown algorithms.

    1. Doctor Syntax Silver badge

      Re: Communication equipment

      Not saying you're wrong, but citation needed.

      1. Mike VandeVelde
        1. NumptyScrub
          WTF?

          Re: citation needed

          From the cryptome link:

          Access to Telecommunications

          [IUR 1] Law enforcement agencies require access to the entire telecommunications transmitted, or caused to be transmitted, to and from the number or other identifier of the target service used by the interception subject. Law enforcement agencies also require access to the call-associated data that are generated to process the call.

          "Call" in this context means the entire telecommunications transmitted, or caused to be transmitted, to and from the entity associated with the number or other identifier specified in the legal authorisation. "Number" or "Identifier" is the means by which telecommunications facilities determine specific communications. Identifiers may refer to a physical or logical entity (e.g. user addresses, equipment identities, user name/passwords, port identities, mail addresses, etc.) and may differ according to the type of telecommunications system.

          Typical, but not exclusive, examples for some specific services are: For PLMN IMSI, MS-ISDN, IMEI; for PSTN/ISDN directory numbers, port identification, personal and vanity numbers; for Internet (access) services IP addresses, account number, logon ID/password, PIN number and E-mail address.

          Apparently European ISPs have to (are legally required to) store passwords in reversible encryption so they can provide them to (duly authorised) law enforcement for intercept purposes, unless I am reading that wrong.

          What is this I don't even

    2. P. Lee Silver badge

      Re: Communication equipment

      >There is a requirement for all communication equipment commercialized in the EU that says the communications going trough it should be interceptable.

      That's true I think on the network side - you can't set up a phone company where the kit doesn't provide interception capabilities. However, encryption is now happening at the application level in the client, since no-one trusts the telcos any more. So the requirement has gone from compromising the network, in one place which was relatively out-of-sight, requires physical access etc, to compromising every application everywhere, remotely.

      As Schneier says, we can make secure systems, or we can make insecure systems but we can't make a secure system which can only be snooped by the "good guys."

      1. dan1980

        Re: Communication equipment

        @P.Lee

        As Schneier says, we can make secure systems, or we can make insecure systems but we can't make a secure system which can only be snooped by the "good guys."

        And even if you could, there's no clear way to tell exactly who the "good guys" are. Nor to ensure that they are always operating for the good of the people.

        Trust us - our secret court approved a secret (blanket) request, made in secret, about secret targets, with secret criteria, for a secret duration and with secret aims. So don't worry, okay?

        1. streaky

          Re: Communication equipment

          we can't make a secure system which can only be snooped by the "good guys."

          Of course you can. If one starts from the premise that the "good guys" really are thus: a 3 year old could write a back door (or rather a front door) that has strong auth that can do this.

          It's not a question if that's secure, it's a question of if them screwing around with RNGs, crypto suites and doing the insecure back-doors is a good idea; and if anything of it is ethical and if there's any point at all when in a few years everything flowing across it is going to be encrypted strongly.

  6. Will Godfrey Silver badge
    Unhappy

    I wonder what they really want

    Surely that can't be so utterly bereft of any understanding that they actually think this is workable.

    Can they?

    Can they?

    Hey. Anyone there?

    1. ecofeco Silver badge

      Re: I wonder what they really want

      Half of history is the story of morons who thought they could.

    2. streaky

      Re: I wonder what they really want

      They're scared of everybody, and the way they're going they're going to end up in a position where they should be scared of everybody.

  7. Doctor Syntax Silver badge

    So what if...

    ...Apple and others decide this is unacceptable and move manufacturing out of Chine?

    1. Yet Another Anonymous coward Silver badge

      Re: So what if...

      That's easy, the tricky bit is if you want to sell in China or the USA.

    2. Pascal Monett Silver badge

      Re: So what if...

      Move manufacturing out of China ? And lose those beautiful, wonderful margins to ensure proper security for their customers ?

      Screw the customers, that's what will happen.

  8. moiety Silver badge

    Not one of these cunts trying to get snooping laws passed has any intention whatsoever of the laws applying to themselves. Noooo, it's all operational this and national security that and terrorism the other; and what it actually boils down to is "do what I say and not what I do".

    This particular section of the proletariat -with all due respect- requests you take your snooping legislation, fold it into sharp corners, and spin on it.

    1. This post has been deleted by its author

  9. Someone Else Silver badge
    Mushroom

    Dear Middle Kingdom: Here's a hammer, there's the beach

    The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over.

    Yes, and I want the next three weeks of winning lottery tickets, too. What are my chances?

    In a sane world, producers would unite and with a single, unwavering voice, tell the Chinese to pound sand. But I'm afraid that corporatists, being the pussies that they are, will happily capitulate, and only whimper, "How far?" when told to bend over.

    1. Mark 85 Silver badge

      Re: Dear Middle Kingdom: Here's a hammer, there's the beach

      They'll only bend over if there's profit in it (money or power) for them. If customers stop buying their products, management will change their tune real fast or be forced to use their golden parachutes.

    2. Someone Else Silver badge

      Re: Dear Middle Kingdom: Here's a hammer, there's the beach

      Hello, Mr. Cook? Was that you with the downvote?

  10. ecofeco Silver badge

    It's the New World Order!

    You have problem with Corporate Communist Capitalism©®™, comrade?

    1. dan1980

      Re: It's the New World Order!

      @ecofeco

      No more so than I have a problem with Corporate Corrupt Cronyist Capitalism, consumer.

      : )

  11. DerekCurrie
    FAIL

    The Absurdity

    "...leading to Chinese government concerns that the kit may be used to spy on Chinese users"

    Yeah right. China wants to backdoor all software so their Chinese users aren't spied on. What's really going on, of course, is that China wants to spy on its own Chinese users. What a dump.

  12. dan1980

    Boo hoo.

    "Western businesses criticized the policies as protectionist . . ."

    So? Sovereign nations are ALLOWED to be protectionist. And that's not inherently a bad thing. "Protectionism" means that you are protecting your own national interests, which would seem to be the very point of having a government in the first place.

    This is coming in the midst of the TPP shambles where the US is actively trying to weaken the ability of sovereign nations to set their own trade rules in order to benefit their corporations. There is, therefore, a small, vindictive, pleasure in seeing an even more powerful nation (so far as being a desirable market they want access to) simply refuse to allow a similar weakening of their own sovereignty and instead make the US jump through hoops.

    But this actually shows the real problem with the US and their ideological exaltation of 'free trade'. Their bullying way of doing things has seen them continually push through agreements that end up benefiting their corporations over those of the less-powerful nations they strike their deals with.

    Against China, they simply can't do this, but their corporations are able to setup show in China anyway. So what you have is, instead of goods manufactured in the US - supporting US workers, who pay US taxes and loan money from US banks and buy food and goods from US stores - and then exporting them to China, what you have is US corporations setting up shop over there and producing locally. (Paying Chinese workers, etc...)

    There are many US brands in China but most of of that product does not come from US factories! They are exporting US knowledge to China by dint of them operating there, thus reducing any competitive advantage they might have had if they manufactured on home soil.

    Even more than that, however, because these corporations are setup in China, much of their manufacturing is done there as it is so much faster and often cheaper, thus reducing the manufacturing capability of the US. Apple might be a great US success story and poster child for US know-how and technical excellence but every iPad and iPhone bought by Americans (and everyone else) is imported from China and comes brim-full of technology sourced and manufactured in Asia.

    What the US (like Australia) does export to China is raw materials like iron ore, wheat, coal and surprisingly, soybeans (for pig feed). Also, like Australia, they tend to export lower-value un-processed versions of the above which then gets processed after shipping. Iron is a big one - the steel itself is manufactured in China.

    In fact, the top two US exports to China last year were soybeans and scrap (fe, al, cu + paper) - which are raw materials, whereas the top two exports from China to the US were computer and communications equipment - high-value, finished goods.

    Indeed, the 2012 trade deficit with China in 'high-tech' equipment was $119bn (overall deficit to China was $318bn).

    Free from the ideological tunnel vision of 'free trade' and unencumbered by the corporate corruption that runs rife in the US, what motivation is there for China to make it easy for US companies sell to them?

    It seems that the US's response is to sob: "it's not fair - they won't play by our rules like everyone else!"

    Boo hoo - I guess 'free trade' only works when you you get your own way all the time. Nice to know the US has at least some idea of how their one-sided 'partnerships' feel to the rest of us.

  13. Whitter
    Thumb Down

    It's not just comms

    It is also squarely directed at the IP of any technology firm - want to trade in China? Give us all your IP. Maybe we'll let you trade; maybe not - but we will give any tech that looks interesting to our own companies who will then compete with you.

    Classic protectionism in a marketplace: just make nobody want to sell anything to you while still plying all your stuff to them.

  14. Anonymous Coward
    Anonymous Coward

    I'm pleased

    that our government has finally made friends with China's.

  15. emmanuel goldstein

    I need your clothes, bootloaders and CPU cycles

    best. subhead. ever.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020