back to article We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist

The US Department of Defense's "do not buy" list of foreign software and equipment turns out to be about as long as the list of bug-free Windows releases or privacy-focused Facebook apps. In other words, it doesn't exist. According to news reports in July, there is such a list, and the Pentagon has been adding to it in an …

  1. Boohoo4u

    I made it into a list. You’re welcome.

    1. Huawei Technologies Company

    2. ZTE Corporation

    3. Hytera Communications Corporation

    4. Hangzhou Technology Company

    5. Dahua Technology Company

    1. Anonymous Coward
      Anonymous Coward

      don't forget hikvision

    2. Julz Bronze badge

      And the peoples liberation army.

  2. I3N
    Pint

    Did anyone say Toshiba ...

    Been this way probably forever ...

    Procurement folks are one way - by vendor, foreign military sales another - by item ...

    Even the A6M folks were let in ... damn Chrysler part of that car and little shame for management lies ...

  3. Steve Knox

    Criteria

    The Register asked the Department of Defense if anyone cared to elaborate on the criteria for being added to the non-existent list. We've not heard back.

    It's super simple:

    1. You must be a non-US competitor to one or more US companies.

    2. Said US companies need to have bought appealed to a sufficient number and combination of US lobbyists, politicians, and civil servants.

    1. Anonymous Coward
      Anonymous Coward

      Re: Criteria

      Could the list could be expressed as "not made in Murica". EC procurements have a similar constraint that requires components related to security to be manufactured in the EU, which can create a few compliance problems. [Exactly how many firewalls, IPS/IDS, etc. are manufactured in EU27? Not many, that meet the other requirements]

  4. Anonymous Coward
    Anonymous Coward

    Your list exists but....

    You asked the wrong people.

    Send a bunch of FOIAs to NSA/CSS, DIA, 902d MI Brigade (especially 902d, they're the Army's counterintelligence folks), ARCYBER, and the G-2s of the service branches and ask for restricted product and party lists. You probably won't get anywhere because its undoubtedly TS//SCI and operational, but there are lists which exist. And there are plenty of companies from the US and other NATO countries as well as the Major Non-NATO allies that are on it for a variety of reasons. Its not just because the Chinese are backdooring everything they possibly can, because everyone else does the same damned thing.

    However, acquisitions won't know a damn thing about it because they're not read in to the Special Access Programs which control them. They'll put in a request for funding for the purchase via DFAS and it'll get denied for security reasons and no other explanation. DFAS might also have a list that they reference but getting anything out of them is a fool's errand.

    Acquisitions at the DoD level won't have anything because that part of DoD doesn't control it, its not an acquisitions concern at the department level, its a security concern at the Agency, Service branch and functional command (SOCOM, STRATCOM, TRANSCOM, etc) level and a financial concern for DFAS.

    Ask the actual security people and not the buyers. The beancounters may also have something but good luck knowing what they call it (not my monkey, not my circus, maybe ask someone late of Finance or Supply, they might know).

    They'll all turn you down for operational reasons, but you'll at least be asking the right people.

  5. vtcodger Silver badge

    Nonexistent

    The Register asked the Department of Defense if anyone cared to elaborate on the criteria for being added to the non-existent list. We've not heard back. ®

    Why would The Register expect the criteria for updating a nonexistent list to be anything other than nonexistent?

    Seriously, since World War II the US government has had more procurement regulations than anyone can possibly keep track of, much less comply with. As a result, the rules are ignored or are applied more or less randomly. It seems plausible to me that there is, somewhere in the federal bureaucracy, at least one do not buy list. Could be several. All will be assiduously maintained. But since no one knows where to find them, the content will not be consistent and compliance will be spotty.

  6. John Smith 19 Gold badge
    Joke

    Hmmm

    <security> You can't buy this it's insecure. Didn't you check the "Do not buy list"

    <procurement> What "do not buy" list?

    <security> The one we compile

    <procurement> Why weren't we told about this list?

    <security> Because it's secret.

    1. Anonymous Coward
      Joke

      Re: Hmmm

      "Close enough for government work."

  7. Nick Kew Silver badge

    Deniability, old chap

    If you have a list, you're open to challenge. And your opponents might have deep pockets for lawyers, too. Awfully messy.

    1. GrapeBunch Silver badge
      Coat

      Re: Deniability, old chap

      I'll get my coat. Mine's the one labelled: "We never had this conversation".

    2. Sgt_Oddball Silver badge

      Re: Deniability, old chap

      Well they could tell you but then they'd have to kill you.

      Tends to put a dampener on repeat business...

  8. chivo243 Silver badge
    Big Brother

    Sorry, Not on the list, but they you are

    Not on the list to obtain the list, but since you asked, you're now on a list.

  9. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921 Bronze badge
  10. martinusher Silver badge

    There is politics and then there is reality

    Like with other countries the government is something that we have to put up with rather than something that's useful or helpful. Its been clear for many years -- decades, even -- that they're pretty clueless about what constitutes threats but then with populist politicians driving the agenda, lots of money at stake and not very competitive local companies wanting a piece of the action you'd not expect anything other than confusion.

    You can see how this goes down with the recent story about Chinese military hackers stealing billions of dollars worth of secrets from Micron technology. Sounds real scary but you find that what happened is that the Chinese wanted to build a DRAM fab, the company running it didn't have the knowhow so it partnered with a Taiwanese company that does. There's a need to staff up with skilled staff so out come the headhunters who go recruiting in all the obvious places like existing DRAM companies like Micron. This is all normal commercial give and take, its how business is done (and it wasn't too long ago that nobody took any notice of trade secrets and the like). However, once word gets to the Cold Warriors i DC the story starts to sound like a Le Carre novel. Its embarrassing because you know that the real reason why a company like Micron is a bit worried is the same reason we all get a bit worried when we discover that the Chinese are about to enter our line of business --- things are about to get a whole lot harder for us.

    This doesn't mean that trade secrets aren't stolen and so on, but then its a naive company that doesn't have people looking at competitors' products, analyzing them, reverse engineering them even (because sure as hell, if your stuff is any good, someone will be picking it apart....)

    1. Alan Brown Silver badge

      Re: There is politics and then there is reality

      "This doesn't mean that trade secrets aren't stolen and so on"

      And the USA is one of the worst offenders for doing this on an industrial scale at state level, then handing the purloined material off to its favoured defence contractors.

  11. Anonymous Coward
    Anonymous Coward

    The other list

    Did you ask the Chinese for their list?

  12. Maelstorm

    There is...or used to be...

    There is or was a federal law on the books that goes something like this: "Products purchased for government user must be bought from US companies." or something to that effect. So a list like this is probably classified, which means el Reg can FOIA it till they are blue in the face and they response will always be "We can neither confirm nor deny that any such list exists."

    Frankly, I'm quite surprised they didn't outright ignore your request.

  13. Dabooka Silver badge

    Surely that is the definition of a list is not?

    You know, a quantity of companies detailed in such a way as all be counted as a shared characteristic (i.e. DO NOT BUY).

    More a misuse of the word 'list' if you ask me.

  14. Anonymous Coward
    Anonymous Coward

    I once opened a huge box from Cisco that came with a packing note that ran to 5-6 pages with lots of legalese about WMDs and a ban on exporting to THE AXIS OF EVIL (but you could export to THE AXIS OF NOT VERY NICE just as long as it's not going to a government entity)... for a single ethernet cable! Of course I did make sure the end user was aware of all this and the potential ramifications of a failure to comply, namely the free holiday in Cuba.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019