US: We'll pull security co-operation if you lot buy from Huawei A US official has repeated his country's threats against its allies over Huawei – stating that the US's goal is a process that leads "inevitably to the banning" of the Chinese company's products. "We have encouraged countries to adopt risk-based security frameworks," said Robert Strayer, speaking on a call with the world's …
"The most fundamental security standard, really, is that you cannot have this extrajudicial, non-rule of law-compliant process where a government can tell its companies to do something," Strayer told the Bloomberg newswire, speaking for the US government, ostentatiously telling foreign governments and companies what to do....
I think it's the only way the US can respond to China. The Chinese have far, far more control over their population and economy and are used to taking the long view so can afford to be patient and take small incremental steps. The US, on the other hand, has little control of how industry operates, eg outsourcing to China, and can barely plan more than two years ahead for anything, ie 4 year election cycle and each election is in the planing for two years.
no. just no.
Seriously, there's this "5 I" agreement that I have become aware of, in which the USA, UK, Canada, Australia, and New Zealand have agreed full cooperation on intelligence matters, and "not to spy on one another".
It seems reasonable (to me) to ALSO exclude 'non member state' equipment when it comes to intelligence matters. It's the general idea (well established) that malware specifically targeted for espionage could be introduced into equipment supported by a foreign manufacturer.
It also suggests that open source firmware on a compatible platform might be the ultimate solution to prevent espionage...
The biggest concern with Huawei is them seeking to dominate 5G, even going so far as to SUE QUALCOMM, and the FTC _ENABLING_ them!!! [in some circles, this is called CHUTZPAH]. Some people view this the same way that the space race was seen, having Russia (in the late 1950's) dominating space would be a _BAD_ thing for the world. Similarly, having China dominate 5G is _ALSO_ a bad thing for the world. If you doubt me, look what they're doing with "the great firewall" and their 'social credit' scoring system. Yeah. "You cannot get a job unless you have a good citizen social credit score'. Seen THAT coming. ONLY "approved" PEOPLE GET TO WORK! [could this be 'the mark of the beast' that so many people fear?]
I think that's sort of the point: install our backdoors not theirs.
The problem for the US as I see it, is that even with all the sniffers that the NSA can muster (and it's a fuck of a lot), lots and lots of relevant information is still gathered the old-fashioned way and America could lose out big time if, say the French were stop passing on the information it receives from the Maghreb. Not that they're likely to do this any time soon, but rinse and repeat for a whole load of countries and it could get, er, interesting.
And, of course, no EU country is really going to run the risk of being taken to court over anti-competitive practises.
I agree.
I find very interesting that the UK has shown that there are genuine security holes in Huawei products, but steps back from saying they are tampered with by the Chinese intelligent services; yet the Americans keep saying they are an intelligence security risk, whilst offering absolutely no evidence to support their case.
If you're going to insert a backdoor, you would make it look as much like an accidental security hole as possible so you have deniability when it's eventually discovered.
That said, Huawei was willing to open up their source code to the UK government to have it inspected, which is more than can be said of any of the other major vendors. They could well be worse, giving them incentive to keep the code hidden. Even without source code, many serious vulnerabilities and evidence of very poor coding practices have been discovered in many different vendors products.
>I find very interesting that the UK has shown that there are genuine security holes in Huawei products,
What that little hatchet job told us is that Huawei is about average (and that there were no back doors that anyone could find). What its likely to do is give Huawei a QA target to achieve, now they know what they have to do to achieve perfection they might just try doing it. We lose.
Wasn't there an american (Pompeo probably) in the news recently saying that if we used Huawei products on our phone network that could prevent them sharing information with us, because the data might need to encrypt those to reach GCHQ's/Government networks.
Because, you know, I'm sure the NSA and GCHQ just send all their data unencrypted over the internet routinely.
I'm fairly convinced the septics are running a misinformation campaign to help ensure that 5G kit is sourced in such a way that tax becomes due in the Land O' the free.
It's all a pathetic game by the US government. Over twenty years ago I worked for two US equipment and software providers putting intercept equipment in Belgacom's infrastructure on behalf of US and UK authorities. We were collecting metadata before people knew what it was to DLT tape. The Germans were at, too. When Schengen came along the Schengen database people hired the same companies to do the same. Christ GCHQ can't walk by an undersea cable without bugging it. The US knows end to end encryption is the proper response and this ban the Chinese crap is nonsense.
Yeah well, Trump needs to "Make America Great Again" but the US tech world has suffered from many years of cutting costs, cutting staff and cutting R&D and sending jobs offshore so the capitalists can make more profit.
Now Huawei and China are 18 months ahead of the Americans in 5G and they don't like to lose, hense them bullying all their allies to ban Huawei and buy inferior American crap.
As long as the rest of the word uses the inferior US crap too, then they think the US can keep its place in the IT/IoT/5G/communications/always on world, and hold the rest of the world back and stop them getting any more of an advantage in the new world than they already have.
This post has been deleted by its author
"Now Huawei and China are 18 months ahead of the Americans in 5G and they don't like to lose, hense them bullying all their allies to ban Huawei and buy inferior American crap."
Typical US trade war stuff. Look up "the Chicken Tax" sometime (and realise an early 1960s "trade war" over poultry hygiene is why americans love SUVs/pickups and explains why they have protectionism on such vehicles over 50 years later - protectionism that arguably almost destroyed the US carmaking industry)
The UK was doing exactly the same thing over telco/radio kit against the "Japanese threat" in the late 1960s early 1970s, which resulted in the NZ govt of the time forcing the NZPO to buy a bunch of frankly atrocious and utterly unreliable bunch of UK and Anglo-Italian kit instead of the NEC/Fujitsu stuff they would have preferred, for twice as much as they'd agreed from NEC and Fujitsu. (This was long after "made in Britain" had come to be regarded as a warning label) - unsurprisingly having been forced to buy "from the friendly country", things were further dogged by non-availability of spares, stupidly long delivery delays of the things and extremely high costs for them (Sellers who know they have you over a barrel will charge whatever they want and take as long as they want)
Next time around steps were taken to ensure that the NZ government couldn't interfere with the dealings - Something that seems to have been forgotten in recent years.
The USA was pulling the same stunts in the 80s and 90s with its telephony and radio communications equipment. A lot of the world was shielded from this by virtue of using CCITT digital standards instead of the strange US-centric ones but those who did get suckered into buying E-spec AT&T switches found out the hard way that the same rules of engagement applied, coupled with the "europeanisation" of the kit being a kludge. Those who were forced to buy US-centric T-spec kit were in an even worse state as they had to bridge between T and E trunks using highly expensive conversion kit. (This is common across parts if the middle east and certain small island nations)
"US tech world has suffered from many years of cutting costs, cutting staff and cutting R&D and sending jobs offshore so the capitalists can make more profit business can stay afloat, because of HIGH CORPORATE TAXES and overseas competition"
Fixed it for ya. Nobody should buy into the class envy and "99%-er" nonsense, EVAR. It's a big fat lie, fake news.
This is why Trump got Congress to lower tax rates for corporations, because THAT was the reason for downsizing and offshoring (etc.), and _NOT_ "corporate greed" [as evidenced by the current economy].
However, the greediest (the REAL "1%"-ers) all seem to be ON THE LEFT, because whenever THE LEFT runs things [and raise taxes on those trying to BECOME the rich], it stifles the economy for the "99%" _AND_ makes the "1%" EVEN RICHER, at EVERYONE ELSE's expense!!!
And yet, if they're big 'liberal cause' donors, "the left" will LOVE them, regardless of whether or not they represent the REAL "1%". And the end result, the divide between rich and poor WIDENS, because of the *kinds* of liberal policies they use their money to promote. You SHOULD be angry about it. I am.
That is the only possible reply to a bully; then the rest of us refuse to share security data with the USA.
This seems to be as much about economic competition that security/spying.
It seems that the quality of Huawei code is poor, but that is a different/unrelated topic and seems no worse than the code in their competitors' kit.
Yup, and that's a reflection of bought and paid for Representatives. Private money in Politics always means special treatment for those who "contribute" the most money. No representative democracy or democratic republic there or however Americans like to think of their exceptionalism. :)
Yes, but the current incumbent makes Dubya look not only good but progressive. At least one could laugh at Dubya's upside-down book reading, inadvertent faux pas uttering antics. Arsenoise, on the other hand, is deadly serious when he goes blundering in, with emphasis on the deadly.
To explain Trump and some of the other weirdness of the last 60 years:
https://www.politico.com/magazine/story/2015/04/corporate-america-invented-religious-right-conservative-roosevelt-princeton-117030_full.html
You can argue that the rise of violent Islamic, Jewish and Buddhist(*) extremists is a direct and opposing reaction to the surge of christian extremism.
You can also paint the rise of the extremism as a reaction to increasing secularisation (and feeling outnumbered), but the violence feeds on itself and secularists tend not to be so knee-jerk in their reactions to feed it.
(*) Yes they exist, no they're not nice people (see: Rohingya massacre)
I don't understand why the "Huawei Cyber Security Evaluation Centre" is a new or unique thing.
I would expect our governments to apply the same rigorous code checking on all crucial comms equipment.
We know that the equipment from the US has backdoors in, we know this because every country does this where possible. These Evaluation Centres should be looking at all tech
We know that the equipment from the US has backdoors in, we know this because every country does this where possible. These Evaluation Centres should be looking at all tech
In the case of the US we don't know it because every country does this where possible, but because the NSA backdoor was found.
""The most fundamental security standard, really, is that you cannot have this extrajudicial, non-rule of law-compliant process where a government can tell its companies to do something," Strayer told the Bloomberg newswire."
Well then, that rules out buying any equipment made by US manufacturers.
Probably time to tell the US where to go, if they want to stop sharing info with us, then they can take their US military spy bases and ships/dockyards off our soil as well.
Imagine if they couldn't put their military spy and Navy bases all around the world like they do today?
"Probably time to tell the US where to go, if they want to stop sharing info with us, then they can take their US military spy bases and ships/dockyards off our soil as well. Imagine if they couldn't put their military spy and Navy bases all around the world like they do today?"
--
You're imagining a world where the US and their military bases are actually invited
The US argument that Huawei installed equipment will mean the Chinese state can spy on them is weak at best. There was a Panorama show about this very thing on the BBC this week. The GCHQ take on it is that spying would not be an issue. Anything sensitive would be encrypted anyway, so even if the Chinese were syphoning of data they wouldn't get anything of use. And although weaknesses are there in the security of the software on the Huawei 5G kit, it is more about bad coding than deliberate backdoors.
They do have other worries that they could be used to create DDOS style attacks on the UK network infrastructure but not about the Chinese spying.
The world should refuse to share information with the US as long as Trump is handing it straight to the Russians (and I think that's already pretty much the case), and not install US sourced gear unless it's been just as much rigour and open investigation as Huawei's.
By the way, not sharing goes two ways - let's cancel the leases on all those places where you have set up forts embassies that bristle with intercept aerials. You're going to give that land back - your leases are hereby terminated.
That malfunction at Menwith Hill? It isn't. We pulled the plug.
Wanna try that one again?
This is what 30+ years of US "enterprise" has bought the US. A reliance on someone else to do the work of educating and supporting a workforce capable of delivering tech at a decent price. Yes, the labour conditions in China are beyond inhuman, but it's not like the extra cost of US (or UK) products really goes into improving labour conditions.
"The most fundamental security standard, really, is that you cannot have this extrajudicial, non-rule of law-compliant process where a government can tell its companies to do something,"
That's one of the most compelling arguments yet for never hosting anything in the USA (PATRIOT Act) or doing business with companies that have US offices (same act) or buying equipment from Cisco.
Let's not forget those "secret" NSA wiretapping rooms that appeared in various AT&T nodes across the USA in the early 2000s
Is this the end of Five Eyes and its attendant snoopage of everyone's private communications? Personally, I can't think of much better news than that. I'm beginning to suspect it's because Huawei refuse to put backdoors in their FW and the Five Eyes wallahs are too thick to reverse engineer it or it's too much bother to intercept and infect the way they do with outbound Switchzilla kit.
Fine, Trumpettes¹, take your ball home. It was soggy, a funny shape, you kept cheating and, as they say in your vernacular, "ain't nobody here gives a shit."
¹ I'm talking directly to the political class here. Ordinary Americans are, as a rule, decent folk just like anyone else, while their politicians are about as clueful as ours.
"The most fundamental security standard, really, is that you cannot have this extrajudicial, non-rule of law-compliant process where a government can tell its companies to do something,"
I can't actually believe this guy can say that with a straight face, when the US has been shown to have a history of doing that exact thing with secret, sealed courts to compel Facebook, Google, Apple, etc. to snoop. If there was at one point a moral highground where the US could claim it only used such powers for "good", it sadly lost it years ago. The US isn't trusted any more than China is at this stage.
In China there is a law which calls on everyone - companies and citizens included - to assist in the spying effort. An analysis of the law states:
"The Intelligence Law… repeatedly obliges individuals, organizations, and institutions to assist Public Security and State Security officials in carrying out a wide array of “intelligence” work. Article Seven stipulates that “any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.”"
(SOURCE: Dr. Murray Scot Tanner, Lawfare)
It is not unusual or even unsurprising that China spies on the west. Certainly, you only need to look at the latest copies of the phones, laptops, or other tech to understand that the law there is somewhat different to the west.
What the US is doing here is making a stand and saying that, no, we won't support you writing a law that requires every citizen to be a spy. We won't buy from your companies that we've caught embedding spy technology into their products. And we will reach out to our allies and request they behave the same.
What's amazing to me, is how a bunch of security professionals actually listen to obviously left wing columnists over common sense risk assessment practices.
I mean, I get why the overwhelming public believes the press all the time. They don't know any better; however, InfoSec professionals should understand the basic concepts of risk assessment.
So lets just play along for a moment with what the press is selling you... and the NSA/CIA spies and steals your secrets and money as much as China's military.
Would you rather it go to China, who has published their goal of crushing capitalism, or to a country who has bailed your ass out several times?
Also, there is a big difference between a Government mandating something NOT be used... and a government which mandates something you MUST use.
It isn't like the USA, UK and Australian governments say you must use one thing out of many. It's saying, there are many choices, but don't use THIS ONE thing.
Good grief. Stop letting a journalist with no international or technical expertise what so ever tell you how to think and do your job.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
