
New Rules in China Upset Western Tech Companies - blackbagboys
http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-rules-perturb-western-tech-companies.html
======
Htsthbjig
This already happens in the US with software and hardware that is essential
for national security.

How is that any strange that China wants to do the same?. The job of the NSA
is spying other countries, obviously China does not want other countries
controlling their basic infrastructure.

Of course, having the source code means in a couple of years there will be a
Chinese company creating the same hardware or software, and with lots of
"coincidences" in the code code.

It is not very different to what Americans did with the British.

I have lived and worked in China, I speak Mandarin. There any Chinese
commercial companies have to go to meeting with other Chinese companies, so
THEY CAN COPY YOU!!

Any commercial company operating in China needs to have 51% Chinese
participation. As a western well trained person, if you work there in 49%
partnership with a foreign company, they could offer you millions of dollars
for making a 100% Chinese company competitor.

The west should start demanding reciprocity to China in lots of ways.

~~~
gxs
| The west should start demanding reciprocity to China in lots of ways.

Agree. It makes my blood boil that we're handing over the culmination of years
of research and development, both academic and corporate, for the sake of a
few short term dollars. There will always be some moron happy to the the one
to hand over everything in order to make a quick buck.

I am way out of my element as I have no legal training, but how are there no
export controls? It is in the US's best interest to not allow this to happen.
Do we really want to live in a world where China can copy any western
technology at will, but never divulges any of it's own secrets? What a load of
crap.

~~~
vikiomega9
I wouldn't call it a quick buck, it's unregulated market competition.

| It makes my blood boil

You're taking my money and not guaranteeing no backdoors in your software, how
does that work for my blood? I'm not saying my data is important or that I'm
special, but the fact that my ERP data critical to my business is potentially
open to someone across the world or even my own government does not sit right
with me. Of course I will clamor for some oversight. I may be dearly mistaken
but I can't agree with your comment.

------
protomyth
"and build so-called back doors into hardware and software"

It would be nice if the US government had some moral right here to claim for
US companies this is unacceptable since any backdoor is an exploit waiting to
happen. Sadly, the Executive branch in setting NSA policy has basically
screwed us all and sacrificed our safety.

~~~
tormeh
I don't get what's so bad about backdoors. With the exception of end-to-end
encryption, your chat/communication provider already has the keys. What's so
much more hackable about the government having a copy?

~~~
ekimekim
> With the exception of end-to-end encryption

And therein lies one of the big issues. As Apple is discovering, implementing
good practice security with end-to-end encryption or similar untrusted-
middleman setups is being made illegal.

~~~
mirimir
They also want backdoors for end-to-end encryption. Remember the Clipper Chip?
Cypherpunks won that round with Silicon Valley support. But now that we're at
cyberwar, all bets are off.

------
xnull5guest
This is really not all that uncommon. Microsoft gives regular access to its
Windows source code for auditing to Russia, China and other countries.

Combine this with recent activity on the US's behalf to backdoor services in
China, for example giving US Federal agents access to the GMail accounts of
Chinese nationals. Projects like this in the United States are not atypical.
You'll remember that the surveillance programs selectively revealed by
journalists with access to the Snowden documents that they are administered by
the 'Foreign Intelligence Surveillance Courts' \- and that the United States
participation in the Five Eyes partnership with the core of UK, Australia,
Canada and New Zealand (now expanded to include others) is a charter to
intercept global intelligence and communications - that Germany's BND, an ally
of the US's NSA, had called for the boycott of the more recent Windows
Operating Systems as its implementation and support for TPM attestation
amounted to the US backdoor. We've also learned that the United States CIA
created a Twitter-like service under a front corporation, deployed it in Cuba,
and used it to attempt to foment a revolution (in 2014). The United States
Department of Defense has studied how to propagandize entire countries, in
fact entire regions of the world, over Twitter and social media. It's Justice
Department funded studies on how to tweak search results and social media
banners to influence election outcomes. (Such meddling has been caught in
Indian search engines, but attribution is not currently known.)

No one should be surprised after the wealth of information disclosed through
the Snowden documents and the constellation of other facts that China has a
legitimate worry that software sold to their banks may contain surveillance or
covert access capabilities. One might even speculate that these policies are a
product of Chinese Intelligence which suggests that Western allies either have
plans to do or have in the past done exactly that.

~~~
gaius
... And universities in the West, it's no big secret.

[http://www.microsoft.com/en-
us/sharedsource/default.aspx](http://www.microsoft.com/en-
us/sharedsource/default.aspx)

------
mark_l_watson
I have mixed feelings about this.

On one hand, I would like to see tech companies in my country (the USA) have
access to all international markets, and vice-versa.

On the other hand, I understand why governments like China, USA, etc. would
want to protect their local infrastructure and competitive advantages.

I listened to a good interview with Catherine Austin Fitts this morning and
one of the topics she talked about was how corporations are becoming more
relevant than governments. When I see how corporate (and I include the
military industrial complex) interests have usurped control of my government I
find it difficult to disagree with her viewpoint. Who knows what will happen
in the next few years, but it will be interesting to see how much corporations
publicly get in the face of governments who get in the way of their business
interests. One example of this would be push back against central banks
affecting the value of money, etc.

~~~
CamperBob2
_On the other hand, I understand why governments like China, USA, etc. would
want to protect their local infrastructure and competitive advantages._

From a humanistic perspective, I'm no more sympathetic to this arugment than I
would be about protectionist measures enforced between neighboring states,
provinces, cities, towns, or neighborhoods. The world gets smaller every year
and that's a _good_ thing in most respects.

 _I listened to a good interview with Catherine Austin Fitts this morning and
one of the topics she talked about was how corporations are becoming more
relevant than governments._

Governments murdered a hundred million of their own citizens in the twentieth
century alone. I say let's give the corporations a turn.

(Yes, I'm being somewhat facetious. But like most snark there's a grain or two
of reality behind it.)

~~~
mark_l_watson
I just upvoted you and user higherpurpose. I don't understand why people
downvote other users who are just expressing their opinions.

~~~
CamperBob2
There's a strong statist undercurrent on HN, which is somewhat hard to
understand, as well as a low tolerance for trolling, which isn't. Sometimes
telling the truth in an unexpected context is mistaken for trolling.

In general governments aren't exposed to the same criticisms as corporations,
or held to the same standards, except when their actions directly impact IT
and online rights (DRM, surveillance/security policies, and such.)

~~~
nitrogen
_In general governments aren 't exposed to the same criticisms as
corporations, or held to the same standards, except when their actions
directly impact IT and online rights (DRM, surveillance/security policies, and
such.)_

I don't think that's an accurate statement to make about HN. There are some
high-karma users who seem to be very pro-government, and there's no doubt some
astroturfing going on. But there is also a vocal population of people who want
to see governments act in their people's interests and be accountable for
their actions. It just so happens that, as an IT-focused community, HN talks
about the IT aspects of government a lot more often.

~~~
CamperBob2
_But there is also a vocal population of people who want to see governments
act in their people 's interests_

The problem is, it's becoming increasingly apparent (to me, at least) that
this is motivation is not only ill-defined, but inherently self-contradictory.
Those people are not going to get what they say they want, because it doesn't
exist. Government is the ultimate zero-sum game: anything they give to
someone, they have to take from someone else.

Ultimately, the only _rational_ conclusion I've been able to reach is that the
best government is the smallest one. Around here, saying so often gets one
downmodded.

~~~
nitrogen
_Ultimately, the only_ rational _conclusion I 've been able to reach is that
the best government is the smallest one. Around here, saying so often gets one
downmodded._

It could be because small government advocacy is often associated with
dogmatic _ir_ rationality. Maybe there's a way to reword rational small-
government arguments to make it more clear they have a rational, rather than
dogmatic, basis?

It could also be because there's a path dependence issue; how does one
actually get from where we are to where a particular argument wants us to be?

------
contingencies
I live in China (on and off for 13 years). I have run tech companies here.
First up, rules are less fixed here, so the fact this has been announced
doesn't mean it will be encountered/enforced at all outside of very large
government contracts (banks here are owned by .gov, foreign banks are excluded
despite WTO-join-time assurances to the contrary). Secondly, this is a direct
response to the NSA paper revelations about how much success they've had
infiltrating Chinese communications networks... big red dots showing points of
NSA infrastructure _inside_ the country! Well... pot, kettle, black. Finally,
if you are selling physical or software products to China and feel they're
somehow unique technically and believed for a second that they wouldn't be
reverse engineered by interested parties, then you were already kidding
yourself.

------
jkot
Could someone expand a bit on 'adding backdoors'? Article only mentions it at
beginning, and it kind of feels like something was lost in translation,
perhaps it was 'to check for backdoors'?

It is all about reducing dependency, and backdoors in banks, does not really
fit in.

> _“In reality, it’s about the core elements of Chinese information
> technology. We don’t really control these. We’re under the yoke of others.
> If the others stop services, what do we do?”_

~~~
wmf
_The draft antiterrorism law pushes even further, calling for companies to
store all data related to Chinese users on servers in China, create methods
for monitoring content for terror threats and provide keys to encryption to
public security authorities._

Sounds pretty backdoory to me. (Technically the article is talking about a few
different laws/policies, but the underlying philosophy appears the be the
same: the government wants access to everything.)

~~~
jkot
Thanks, makes sense, I was confused about banking industry.

 _new regulations requiring companies that sell computer equipment to Chinese
banks to turn over secret source code, submit to invasive audits and build so-
called back doors into hardware and software_

------
sesutton
The rules about encryption and backdoors are authoritarian but hardly
unexpected from China.

The rest of it doesn't seem so unusual. Microsoft has been sharing source code
with governments for over a decade and several other countries (including
Western ones) are considering requiring user data to be kept in country.

~~~
mirimir
Yes, this is not at all a surprise. And yes, many nations are pursuing similar
initiatives, to defend against Five Eyes snooping.

What varies more is the emphasis (in public, at least) on backdoors. China,
Russia and the UK want them. The rest of the EU and the US have been
conflicted.

Recall that US TLAs have been pushing for this since strong encryption became
widely available in the 80s. And with all the FUD about cyberwar, they'll
probably get their wishes granted soon.

------
nemothekid
Aside from the regulation about building backdoors into hardware - is there
any any reason why it would be disappointing to hear that bank software must
be essentially open source?

~~~
lukeschlather
Giving the Chinese secret police access to the source cannot reasonably
compared to open source.

------
pm90
_noting that many Chinese companies and local governments had to scramble when
Microsoft discontinued its support of Windows XP_

This really doesn't make any sense. Microsoft gave ample warning about when it
would discontinue supporting XP, and its actually incredible that they did
support it all the way to 2014. What exactly do they expect? That MS will
support it forever?

------
skybrian
I wonder if this will result in more open source code available in China? Open
source projects should have no trouble disclosing source code to anyone who
asks, including the Chinese government.

------
skc
Wonder if BYOD is a thing within the Chinese banking industry then, especially
after seeing the explosive growth of Apple in that country

------
mSparks
paswordz sites will have a field day.

->access any chineese bank account here: one click to transfer funds.

~~~
Wogef
This is already done, they have a huge bank fraud problem.

------
vaadu
Don't sell or license computer gear to Chinese banks.

------
higherpurpose
To this I would say: "Sorry US companies and US government. You've laid your
bed. Now sleep in it."

~~~
happyscrappy
"Western". It is in the fucking title!

