

India Bans Chinese Telecom Equipment - J3L2404
http://www.boston.com/business/technology/articles/2010/04/30/india_bans_chinese_telecom_equipment/

======
yumraj
US should seriously consider doing something similar since FBI is already
warning about fake Cisco routers which could (i.e. most likely do) have
backdoors. Link: <http://blogs.zdnet.com/projectfailures/?p=740>

~~~
cabalamat
> _US should seriously consider doing something similar_

As should all other powers. The possibility of backdoors in computing
equipment means that all software in critical functions needs to have been a
developed in an environment where the country can have a reasonable assurance
that there are no backdoors.

The same probably holds for processors.

~~~
maukdaddy
Just because something is "developed" in the US doesn't mean that all of the
developers are US citizens or even based in the US. Outsourcing makes it
incredibly difficult to ensure that no backdoors, malware, etc. are inserted
into source.

~~~
cabalamat
> _Just because something is "developed" in the US doesn't mean that all of
> the developers are US citizens or even based in the US._

Absolutely.

> _Outsourcing makes it incredibly difficult to ensure that no backdoors,
> malware, etc. are inserted into source._

If a program is (1) open source, and (2) widely used, there are likely to have
been lots of eyeballs looking at it. It would probably be harder to put a
backdoor in Linux of GCC, without people finding out, than in MS Windows or
Microsoft's CLR. I'm leaning towards the point of view that security6 critical
software should run on popular open source platforms (by platforms I mean
OSes, Languages and APIs).

~~~
MichaelGG
Do we have info on what backdoors in major commercial programs look like? I'm
going to guess a large company isn't going to embed a whole large backdoor --
too much liability and risk of discovery.

Instead, wouldn't it be better to make the backdoor another mundane security
hole? And open soure can certainly ship plenty of those (FireFox?).

So, really, in both cases, you need an experienced developer that can code in
a security hole without being caught during review. Not every boring feature
checked in gets the same level of "eyeballs".

~~~
xiaoma
This reminded me of Ken Thompson's Turing paper about how a malicious compiler
could make back doors invisible even to those who can look at the source.

[http://docs.google.com/viewer?a=v&q=cache:5Xr5GF-
rQkEJ:c...](http://docs.google.com/viewer?a=v&q=cache:5Xr5GF-
rQkEJ:citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.84.8238%26rep%3Drep1%26type%3Dpdf+Ken+Thompson+self-
reproducing+program+security&hl=en&pid=bl&srcid=ADGEESjgV0RpZWaqLp_ZUknoiVZCPXfF0UaXTyN8m4qQzTYjVt1SQ01d8bpYpJpXSZTAasGiGop_bwbLr2EiDGXfz4osDyDHjkbCcri79ZbTxtvJt4ZVd3F2EEHM9IX4Xg7G0eiRkR3T&sig=AHIEtbT8wWYDpL3tnqjjSPX7NHGIoqi1Lg)

------
r0h4n
I think this is a great move, and India is also playing fair by allowing any
vendor with a government security approval to do business in India. But this
will also give rise to the currently rampant corruption in so many government
audit agencies.

------
ams6110
How does Cisco (or any hardware company) ensure that their authentic, but
still made-in-china products haven't been secretly altered?

~~~
jrockway
By crossing their fingers... and toes.

The only reason there isn't widespread tampering and adulteration of goods
made in China (or anywhere) is that it's usually cheaper to do things right.
Manufacturing Cisco routers exactly as they are told to is easier than making
ones that are undetectably compromisable. Today.

In other cases where doing it wrong is cheaper, we've already seen what
happens. Lead paint is cheap. So, of course, we end up with kids' toys with
lead paint that flakes off.

But hey, at least it's one cent cheaper.

(And just so it doesn't sound like I'm being anti-foreign-goods or whatever,
we do the same thing domestically. HFCS is slightly cheaper than sugar, so
it's used in everything, even though the production is harmful to the
environment and the health effects versus sugar are in question. But hey, at
least the profit margin on sugar water is even higher now!)

------
jamesbressi
Good move. China does not seem to hide the fact that they are interested in
20th century espionage via hacking and everyone knows they are an impressive
police state that monitors everything.

The U.S. should definitely make the same move, but well, then there is that
whole mess with China owning most of our debt...

~~~
jws
China is the foreign nation holding the largest portion of the US debt, but
they hold less than 10% of the debt.

~~~
ericb
If we balanced our budget, the debt could be a weapon in our favor.

------
maheshs
I welcome this move. China also have same rule for other countries.

------
seshagiric
This is not surprising considering the number of news we read about Chinese
'interest' in Indian websites - everything ranging from Nuclear programs to
Tibet.

There is another reason - cheap Chinese mobiles without IMEI numbers were
flooding the market.

------
drinian
_Last year the government banned imports of Chinese handsets without the
International Mobile Equipment Identity, or IMEI, number, again citing
security reasons such as the use of stolen handsets to make terror or hoax
calls._ Chinese manufacturers cloning IMEIs? Never!

The big question is, can India's government really enforce this?

~~~
stcredzero
_The big question is, can India's government really enforce this?_

From what I know, the answer would be: Yes, whenever they want to.

~~~
jasim
Yes, they already have done that. It was made a law, and cheap Chinese phones
now comes with a govt. approved IMEI.

------
siculars
IBM selling their computer line to China was a major mistake and should have
been blocked on national security concerns. The fact that half the government
uses Lenovo laptops that used to be Thinkpads is criminal.

It does not take a genius to realize that China is using all their power and
cunning to infiltrate everyone everywhere. When your firewall and your packet
filter and your router all come from the same place how can you be sure that
you don't have a backdoor?

I know people who work in this area and the bottom line is that it is not
whether or not you are paranoid, but are you paranoid enough?

------
est
While China bans something it's unfair trade, it's interesting to see
something like this and everyone think it's good move.

~~~
stcredzero
When was the last time you heard of fake Cisco routers coming from India?

EDIT: The difference is probably due to different emphasis on and
effectiveness of enforcement.

