
Canada’s ability to test China’s Huawei for security breaches questioned (2018) - colinprince
https://www.theglobeandmail.com/politics/article-us-intelligence-officials-question-canadas-ability-to-test-chinas/
======
pierrebai
So, logically, it follows that Canada also is too unsophisticated to test and
trust US equipement? Canada should ban all US devices.

And, recent history tells us, the US does spy on its allies, its allies'
governments and business.

I've always taken the US alarmist position on chinese equipment to at least
partially means that they fear not being able to bug the rest of the world as
easily once everyone network are not filled with US gears.

~~~
tivert
> So, logically, it follows that Canada also is too unsophisticated to test
> and trust US equipement?

IIRC, the US doesn't actually produce any 5G cellular equipment. The
alternatives to Chinese equipment are European: Ericsson and Nokia.

~~~
whytaka
How could the Americans have missed the boat on this completely? I find that
hard to believe.

EDIT: It appears Intel is working on 5G.

------
ivankolev
I find it very unfortunate that Nortel Networks went down, it could have given
Canada the ability to develop their own communication solutions, including 5G
gear.

~~~
philprx
Its IPR and technology are still alive

------
giarc
I think it's safe to have some skeptism here. Pierre Paul-Hus said the
Americans "laughed" when asked about Canada's ability to test the equipment.
Mr Paul-Hus is a member of the opposition party and we are 7 months out from a
federal election.

The non-political person in the room, Christopher Parsons, said the Americans
expressed “some skepticism”.

------
dade_
I've always assumed that the US hasn't figured out how to use Huawei to spy on
others and the company isn't cooperating with US intelligence agencies. Result
is a global smear campaign. Then, when that fails, create a diplomatic crisis
between Canada and China with an extradition order. Nothing even novel about
the approach.

------
reasonablemann
The issue here is complete regulatory capture by the Canadian telecom
companies. They own everybody in the government who makes these decisions.

------
Wistar
Related: I listened to yesterday's very good Fresh Air interview with David
Sanger.

[https://www.npr.org/programs/fresh-
air/2019/01/31/690290207/...](https://www.npr.org/programs/fresh-
air/2019/01/31/690290207/fresh-air-for-jan-31-2019-could-chinese-telecom-
giant-huawei-puts-u-s-cyber-secu?showDate=2019-01-31)

Sanger is a national security correspondent for the NYT and recently wrote a
book about cyberwar and cyber-sabotage called "The Perfect Weapon."

One key thing I got out of it is that, even though the U.S. has forbid the use
of any Huawei products in the U.S. 5G network build-out, he thinks it would be
very difficult for even the U.S. to sufficiently test Huawei's 5G
infrastructure products — he points hardest at their software-based switches —
to ensure that they are not fundamentally compromised in ways that could give
great advantage to the Chinese government.

Audio and transcripts available at the above link.

------
anfilt
I would agree, it's the same as claiming testing will find all bugs in
software. Some of these devices also have a lot of software. While deep
analysis make it harder to hide things. Analysis does not forgo the
possibility for exploits or back-doors to exist. Why do you think there are
people who wish Intel would sell a CPU without IME, and what have we learned
from Meltdown and Spectre is that finding all exploit avenues is tough.
Moreover, most software does not have proofs to ensure correctness ect.
Silicon designs are tend to have more verification done, but bugs still exist.
Look at any errata sheet for a device.

However, this generally applies to all software and hardware. I guess the big
question is there a possibility of innocuous back-doors vs your run of the
mill exploitable bug.

------
microcolonel
Given how bumbling and third-rate many Canadian institutions are today, I
would generally doubt the Canadian government's ability to assess anything
like this competently.

I'm also not confident in our government's ability to prevent full-on Chinese
state actors from tampering with such an assessment.

Added: though this should not be taken as a reason to defer to the U.S.
government either. Our institutions regularly fail to serve their purposes,
and the first step to solving that is to actually care that it's the case.

~~~
tareqak
Which Canadian institutions would you say are "bumbling and third-rate" today?

~~~
qjighap
You could make a case for everyone being bumbling and third-rate today. Post
an edge case and have a lack of information to counter. I think by not
addressing concerns head on gov't agencies are inviting for this type of
behavior. I don't agree that stating that you have white labs as a defense for
possibly tainted equipment is a full answer. I assume there is more coming
since having a white lab test of equipment would be unreasonable for every
piece of equipment due to workload. Not testing every piece of equipment to be
used isn't a solution either since if Huawei is "evil" then they will just
taint the box going to the correct provider.

While I don't agree with this approach I can see why it happens. For example I
have a smattering of news articles to prove incompetency.
[https://www.cbc.ca/news/canada/north/nwt-health-data-
breach-...](https://www.cbc.ca/news/canada/north/nwt-health-data-breach-
laptop-stolen-1.4726891) [https://www.cbc.ca/news/canada/forget-spy-case-
where-s-brief...](https://www.cbc.ca/news/canada/forget-spy-case-where-s-
briefcase-1.180183) and a bunch of professionals in what amount to a twitter
war.

If the Canadian government doesn't want people talking negatively about them
then there needs to be more transparency. Not to the level of risking a
breach, but something along the lines of a list of safeguards they are
implementing. I wouldn't ever consider one safeguard a solution. If somebody
feels the need to call out where the information is, I would legitimately like
to read it.

~~~
tareqak
Alright, which government institutions worldwide are not "bumbling and third-
rate"?

~~~
qjighap
I am a fan of NIST. They seem to be pushing forward with less than average
amount of bureaucracy. By definition everything should be public and they
don't have any responsiblity for enforcement of the rules which might be a
slow pitch to your question.

Drawing from my roots the Canada Wheat board was always surrounded by heated
arguments and controversal decisions. There was the UN wheat scandal but that
is more a matter of if you believe they are evil and not their level of
incompetancy. They received a significant amount of name calling due to their
decisions and policies, but I can't recall any significant missteps in their
application of the policies they set out to act upon.

------
philprx
The whole story is weird given the fact that they are both 5 eyes

