
Huawei: NZ bars Chinese firm on national security fears - clouddrover
https://www.bbc.com/news/business-46368001
======
cbzbc
The UK government started worrying about the same thing when Huawei won a
bunch of BT 21CN contracts for network renewal.

The chosen solution in that case was to set up a dedicated engineering
facility onshore, where evaluation of the products could be performed at
various levels before deployment.

[https://www.gov.uk/government/publications/huawei-cyber-
secu...](https://www.gov.uk/government/publications/huawei-cyber-security-
evaluation-centre-oversight-board-annual-report-2017)

~~~
ardy42
> The chosen solution in that case was to set up a dedicated engineering
> facility onshore, where evaluation of the products could be performed at
> various levels before deployment.

Honestly, that doesn't seem like a good plan. While such a lab is better than
nothing, it doesn't protect the UK against attacks it didn't understand or
think to look for. I'm reminded of this Soviet bug that was given to the
American embassy in Moscow and lay undetected for seven years.

[https://en.wikipedia.org/wiki/The_Thing_(listening_device)](https://en.wikipedia.org/wiki/The_Thing_\(listening_device\))

The fact that the lab was _created_ for Huawei tells me they're not trusted
enough. The smart thing to do is to pick vendors you already trust not to bug
you, and then do the extensive verification as an additional check.

~~~
cbzbc
My description of what they did was not meant as an endorsement.

That said; in an age where a large percentage of physical devices/device parts
are made in China - protecting against attacks you don't understand or think
to look for is a non trivial exercise and can't be avoided merely by changing
vendor (though doing so may make an attack harder).

~~~
Lio
I think that's actually part of the problem. The choice by BT to go with
Huawei for 21CN effectively killed off home grown Marconi products.

BT saved a bit of money short term and Ben Verwaayen got his bonus but long
term they are now dependant on products they can't really control where before
they could pop down the road to Chelmsford and go and speak to the design
team.

------
mtrovo
I think the public reason to ban them is totally fine but there’s a lot of
more stuff in play here.

Think about the presence of Android in China, they worry about Android phones
having Play services calling home with more data than it’s needed to work
properly. This is not theory, it was shown in the past and we never know how
much data we’re sending back to Google or even Facebook just by owning an
Android device. So they block Google Play services, in the name of its
citizens right to privacy or whatever. Now the same due diligence is not taken
into account for the same kind of services provided by local companies. They
can operate without a lot of backslash over data collection or backdoors. But
for them (Chinese government) this is still a better alternative. Because the
data is not siting on a data center in US waiting to be mined by some agency
that happen to have three letters and no need for a mandate to look at data
from non citizens.

So the reason to ban them is right, but it’s not just banning them to spy on
us. This is also saying that if somebody is going to spy on our communications
it better be on our side of the fence. Maybe Cisco could win without a lot of
fuss about “possible threats that we don’t understand right now”. Maybe Cisco
also have code with dubious quality, or even straight malicious, but at least
the data exfiltration is not sitting on a data center in China.

~~~
guitarbill
Is it though? A much simpler explaination is that China - like any nation -
can compel it's citizens quite easily to do something (carrot or stick). And
tapping into/backdooring infrastructure a very effective approach.

How do the Five Eyes governments know this? Because they were doing the exact
same thing, with help from e.g. telcos. But most foreign telcos are somewhat
well monitored, so attacking the hardware is the next logical step.

There's no mystery here, it's just they can't come right out and say "this is
how we _would have_ done it", because they probably did.

------
paraditedc
nvm (comment removed)

~~~
pcdoodle
Filling our landfills full of disposable products? Copying our IP? I love
Aliexpress for some things, however we are subsidizing the shipping for most
products on there with our tax dollars (This might change soon). $7 for me to
ship a few states away, less that $1 for most Chinese products to US vis USPS.
Even the Chinese don't trust most Chinese Products (Chinese Girlfriend).

~~~
prolikewh0a
>Filling our landfills full of disposable products?

This is rampant capitalistic consumerism, nothing to do with China.

>Copying our IP?

Doesn't really matter. Who do IP's benefit? Not the consumer, only the already
super wealthy. Hint: the very large majority of the world is not wealthy.

Taxes went up on products from Aliexpress. Shipping from China to USA is much
more efficient than the other way around.

When I'm subsidizing health insurance, food stamps, and medicare on Walmart,
Amazon, Starbucks, etc, to put billions more in Bezos pocket, I could care
less about something that actually benefits lower income people with
affordable products that would be well out of reach in USA. Raise wages and
people who were using Aliexpress will start buying domestic.

~~~
guitarbill
> Who do IP's benefit? Not the consumer, only the already super wealthy. Hint:
> the very large majority of the world is not wealthy.

I'm no fan of copyright or software patents, but that's a bit too simple. Good
R&D is complicated and favours highly educated/skilled workers. Even if you
don't like companies, it's quite unfair that people who have have spent a long
time becoming domain experts should lose their livelihood because of outside
forces breaking the law - international law mind (AFAIK).

