All US phones have components manufactured in China as well as all over the world. It is not a stretch to think the foreign governments couldn't get in the middle and create vulnerabilities or straight up drop attacks on different components they have access to. How is Huawei any different?
Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world. /shrug operations Shotgiant doesn't matter? If the NSA hack revealed that Huawei was injecting spyware it's time to release the details of how they found out.
There's not even such a thing as a "US phone" though, is there? Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts. Google always outsources its Nexus/Pixel devices to third parties like LG and Motorola. Speaking of Motorola, they are now owned by Chinese manufacturer Lenovo, which has also been in hot water lately over spyware and rootkits in their laptops.
I'm of two minds about the announcement. On the one hand, Huawei and ZTE have both been caught installing backdoors and spyware on their devices in the past. On the other hand, the US three letter agencies have a vested interest in US citizens carrying around easily monitored and tracked devices, and they easily find ways around Constitutional protections against spying within their own borders.
I honestly don't know who to believe in this situation.
Exactly my thought. US gov't even outsources to private contractors that then subcontract and outsource to China for electronic components including chips that can easily end up in our DOD systems. I wonder if this is more of a money or market thing being pushed by the Existing Oligopoly?
Something doesn't appear to add up completely?
That's easy. And moreover, its a bigger threat. With a Huawei phone, the Chinese government has control over everything from the processor to the userspace software. With a small piece of silicon in a fab, the threat surface is much smaller; they'd have to sneak it in against Apple's will, past all of Apple's American-loyal QA.
In the software world, we tend to think about security as an absolute, because computer logic is absolute. In the real world, security is probabilities. How can you minimize the chance of breach while minimizing costs.
Is Apple's QA workforce mostly American or do they have a lot of Chinese H1Bs? I mean loyalty is a fickle thing.
If the 'threat' was real, that makes as much sense as hardening one door in your house, when you have 4 other doors because "you can't protect against every threat model".
Asking Apple to manufacturer their phones outside of the US is a highly expensive action.
That being said if you don’t control the software, modifying manually a handful of devices doesn’t scale. If you modify all of them the chance that you will be spotted is very high. If you control the software and it is encrypted / not readable, you can backdoor all devices of a whole country. So I can see how it is a step up in term of threat level.
But, do they feel above the law? This is certainly a common complaint of South Koreans. These groups are definitely "too big to fail" and they know it. So yes the concentration of power in a few giant firms is remarkable, and not in a good way.
Nope, per recent incidents.
I'd say that is a LOT of influence.
Even if they only had rough suspicions (with rigorous technical underpinnings, just like a security researcher taking their job seriously). The public security community has repeatedly discovered, reported and fixed serious security vulnerabilities without the NSA doing shit all to help out (which is their job) whether they knew about the vulnerability or not, going as far as deliberately pushing back.
The only reason I can see why you'd prefer one argument over the other is if you somehow believe the NSA always has the best interest of the people at heart. But I think we know a little better by now and they might support the people in theory, but there are usually other interests that are bigger and better and more important.
If it was just the NSA saying this I'd be a bit more skeptical. But if the FBI and CIA agree, that seems like sufficient reason to believe that their motives are honest.
My first thought was "Why? Can't they snoop on us with those phones?" Then I thought that they snoop at the network level so I don't think they need anything on the handset to listen in. Maybe I'm wrong about that.
Yes, you should. More than one entity has committed a sin does not make that sin a non-sin.
If China is listening in, then there's a chance I will be denied a visa to visit China or, should I be given a visa and visit, then they can arrest me, etc.
Upsides in either case? None.
So I would rather have China listening in than the US.
What can China do to someone a US citizen, living in the US, using a Huawei phone? Even if all telephone calls are monitored?
What can the US do to someone in the same situation?
Yes, others are in different circumstances and would make a different choice. Best of course would be to have no mass surveillance system.
Sell personal details like credit card numbers or the SSN to a criminal syndicate.
No one said they would spy to steal state secrets.
Another possibility is identity theft. Read about the scandal involving Australian passports used by Israeli secret services in 2010: http://www.smh.com.au/national/mossad-hit-snares-australians....
That kind of ticky-tack stuff seems more like the work of organized crime ring than a national government of a state like China. Anyway, that stuff is subject to much more prosaic risks, like your being at the mercy of your dentist's office's online security set-up.
> That kind of ticky-tack stuff seems more like the work of organized crime ring
seems like you are idealizing China. I idealize neither and wish my privacy to be wrenched back from the illegal search and seizure of the NSA.
You should be worried about the government who has the power to imprison you.
The US absolutely does make lists of "suspicious" citizens. Just look at what the FBI did to protestors of the keystone pipeline.
Also even if you are not of direct interest to China, what about your friends and colleagues? They can use you as a tool to get to those that you have direct communication with.
What can the US do to someone who's not a citizen, living outside the US, with access to their communications? It's not difficult to find an answer to this. China would do the same to you and you won't be able to fight against it because you're not a citizen of China.
"First they came for the Socialists, and I did not speak out—
Because I was not a Socialist...."
We can have discussions and concerns about the NSA while also recognizing foreign nations pose an equal or worse threat. At least with the NSA there is some hope of reigning them in when they overstep.
Honestly? The response to the Snowden leaks would seem to indicate the opposite.
I'm not sure what you mean by this. Certainly China does face national security concerns.
If you are someone working with a military contractor or the government(with any kind of security clearance) I dont think the U.S. would want you using a Chinese phone for obvious reasons
Not that I don't believe this, but can you provide a canonical source to support this claim? I don't keep up with this literature.
Also, the US has blackmailed people, like the FBI attempt to blackmail Martin Luther King Jr. We know the US gathers the porn habits of people who it considers might be a threat, including of a US person (https://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n... ).
So really it's a matter of balancing the odds. The odds are low that either government will care about me. It feels more likely that my life will be upended by a mistake, like what happened with Brandon Mayfield, and a mistake by the US government is far more likely to affect me than a mistake by the Chinese government.
The hypothetical choice is, would I rather have the US or China listening to my phone, if I had to choose one, and "none of the above" was not an option.
It is not easy to assassinate someone in another continent, and I don't live in China.
There's also the chance that the assassination will fail, and even backfire, where the further investigation might reveal agent identities. I'm just not that worthwhile to possibly waste those resources.
(yeah the relationship is more complicated than "hostile" but you get my drift)
For instance Switzerland had some of the most secure and private banking in the world. It was actually a criminal act in Switzerland to reveal the name of an account holder - to anybody, including governments. And so if the US were to request information on a possible US account holder, they would be likely to say no. But given the influence of the US on both Switzerland and on the nations it most heavily depends upon, they've proven themselves unable to say no, and ended up passing all sorts of special laws, just to bend over to US requests that infringed their nation laws and more generally their sovereignty.
Another interesting example with Switzerland is Champagne. Champagne, Switzerland has been making a local wine known as Champagne since the 9th century. Many centuries before the champagne of France even existed. In 2004 the EU told them to stop using the name. And again even if they were likely to say no, they would be unable to do so. As another interesting aside Champagne, using the ubiquitous méthode champenoise, was not invented in France. It was created by an Englishman. What a sordid tale that little drink has!
Would Finland be likely to say no? I don't know - I have very little knowledge of the security arrangements between Finland and the US. Would they be able to say no to the US? Not a chance.
I'd think China, Russia, or Iran would be your best bets if you were seeking countries unlikely to cooperate with US intelligence services.
This seems remarkably unlikely. One would have thought the security industry would have noticed if Huawei had particularly robust security.
Blame North Korea for Sony hack? Nah, no way. Blame Russia for election hacking (even though at most they bought some ads on FB and ran some twitterbots) oh yeah, those manipulative Russians.
You're free to ignore their advice, btw.
It was quite a bit more than "some ads on FB and twitterbots" and to downplay the extent of their actions is disingenuous.
Interestingly WaPo is going counter tight wing as well as left wing predispositions and calling for national voter id.
Or you're saying Americans are so much more deceived and gullible?
The Kochs and the Soroses pump so much more money into manipulating elections what the Russians did was peanuts. People would hardly be complaining if they had instead been on Team Bernie. But since the candidate who could not possibly lose lost a Sure shot, people want and need a ready made answer, enter twitterbots and FB ads.
Anyway, the agreeing narrative phenomenon is most clearly evident in the Assange issue. When he was exposing America's behavior in Europe and the middle east and it also aligned with left ideology, he was a hero, Swedish accusations be damned. Now that his leaks hurt the left, he's a tool of the Russians, of course.
The Kochs (etc) are Americans manipulating the system with their wealth and probably within the law. I resent them for it, but that’s very different from a foreign government attempting to influence the results of a US election. I don’t pretend to know the actual pervasiveness of Russian influence; I’m only saying that your comparison falls flat.
I have to wonder if you might realize this yourself, but choose to ignore it in order to justify your own agenda.
Also, I would be angry with any outcome that was shown to be the result of election tampering. That goes for any candidate, even if I voted for them myself.
Yes. What’s so tricky about that?
Can a Russian, Israeli or Saudi or Mexican citizen in their respective country buy political ads targeting Americans and favoring or disfavoring a particular American candidate for office?
What if they are on vacation in the US?
What if they have jobs in the US, are not citizens, but live here and have an interest in politics?
What if they are here illegally and buy ads favoring or disfavoring a candidate for office?
What if in some cases it was their own money, what if in other cases they were hired by people in their home countries to buy ads?
What if they work in DC and act as foreign agents and pay for lobbying?
Does FB, Tw, etc. track all that?
Yes, lawfully . This is a complicated area of law, which is why foreigners and foreign governments seeking to properly lobby in America hire proper counsel.
It's time to stop this "Russia hacked the Election" non-sense and just accept the fact that Hillary lost in a fair election.
You are very conveniently omitting recent disclosures from facebook that over 126 million Americans may have seen Russia based political posts over a two-year period leading to the election.
This isn't about a particular candidate winning or losing the election. The case would be equally horrifying if Hillary had won the election with the help of a foreign-state-sponsored social media campaign.
And I would implore you to check out the Ted talk I have posted above. It is not about supporting any particular candidate - it simply talks about how powerful these micro-targeted campaigns can be, and we ignore their potential and their effects on democracy at our own peril.
Just like it didn't matter what the exact process by which GW won the contested election. The very fact that the counts were so close means we might as well have tossed a coin.
So... Either one of two things was true: the three letter agency was protecting US consumers or the three letter agency already had Infinera backdoored. My personal opinion in the matter was the former. Why? Because later that same year the data center was shut down one night and off limits for all changes and users. The next day a large, locked and tamper taped mobile rack was in the DC with 100Gb link into core routing. That led me to believe gaining access to siphoning traffic was not really the issue. But I could also be wrong because I wasn't in the know.
This was in 2010-2011, pre-Snowden.
Could also be all three of course.
At it's face value this is indeed true. However, it is interesting there is no mention of Samsung then, right? Why would they be exempt from this recommendation, especially given Samsung phones are hundreds or perhaps thousands of times more prevalent than Huawei and ZTE phones in the US.
Shouldn't the argument from the FBI, CIA, and NSA be that US citizens shouldn't purchase any non-US manufactured phone? I'm skeptical as to the true purpose of the statement. This might possibly indicate that for whatever reason Huawei and ZTE don't play ball with the US when it comes to surveillance and the US intelligence agencies don't like it. If anything, this just raised the probability of me purchasing one of these phones. I'll probably stick with BlackBerry, but I will at least consider these next time I need to buy a new phone.
Well, if you follow the news, apparently South Korea is beholden to Samsung, not the other way around ;)
It may also be relevant that there are no US-manufactured phones. Indeed, even Samsung phones are full of chips from mainland China and Taiwan.
It's notable that Director Wray's response included language about "foreign governments that don't share our values":
> "We're deeply concerned about risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunciations networks."
It was laughable that the Australian Government forbade NBN bids that included Huawei equipment, but happily accepted gear from Cisco.
I wasn't the only one, though (https://news.ycombinator.com/item?id=16381477). It's sad, but if a comment doesn't include enough information to rule out the most inflammatory interpretations, that's where readers will go.
Edit: Also Rex is the kernel and RtOS is the OS.
> “We would obviously rather not remove the apps, but like we do in other countries, we follow the law wherever we do business,” Cook said on a call with analysts to discuss quarterly financial results.
If Apple wants to remain competitive globally from a market share perspective, they need to compete in China (http://gs.statcounter.com/os-market-share/all/china). If the only way to do that is remove apps from the app store, they'll do it.
In fact, the app store is probably the most noticeable change. There could be others that haven't been widely publicized.
Quite a lot, I'm afraid. Please do read the Snowden leaks, it's extremely important historical data. For starters, all major US tech companies are PRISM partners.
Hint: It wasn't a firehose of compromised user data gathered by 'mass suriveliance tools'. It's budget is missing a few zeroes for that.
It was, however, a firehose for serving legal documents.
Having responded to warrants before, I can tell you that it's a drawn out, paperwork-intensive process. Something like PRISM is actually net good for both parties, since governmental relationships are extremely human intensive on both sides at the scale of the large tech players. I can actually understand and sympathize with the USG designing a system to make it more efficient, though the leaks tell us it was flagrantly misused (primarily via NSLs, back door searches, and so on).
Maybe Huawei devices are harder for them to "bug", and that's why they say this. I have no reason to believe they are not lying, after all the lies and cover ups that have been exposed.
"...asked the group to raise their hands if they would recommend private American citizens use products or services made by Apple competitor Huawei or smartphone maker ZTE."
The US Government is not in the business of recommending device brands or services to private individuals, and not making a recommendation is not the same as recommending against.
Now consider what real harm is going to come from US citizens using these phones when don't have any influence on the US government. Are the Chinese going to siphon the data of everyone in the country and use it to plan attacks on the government? Could be. But considering the relationship these two counties have right now, does this seem probable?
We aren't at war with China. But we are slowly giving up market share to foreign companies, which weakens our economy and our negotiating power. Really, the biggest threat to the US from China is not intelligence leaks. It's customers. Once we lose the mobile market, everything else people use through the mobile phone may follow. China's startups could position themselves to become the center of the tech world with a captive user base and tailored platform.
It could be that ZTE and Huawei simply can't be bought, and the US gains nothing by allowing China to dump cheap and powerful smartphones on the market. It's one thing to screen phones in the public sector - but nationally? I'm not buying it.
This is a great opportunity for Huawei to be the first major manufacturer to have a totally open-source stack. It would be immediately unimpeachable; a feature that no other smartphone manufacturer has.
I stand corrected HiSilicon
Too much smoke and mirrors.
What irks me is why does the government insist upon having the ability to monitor everyone willy-nilly when it has been shown consistently that by far most of the information gathered is worthless for both espionage and criminal investigations?Why not return to the older court-approval method for warrants (and get rid of FISA courts and the FISA system entirely).
This entire thread is overloaded with posts that seem to not understand the US intelligence system, its legal authority, how FISA works, how the court system works, et al.
I keep seeing people say that they might be better off with their information outside of the US, because China or Russia can't arrest them if they reside in the US. If your information is outside the US, transited to a foreign service provider, you just dramatically increased the US Government's authority to target your information.
Firstly, What makes you think you know and can state here what I believe? You have no idea.
Secondly, I don't believe that. But I do believe that surveillance is a constantly-changing game (like stepping into a river) and a Chinese vendor will be slower to provide updates to USA intelligence agencies than will a domestic vendor. Hell, domestic communications vendors have willingly followed the instructions of the 3-letter agencies. The time lag could allow one to avoid surveillance.
adventured says >"This entire thread is overloaded with posts that seem to not understand the US intelligence system, its legal authority, how FISA works, how the court system works, et al."
Best to save your breath and worry about the gaps in your own knowledge.
adventured says >"I keep seeing people say that they might be better off with their information outside of the US, because China or Russia can't arrest them if they reside in the US. If your information is outside the US, transited to a foreign service provider, you just dramatically increased the US Government's authority to target your information."
Firstly, that was true for awhile but not now. Foreign or domestic, your data is being collected and is being examined by computers, indexed and stored for future reference. We're already at "Big Brother".
Secondly, I'd like to see the FBI try to bring evidence to a U.S. criminal court that was collected by almost any foreign government's intelligence services. That would be a fast track to dismissal of charges.
(The phone has not been released yet.)
Which phone does the US government recommend I buy?
Made in China*.
It's also worth mentioning that several years ago, the BT in the UK basically installed Huawei equipment all over their core telecom infrastructure.
But at the same time the FBI, CIA, and NSA are probably best informed about just how powerful (smart)phone surveillance can be.
I still want to see the evidence though.
Agreed. To those arguing "the Chinese having all my information is better than the Americans," three points:
1. As 3pt14159 says , just because the Chinese have access to your phone doesn't make it safer against American law enforcement.
2. Every phone isn't made by American or Chinese firms. Don't force a false dichotomy.
3. Economic espionage is a scary threat model. Consider what you know that someone else might find valuable. Few people answer "yes" in respect of political information. Many more answer "yes" in respect of commercial information. That is your blackmail value. Choosing to expand your security cross-section to foreign economic espionage plus domestic political espionage, versus simply the latter, is irrational.
The argument is that being exposed to any peeping tom is bad, no matter who it is.
If no one can't prove to me that there are no peeping toms at all, then a hotel room with a peep hole is still a shitty hotel. But as second class citizens, for all of us, choosing a room with a peep hole is compulsory. Gee, who's fault is that?
Sorry. If I have to sleep in a room with a peep hole, it really doesn't matter much to me who does the heavy breathing on the other side of the wall. I'm supposed to pretend it's not there anyway, and so I shall.
Can the Chinese arrest me and throw me in jail? No. But, for sure, I could get thrown in jail, based on the contents of an electronic device. Are the people who conspire to imprison me friends? Wait, what are they peeping on us for?
This is not the argument I refute. I specifically state what I am refuting: "the Chinese having all my information is better than the Americans." Two things being bad doesn't make them equally bad.
Buying a Huawei phone to safeguard against the NSA is akin to leaving one's door open so there is no peephole for peeping Tom to look through. Yes, within a narrow construction, one is correct. But practically speaking, now both the peeping Tom and the person who opened the door can see in.
RE: commercial information
Can you suggest any good books on what kind of information a "pragmatic" first world government might collect on citizens for blackmail?
I'm having a hard time thinking of examples aside from say sexual taboos or things that people find shameful for diverse personal social reasons (e.g. eating habits, media habits and so on).
When a citizen isn't engaged in explicitly illegal behavior is it really that easy to threaten someone's life/career in exchange for commercial/political information? The types of social/taboo espionage I mentioned above don't seem broadly applicable enough for a government to really bother with it as a generic model for blackmail.
I'm not really saying that to be dismissive but it seems like a shared culture on this site since the fallout of Snowden (right or wrong, I'm just describing how I see things play out here).
HN seems to lean more towards the conception of reality where we're playing 9-Dimensional chess vs "attribute things to ignorance not malice."
Take your account for example. Your username doesn't obviously connect you to a real person, you don't have details in your profile, your submission history is a single article of the NYT but then again, your comment history seems real / thoughtful so you're probably a real person operating a single HN account, but when a whole topic is flooded with the same type of thinking and mostly from accounts that haven't been around that long I get a little suspicious. Of course I'm never bothered enough to put in the work to figuring it out.
People with deviant opinions value anonymity. People who have to live and work in the US don't want to be associated with anti-US opinions for pragmatic reasons.
Between the likes of "Iraq WMDs" or "FISA memo", I don't think I'm going to trust anything the U.S. intelligence and counterintelligence community says, thank you very much.
This is one of the most frequented social media sites for tech people. This place is a perfect target for foreign bots.
Everyone I disagree with is a "foreign bot". I swear this is the new form of American elitism. The fact that the leftists of the coastal regions apply this kind of thinking to even their countrymen only proves my point further.
But, there is this other quality. The in-senate presentation mainly focussed on the governance structures behind Huawei. The government is cross because ex PLA members are vested and its not a transparent company structure.
I think the FBI/CIA/NSA reports are deeply troubling for their lack of specificity, in a context of international trade I am not drawn to entirely believe them.
Remember, this is the nexus of people who alleged sound reasons to go to war in Iraq which turned out to be flawed. Sometimes rumour is conflated with fact.
I know people who work in Huawei. I do not believe they are people of bad intent.
I don't really give a shit myself whether China is spying on me, as I myself have nothing to do with China and don't have any secrets worth stealing, but it would probably be best avoiding any Chinese networking hardware if you have any concerns.
Reminds me a bit of the Slaughterbots: https://www.youtube.com/watch?v=9CO6M2HsoIA
Odd. Isn’t that EXACTLY what the US government was trying to do a few years ago to Apple phones? Get their own personal back door put in?
Australia's ASD would have the same opinion.
And I personally wouldn't get an other Huawei phone after seeing the app shit that had all permissions, was pre-installed, force started and uninstallable.
If you are interested look for : laptops and phones where you are in control and have complete visibility into the operating system, all bundled software, and the deeper levels of your computer.
If wish it were possible to get off the hook by just changing the phone brand and IP.
To a rational mind, 200 years of practical evidence and the elimination of several deadly pathogens should outweigh a handful of legitimate but isolated counterexamples, but they argue against it anyway to the extent that they would risk their children contracting measles, tetanus, diptheria, mumps or rubella over an anecdotal correlation of autism...which even if causal, is difficult, time-consuming and expensive to treat, but not deadly. Yes, sometimes vaccine supplies get contaminated or have adverse effects, but so do batches of milk, spinach, peanut butter, and Chipotle burritos. It hardly justifies a concerted argument against any of these things.
It is craziness, and no amount of logic, evidence, patience or negotiation ever convinces these people otherwise. We may as well dismiss them and move on.
>During years when the flu vaccine is not well matched to circulating influenza viruses, it is possible that no benefit from flu vaccination may be observed.
I'm crazy for not allowing myself to be injected with several strains of influenza virus when the most-optimistic estimates of efficacy are around ~40%.
Calling it a flu "vaccine" seems like a misnomer to me, given the rapidly-mutating nature of the virus.
>We may as well dismiss them and move on.
This is HN.
Of course that won’t save you from the “I f’ing love science”-brigade down voting without rebuttal.
So no, I don't think defending anti-vaxxers with that example is being "fair". I realize you're not really defending their overall position, but even the line of thinking you proposed is deeply flawed.
The flu jab isn't very good, but, in most years it's better than nothing and it's pretty cheap for the government to give me a jab compared to hospitalisation if I get really sick.
Perhaps something like: "maybe it makes sense for the average person to defer to a doctor's opinion with regard to flu vaccine".
In Australia it is common for an employer to pay for their employees to have the seasonal flu vaccine, one or two nurses come to the office / work site to administer the vaccine. So the only new people you're being exposed to are those nurses, for a brief few minutes