>Ms Cave said Huawei had been implicated in alleged cyber theft of data from the African Union’s Ethiopia headquarters. According to multiple reports this year, data was transferred every night from the building for five years. “There’s no proof that Huawei was asked to participate or turn a blind eye to the breach, but we know that there was a breach and Huawei was the key provider,’’ Ms Cave said.
Of course US corporations are just as beholden to government directive. e.g. https://foreignpolicy.com/2016/10/04/how-american-companies-...
And due to the five eyes agreement between US and commonwealth countries there is a lot of espionage data changing hands there. European telephone networks were compromised a long time ago to my understanding
But from a geopolitical ourside vs. their side standpoint Huawei from US point of view is on the wrong side of the fence.
A certain level of spying is always expected. Did Huawei actually breach some unacceptable level, or is this just a manifestation of the US vs. China tradewar, I don't know.
You mean the secret court, with secret rulings, where only the government's case is heard, and 99.9% of requests are granted?
Most criminal indictments are also end in the state's favor, but that doesn't mean the jury system is rigged, it means that prosecutors don't bring cases that they are likely to lose. Similarly, the FBI doesn't apply for a FISA warrant unless they are certain its well warranted and the court's decision will be easy.
A warrant is a warrant. An expression of the governments investigative powers.
The police aren't required to inform you and give you a chance to argue your case in court for why thy shouldn't raid your house for the drugs they're pretty sure you have.
Cops don't need your written permission to point speed radar at your car.
In America they spy on dissidents too. It's just a matter of calling them terrorists.
It'd be a real court if there were a sort of public defender, and the judges simply mediated between both sides. You could see it working in the warrants rejected.
In fact the court is adversarial, though not like you seem to be envisioning. There are many courts in the US, in fact most where no litigation happens because it's inappropriate for the task. So the idea that they are playing "both sides" is a non sequitur.
The role of the court is to ensure that requests are legal and there is sufficient evidence to pursue the task as requested. It's exactly the same as when a judge issues a warrant.
And even within the US, FISA warrants are only applicable to data collected which is intended to be presented in court. The CIA and NSA have no mandate whatsoever to gather data suitable for presentation in court, and investigatory agencies such as the FBI/DEA/ATF, which do have such a mandate, have lots of ways to launder evidence. In practice, FISA warrants are often issued long after the data has already been collected, and the FISA warrant is only requested as a means of laundering the evidence via one of the exceptions to fruit of the poisonous tree (parallel construction, inevitable discovery, or the good faith exception).
As it applies to this situation, I don't see any reason to believe the US is any less likely to spy on anyone than China. If you don't have the means to produce needed technologies yourself, then I'd choose the US or Chinese manufacturers based on other factors, such as cost, or which nation has incentives to use the data they collect against you.
I only got my girlfriend a little pregnant; not like Joe over there, who got his girlfriend fully pregnant.
See I can name meaningless aphorisms too.
Interestingly, I think this would often mean that Americans who are engaged in illicit activity would probably be better off using Chinese services and vice versa.
I don't understand why people feel the need to defend Chinese mega corporations.
edit: I managed to offend a few people with this comment
At least American companies still reside in a somewhat democracy where they’ll actually protect our rights, even if we’re European. Sure it’s not for noble goals, they want to make money, and they won’t if they don’t care for data security.
Google cloud is the prime example of this. The European public sector is spending billions on Clouds these years, and none of that is going to Google, because Google doesn’t protect your data the same way Microsoft does.
I can physically visit the Azure instances that house our data, and nothing but our data, and it never leaves the union.
Maybe the NSA still listens in, maybe China does too, but it’s not legal for them to do so the way it would be in the Alibaba or google clouds.
What does Microsoft do that other cloud providers like Google do not do? If I store my data in GCP region europe-west3 (Frankfurt) are you saying that Google will leak that data to some third party or send it out of that region?
What is the legal difference between the NSA intercepting European GCP traffic and European Azure traffic?
They were also extremely slow to adopt EU legislation required, and still haven’t for all services.
Microsoft by contrast did so immediately, with Amazon doing so as well shortly after.
Still, when I ask our DPO which cloud is better, he’ll point to Azure, then AWS and directly advice against using Google.
Which is a shame, because I’d actually like to use firebase and flutter to up our production effectiveness on mobile. As one example.
It’s also why we solely rely on OpenStreetMap instead of using google maps, even though supporting OSM with server infrastructure to do so is more expensive. At least these days, OSM is a great map service, but we also used it when it wasn’t.
Yes. Every municipality around here goes with Microsoft or their own on premises installations for this very reason.
Corporations are like people - they don't change. You can put on different mask every day, but underneath its the same flesh and bones (or decision makers in this case). I would be wary of the notion that Microsoft is somehow a good moral company in one specific area, when it is amoral in others.
Though, morality is part of corporate culture, and I think different cultures can have different levels of toxicity. Cough Oracle cough. If the corporation is too affected, it may be foolish to even waste time evaluating their, on paper, decent and secure offer. If you have reason to believe they will find a way to throw you under the bus anyway later on.
Yes, Satya Nadella is the CEO of the company, but Azure and Windows are in completely separate organizations, with completely separate senior leadership. The goals of the two organizations are also vastly different, with one is focused on consumer products (Windows) while the other is focused on developer and enterpirse services (Azure). Because of this, the decisions made by one SLT is not at all indicative of another SLT's decisions.
Disclaimer: MSFT Employee working in Azure.
I personally think it's something worth mentioning when it's the most common reason cited for avoiding a chinese company.
If it came to a war, the US and China are both going to shut down whatever communications channels their “enemies” are using. This is just one of the reasons that US DoD is so interested in SpaceX’s StarLink.
Having your shipments intercepted en-route by spies is very different than directly cooperating with those spies. None of those interceptions required cooperation by Cisco.
Cisco complained to the government about the interceptions: https://www.recode.net/2014/5/18/11627004/in-letter-to-obama...
Apple has also famously resisted government demands to develop a backdoor for its hardware. IIRC, all indications were that the government's demands would have been rejected by the court system had the case progressed far enough to provide a definitive answer.
Huawei says, in public, that it's important to their reputation to be known to ship un-backdoored devices. Cisco says the exact same thing.
What really happened: Intelligence Community: "So, we'll demand you backdoor devices, we'll intercept a few and modify them, and then you'll public complain and resist, and then after the media frenzy has died down..."
I don't know much about China but the level of control the government has there is incomparable to any western country
Grandparent is specifically talking about the US, where Apple has successfully fought against orders.
In fact TLAs would want it to appear that they'd been rebuffed -- there's not much point in them having access to devices that no one will use because they know about that access.
Apple has a vested interest in being honest and transparent about this specifically because nobody would trust them if it was discovered that they'd been secretly cooperating with everything in private while denying it in public. A revelation like that would literally ruin them as a company, and that's generally not the end goal for most companies.
Whereas the U.S. government regularly meddles around the globe, no matter where you are.
But compare attacks on IP with politically relevant incidents like these:
Maybe the world would be better off but unless that's reciprocated by those Chinese companies creating world class technology based on European work then it's just suicide for European industry.
If Chinese companies are able to steal industrial secrets that allow them to produce better cars cheaper than say VW or BMW that might be very good for the world but not so great for European jobs.
You might be fine with that but I, personally, am not.
You are right that I am against European intellectual property and intellectual property in general.
The industry should be open for or even leading modern lifestyle trends of rich modern free societies. In particular, I think these EU politics are insane and extremely costly and prohibitive and detrimental too a modern society:
Poverty is detrimental to everyone and everything except slave holders and wage slavery.
A rich neighbor is better than a poor neighbor.
Technology removes poverty.
EU manufacturing has been transferred to China because of competition by low wages. As China advances, the people in China will hopefully demand a better quality of life instead of engaging in competition by low wage and low quality of life.
I am European and I hope that Europe will benefit the world by proposing a good lifestyle for modern wealthy societies and related products. I doubt that IP and keeping the rest of the world poorer and less developed is economically and technically and morally the right approach.
I like this note: https://www.youtube.com/watch?v=XdLRiaCjRkw&t=2015
Unlike most physical goods, information can benefit everyone at almost no additional cost.
The sooner China and any other country can advance science and world class technology, the better for everyone. Europe will then "steal" from them.
If Chinese companies can produce products like cars and solar panels that help to fight climate change and air pollution and destruction of the environment for fossil fuel then they deserve their profits even more while VW and BMW do not.
> The employee, Roy Jones, 49, who was let go by the hotel giant, has revealed to the Wall Street Journal handled social media accounts from his desk at a customer engagement center in Omaha, Nebraska.
> According to WSJ, Jones says he had no idea that he would lose his $14 per hour job after "liking a tweet".
> > Friends of Tibet congratulate global hotel chain #Marriott International for listing #Tibet as a country along with #HongKong and #Taiwan. pic.twitter.com/SXKWb20v3e— Friends of Tibet (@friendsoftibet) January 9, 2018
> Jones told the WSJ he wasn’t aware of any instructions on dealing with China. He also said he didn’t fully understand what the issue was about.
> “This job was all I had,” Jones also said. “I’m at the age now where I don’t have many opportunities.”
It's not the Iraq war, but it's also not something you would want to happen to you. Currently Marriott employees are on strike... because of wages, nobody gives a shit about that guy. He's just gone, maybe he has another job now, maybe not, who cares.
And for what, again? For liking a tweet, which China doesn't like because they're occupying Tibet so brutally for so long now and think that gives them the right.
Though that employee had no clue what it was about, it boils down to that they want to force you to look the other way. Oh, you can know that other people are being tortured and killed, but you can't speak out, at all. So either you stay ignorant of what you can't help, or you have this on your mind.
But this not just another thing in life, like being disallowed entry into one country of hundreds. A person who is denied the right to speak out against the brutalization of others, is being brutalized themselves every second of their life from here on out. The fact it's in a way we don't recognize and internalize instead, make part of ourselves, makes it so much worse to me. I can't accept that others accept it, their acceptance is futile. They can have the world, they cannot have me.
> Mercedes, which is owned by Daimler, (DDAIF) ran afoul of China's stance when it paired a quote attributed to the Dalai Lama with a photo of one of its luxury sedans on Instagram -- a social media platform that is banned in China.
> "Look at situations from all angles, and you will become more open," the quote read.
> The ad was posted on Monday and garnered nearly 90,000 likes before Mercedes deleted it the following day, according to a screenshot posted by Chinese state media.
> The Global Times, a state-run newspaper that often strikes a nationalistic tone, criticized Mercedes, saying the company was quick to respond to the incident but shouldn't make such mistakes in the first place.
> Mercedes issued a statement in Chinese about the incident on Weibo, China's equivalent of Twitter (TWTR), offering a "sincere apology" three separate times.
They posted a "quote commonly attributed to the Daila Llama", without mentioning the name Dalai Llama, on their instagram, which isn't even accessible in China. And then they apologized three times after deleting it.
Don't just ask what X or Y are currently doing, ask what X and Y are. These two examples aren't the only ones, and I bet you, everything else staying as it is, they won't be the last. If you give totalitarianism the little finger, it cannot help but want the hand, just like a scorpion must sting.
> If the totalitarian conqueror conducts himself everywhere as though he were at home, by the same token he must treat his own population as though he were a foreign conqueror.
-- Hannah Arendt
That's why the Iraq war "predicted Snowden and killbots", if you just squint right.
I think the opposite is also true, if you want to control your people completely, you need to control more than "your" people. That both elements in China and elements in the US (and countries in the EU and many others, let's say all countries for the sake of simplicity) want that is of no help to, uhh, decent folk anywhere. They don't benefit from being used as cannon fodder against this other battleship that uses "its" people as cannon fodder. All oppressive regimes can make an agreement before you can say "oh shit", and then focus on subduing their own populations with the means they built while having other nations as an excuse.
So the fact that "we" or "others" are "doing it too" should make the alarm bells louder, not more quiet.
> Hitler can say that the Jews started the war, and if he survives that will become official history. He can’t say that two and two are five, because for the purposes of, say, ballistics they have to make four. But if the sort of world that I am afraid of arrives, a world of two or three great superstates which are unable to conquer one another, two and two could become five if the fuhrer wished it. That, so far as I can see, is the direction in which we are actually moving, though, of course, the process is reversible.
-- George Orwell, letter to Noel Willmett (1944)
And in this case, it's even fair to point out the hipocrisy of the US asking allies to drop Huawei for reasons smart allies should also drop US produced things for. But then again, we know all that, and we actually do have threads about that stuff as well, so why not also have one about Huawei.
Except they aren't. Just the fact that you mention "both" sides shows your ignorance. The alternative to Huawei, as I have mentioned, is not an American corporation it is a European one (Ericsson or Nokia). This isn't a case of the American government forcing allies to abandon Huawei so an American corporation can profit.
Ericsson works on 5G with Fujitsu, so that looks more like US-free option.
I mean, from dslams, to routers, olts, cpe etc
If wanted to set up an ISP could I without buying non-eu vendors?
Samsung and LG are both Korea-based, and Sony is from Japan.
P.S. using non-U.S. and non-Chinese equipment won't protect you from a hack. Both countries are known to have successful vulnerability exploitation programs.
But they are also, really, unpredictable lately. George W. Bush was reelected after(!) starting 2 wars. Donald Trump is...well... unpredictable. And I have yet to see him be ousted in 2020. Let alone what the next Donald Trump looks like.
Imagine if someone came along with the same ideas who actually knows how to get stuff done in Washington.
It's just better to be self-sufficient in anything relating to critical infrastructure. As the Americans themselves say: hope for the best, prepare for the worst.
Only if you belive in reparations, that children and those who had no say are somehow bound by their country and ancestors.
And don't count eastern Europe.
I owe gratitude for the American soldiers who fought the Nazis - because if they hadn't done that I would live in a very different world. Probably I would not exist. So I am grateful to those people.
Trump seems like a wildcard but his actions are predictable.
First, those are their neighbors with which they have territorial disputes, like every other country (as borders where not there when the Earth was created, nor where they god given). Not some colonial grab, just out of pure greed, thousands of miles away, and with no prior provocation or history between the two countries.
Second, Mongols invaded and dominated China. You got your facts reversed. Ever heard of this guy, Genghis Khan?
Third, if we considered the same for the EU/US for example, we'd add the genocide of native americans, the abduction and slavery of 20+ million blacks for 4 centuries in the US South, colonial grabs and wars all over the planet (at some point 2/3rds of Earth were slaves under European colonial powers, not the inverse), tons of wars, the land grab of Mexico (California, Texas, etc), Hawaii, Phillipines, and Puerto Rico, the genocide of indigenous people of the Americas , and so on and so forth, plus 2 world wars, the genocide of the Jews, and the only atomic bombs to even fall (and on civillians).
Yeah, tell me again how bad China has been?
Is that how it is called now?
Employees and officers of US corporations are not immune to government orders. Particularly, NSLs directed at information held by corporations can be, and often are, addresses to particular officers as orders to that officer, who is often ordered to deliver the requested material in person to the relevant government office.
> For example, the US government could compel Lavabit (the company) to hand over signing keys; but they couldn’t compel the employees/founders of Lavabit to keep working there,
No, but that doesn't protect them individually from government orders to provide information, the authority for which applies to any person, not just corporations (corporations are covered because they are juridical persons.)
> It’s not illegal to choose to dissolve a company in protest of a US government directive.
It actually is illegal to do anything (other than filing a sealed challenge in court to the non-disclosure provision) in protest of an NSL with a non-disclosure provision, since such a protest itself violates the non-disclosure provision.
And, yes, even aside from that, it would probsbly also be illegal to voluntarily surrender access to info you have been ordered to provide to the government rather than providing that info as ordered.
His case was covered in the news, and he still went to federal prison for four years. And every other US telecom CEO knows it.
Another narrative, to my mind equally plausible, is that Nacchio was essentially a crook who got caught up in a wave of corporate crime enforcement in the wake of the Enron scandal for making somewhere between 32MM (Nacchio's experts' take) and 100MM (the USG's take) selling stock he knew, sometimes within days, would be worth a fraction of what he was selling it for.
But die by the sword, perhaps live by the sword: the NSA scandal provides Nacchio's best tool for rehabilitating his image.
I think a read of the case on PACER sort of bears out that narrative. You can just skip to the competing sentencing memoranda (note what Nacchio stipulates to) to get the particulars of what he's charged with, and get a sense for how sweeping the behavior was and how likely it was to have been tied specifically to NSA.
I don't like NSA any more than you do, but I think I like corporate crooks even less.
I mean, that was basically the extent of it though. There has been little-to-no actual systemic change.
The outcome, of course, is the same. It is rich that the U.S. is asking other countries not to use Huawei equipment, when the Snowden leaks indicate the U.S. government was using interdiction to hack other countries' governments.
So it seems that Huawei is the safest option for any US and European citizen.
I'd rather have my data safe with the Chinese government, a country that is on the other side of the globe and has practically zero influence on my life, that sharing it with the US or my own governments, which are there, and can make my life hell for any or no reason at all, and have the means to actually hurt me.
And yes, if I can't avoid it, I'd much rather share my internet search history with an unknown entity on the other side of the world, than with my own wife.
Sometimes, companies willingly provide the access (e.g. NSA closet at AT&T), other times, it is more sneakily obtained. But, a system with a backdoor is much more likely to be compromised than a system without one.
Edit: I should be clear that any closed source infrastructure is potentially subject to the problem of infiltration. But, a company intentionally putting a hole in the system makes the job even easier. The opportunities for an infiltrator to poke a secret hole into the system are much smaller than the opportunities for obtaining the key to an already existent hole. A hole that is protected from discovery by the company itself is much less likely to be detected by other teams, etc. I mean, to really make a secret hole, you need things like process and network activity statuses to ignore you, logging to not see you, you can't show up in an obvious way on the filesystem, etc. You probably have to have cooperation across at least a few subsystems. It's much easier to exploit an already exploited system, is what I'm trying to say, because you don't actually have to exploit the system, anymore, just the people/organization who builds the system and people are easier to crack than encryption keys.
>I'd rather have my data safe with the Chinese government
What makes you think (y)our data wouldn't be sold to the highest global bidder or hacked?
>a country that is on the other side of the globe
It's called the world wide web for a reason.
>practically zero influence on my life
Western countries are very much influenced by China.
>sharing it with the US or my own governments, which are there, and can make my life hell for any or no reason at all, and have the means to actually hurt me.
Given all of your personal private data, anyone around the world with a computer has the means to actually hurt you.
This is strictly forbidden in US intelligence policy.
That's an interesting take, but you are assuming china's influence won't keep growing.
Or more worrisome, what if china, EU, Russia and the US decide to share data in the future.
The only way to be "safe and free" is legislation curbing intelligence agencies snooping on people. Unfortunately, these intelligence agencies appear to be operating above or beyond the law.
Regardless of the content of the article, I found this quote hilarious: one surveillance agency accusing another group of spying.
I wouldn't have substantially higher trust in something made in the U.S. or other "five eyes" countries either. These governments do not respect the privacy of their citizens, as evidenced by the NSA's recent breaches. Some countries do slightly better than others (e.g. Canada probably isn't as bad as the U.S. yet). However, on the whole, privacy rights seem to be on the decline in these countries. Treaties and cooperation between the security agencies of these countries drag everyone down to the lowest common denominator.
I agree the US is better about permitting public protest. But if the directors of these US agencies can lie to Congress without consequence then does it really matter?
There is a lot of institutional momentum in the US to keep doing bad things, including a crushing blanket of a media that cares a lot more about pop culture than anything else. But it is nice to not fear much for writing this.
That seems like a pretty radical position to take - I'd bet that Congress has a rule in place saying "you can't lie to us".
How are you justifying that as a stance? What more do you want Congress to do? And how will that be different from trial by media?
Congress could investigate, or keep talking about it, or push for something to be done to negatively impact the parties that did it, or anything really. Even the slightest deviation from the present course of "don't say out loud that it happened and hope everyone forgets," would be a welcome show of some backbone.
>And how will that be different from trial by media?
Look at history to see the many things Congress can do when someone tries to pull something on them. They have options, they just aren't taking any.
Are China's counterparts held accountable by China's people? And no, China's communist party is not China's people.
Yes, the NSA has done terrible things in the past. The only way we know about it is because of journalism.
For some audiences, there's definitely a case to be made for "well, every officer in the PRC government from a truancy-officer on up can read your email, but the FBI (or any local LEO who can construct some flimsy National Security premise t them) can't."
It is a bit like an Olympic athlete losing a race and seriously complaining that the competition trained too hard and challenging them to 'live a little more' (imagining that scene with a slightly miffed but condescending athlete cracks me up) - I mean, theoretically maybe, but the attitude that the competition should just give up is pretty funny.
Particularly if you are a woman, minority, journalist, or business-owner, as  highlights, you may be safer from such abuses.
1 - https://theweek.com/speedreads/651668/hundreds-police-office...
Huawei has completely opened its source code and hardware to several governments, including UK, Canada and Germany, for security testing. Their findings are much more informative and objective.
Best security doesn’t come from paranoia of certain countries. It comes from evidence based and rigorous testing and research.
What does this even mean? If I give a batch of governments some of my super secret text files and pinky promise that's what's in the hardware I'm giving them, they should believe me?
The US can be trusted to advance its own interests. So can China. Everyone else had best evaluate their threat vectors and find out where their interests conflict with bigger and stronger interests.
Your comment history might have predicted that you'd comment on this topic. You don't have many other interests.
The only way to even start considering any of the current telecom vendors (including Huawei, NSN, etc) as not malicious is to have them offer their code under a libre license that bars tivoization, otherwise there is no guarantee that you can load the firmware they gave you the source to onto the LTE base stations sold your company.
My point is not testing centers can provide 100% guarantee; such guarantee does not exist in the security field. However, shared hardware and rigorous testing provide far better security than blind trust and paranoia.
Also, what's wrong with being interested in sino-US technological relationship?
It is simply incorrect to imply that reading vendor provided source can usefully decrease the possibility of a targeted attack. Comparing (hardware provided?) software checksums is not a real improvement. Juxtaposed with your "interest" in the topic, such an argument naturally arouses suspicion (sorry).
There is obviously nothing "wrong" with being interested in this fascinating clash of powerful interests, the amount of interest each discussion gets shows you are not alone.
So I'm not just hammering at what you've said, I'll make my own statement: There's absolutely nothing you can do to defend against a motivated attacker providing you with complex computer hardware (let's say anything that has software/firmware). Corollary: It's a fool's game to use hardware from those whose interests conflict with your own.
China and the US have a massive conflict of their interests. Each should not use hardware provided by the other. The risk for each is real and unavoidable.
These measures does not offer perfect security. It simply makes the cost of hacking and chance of being caught very high, even for state actors. We could achieve fairly strong security at an affordable cost for most civilian uses. At least, tested Huawei hardware may be a good alternative to untested hardware from another vendor (which is probably manufactured in China too) at an inflated price.
Of course, if you are still concerned, why not take a course on microprocessor and build your own CPU? ;)
Another completely different line of discussion is whether I personally am concerned at all (I'm not), and what I should do about it (nothing, but governments certainly should build their own CPU).
> We could achieve fairly strong security at an affordable cost
No. We cannot achieve strong security in a device that comes with software. You also cannot (at the time of this writing) prove that the actual hardware you personally are running is trustworthy without spending enough that the "affordable cost" becomes a moot point.
A wide swath of civilian uses can probably come out on top of the cost/benefit analysis just because their interests don't get in the way of governmental conflicts (or they can make enough money in the meantime). It's only from the perspective of a government that this conversation makes any sense at all.
Also, this is not paranoia, it's a geostrategic fight based on the reality that a) China and US/West are doing a lot to actively spy on one another b) they're in a trade war.
Also China does not have an open market for US/Western products and I don't see any reason why the same rules applied by China to the West should not apply to Chinese companies coming to the West. That would be closer to 'fair free trade'.
But yes - if the hardware and software are both open for inspection - that is a kind of 'truth' as you say.
and companies should then be able to decide for themselves.
Question: is it true though that both hardware and software are in fact fully open? How do they maintain their IP in this case?
Now there is a legitimate national security concern about having the world's telecom equipment manufactured by a single company. But there's only so much can do under existing trade treaties. It's also really not a good look for the US and the West to be seen actively trying to disrupt the free market at work. And so we get this concocted story about spying. It's concocted because nobody, despite spending millions and millions of dollars investigating Huawei and studying its boxes, has ever shown the company participating in anything like espionage. Most people can see through this blatant protectionist hypocrisy . Ironically all the security research on Huawei has only served to make their products much more secure than the competition.
Huawei is a state-backed organization working from a closed, controlled economy where not even information, let alone products, services and capital flow freely.
So if the cost of having to inspect every single piece of Huawei gear, plus check and load the software still keeps them 'competitive' then it might be worth it to outsiders, but probably not.
Given that it's commodity gear, perhaps someone will come along, say from Taiwan ... and produce the same thing at competitive costs, wherein security is not a factor and then, yes, that entity would be poised to dominate on price.
Does China government have the incentives to take the advantages when it has the opportunity?
Does Huawei have the incentives/disincentives to/not to respond to the demands of the government?
For example, making and distributing pornography with children is legal in about 20% of the world, yet no US-based international social media sites allow it, even the ones with an 'adult' focus.
We can't expect companies in other countries not to embed their host countries laws and customs into their products either.
I think you'll have a better time making the argument by talking about how US-based social media sites treat female nipples as pornographic. That said, your argument breaks down because unlike e.g. cloud providers, social media sites generally have no incentive to have isolated regional data centers that would allow hosting content that would be illegal to host in the US (as the way I understand the laws, mere possession of child porn is already illegal even without intent to distribute).
There are good reasons for child porn to be illegal even without taking US laws into account (e.g. that it usually depicts child abuse, that it's by definition non-consensual and that it violates the victim's right to their own image and their right to privacy).
Arguments exist why certain things should or shouldn't be considered child porn (e.g. fictional drawings/renderings) or how those laws should be enforced. Also some jurisdictions may not have specific laws against child porn but consider it illegal because of other, more general laws (see above).
A quick google search suggests that most of the countries that don't consider child porn illegal likely also consider many things legal others would rightfully (i.e. there's plenty of evidence to back this view up) consider child abuse (e.g. FGM, child marriage, child labor, etc). So even without US laws I bet most companies would prefer taking the ethical stance of not permitting every "legal activity" for users in those countries.
This collapses the continuum of the rule of law into a false binary. Americans and foreigners alike can successfully challenge the U.S. government in independent courts. None of those elements exist in China.
This seems like pretending there is nuance that there simply isn't. The system is a charade around the reality that US intelligence has virtually identical inroads to US corporations.
While FISA courts are technically under the judicial branch, I agree they’re an affront to the rule of law. Most cases don’t go through the FISA courts, however. In China, everything goes through the equivalent of a FISA court. (Arguable worse, since China’s courts report to the party.)
Basically if you are a big enough company in China, you aren't gonna get away from this, either by introducing red capital yourself, or the red capital is gonna force their way in when you want to go public(you need to apply for it in China and the quota is very limited).
One of the least shady example:
Since Alibaba is a publicly traded company, can't anyone hold stock in it?
There was endless speculation  that Jack Ma was forced out of power at Alibaba, by the government over concerns about the tech giants becoming too central to the Chinese economy and communications. Jack Ma was probably the most powerful person in China next to Xi.
Every connection between devices should be encrypted as if it's going over the internet. That's the basis of BeyondCorp, and many companies are going that way.
It's far more sensible to secure just two endpoints than it is to also secure all the wireless links, routers, and cables between them.
Now, when the adversary gets control of your routers, it doesn't matter - they can't steal anything of value. The worst they can do is cause a brief outage, for which they'll be immediately detected.
I agree with your general sentiment though.
To be honest, no manufacturer can be truly trusted, but given the vastly different political and social ideologies between China and the West it seems reasonable that they're picking their poison.
It would be suicidal for Huawei to ship any eqipment to Western carriers with actual backdoors. European governments usually require through audit of the code that runs their networks and vendors are required to have reproducable builds for the same. The UK government for instance has the Huawei Cyber Security Evaluation Centre responsible for vetting the Huawei equipment that gets used by British carriers. Like TFA says, "The U.K. government said in July it found shortcomings in the process." They did't find any backdoors or any actual vunerebilities but did report "variable engineering quality". Like any large and complex codebase produced by thousands of engineers, parts of the code may be downright ugly but that does not make it malicious.
Anyways, the CSEC report did have its intended effect and now significant resources are being expended to refactor legacy code. Nothing motivates management like a possible loss of revenue from bad PR ;)
Then again the NSA hacked into Huawei HQ so they might know something that others don't. Speaking of which, how is the search for WMDs in Iraq coming along?
Largely the allegations against Huawei could be leveled against any company, thus it feels like a competitor has hired enough lobbyist firms in DC to create the FUD necessary to sanction specifically Huawei.
Not all employees would be in on the espionage attempts either. It'd have to be a very limited circle that knows about it.
That is bordering on fake news. Huawei was not part of the inital group of companies invited by DoT. I have no idea why Huawei was exculed earlier and then invited later. Bu then again, that's Indian babudom for you.
> Not all employees would be in on the espionage attempts either. It'd have to be a very limited circle that knows about it.
My point was entirely about what would be in any company's rational self-interest and the findings of Western countries that evaluate Huawei equipment. Honestly, I wish the Indian governemnt would do something similar with all vendors.
But it's ok for Huawei to sell to Australian businesses and consumers. So much for government protecting its own people.
There's so many ways to hide something within the software or hardware that it's incredibly hard to vet its security.
The US is currently in a cyber cold war with china. It's very probable that there are hardware backdoors within these products.
Then you're in a weird world, where a flagship smartphone has backdoors created by Samsung, Google, three different governments and the weird guy that worked with the chip design in team #7.
Taken with an appropriate amount of salt indeed... a metric ton.
What's the difference? I'd imagine that any mediocre and above intelligence agency would be smart enough to make it look like the backdoor was "just a random bug".
If they are giving the bug the name "CN_rear_entrance" or anything like it, or talk about how it can be used in code comments, I would say they are a worse than mediocre intelligence agency.
Financial Times story about the case:
Discussion on HN:
A factory within the UK, owned by Huawei's UK arm - with restrictions entry, that is then used for security assurance of the products BT uses.
Then there's the other side of the coin. The Chinese boycotting of US Corporations. China alone has more population and manufacturing than the US and EU combined. Does the West really want to lose a market that's 20% of the whole world? Probably not.
"Trade Wars are good and easy to win." /s
What this really says is that some companies and countries can access all markets without concerns but when others try to grow their market access will be restricted with scaremongering, bullying and political games perpetuating an artificial marketplace.
Its the ideologues who always argue on 'free markets' and
'competition' in absolute terms who should wake up to how little the real world has to do with their idealized constructs.
oh the irony
But don't forget all smartphones are pwned.
This is the safest assumption
If, however, you don't subscribe to the starving lifestyle, such blanket assumption are useless.
Same for phones: do you just not use a phone? Does the poster above you rely on the heuristic that people using the term "pwned" generally don't have much of relevance to say anyway?
Because if everything is terrible, and everyone is corrupt, and there is absolutely no use in considering the probability that some options are less terrible than others, and that there may be signs the public can pick up on to make decisions, then congratulations: those believes do help in feeling really smug about your cynicism. But they don't really help otherwise.
Yes, quite a bit . Here’s an apolitical example:
“In July 2012, Felix Lindner and Gregor Kopf gave a conference at Defcon to announce that they uncovered several critical vulnerabilities in Huawei routers (models AR18 and AR29)which could be used to get remote access to the device. The researchers said that Huawei ‘doesn't have a security contact for reporting vulnerabilities, doesn't put out security advisories and doesn't say what bugs have been fixed in its firmware updates’, and as a result, the vulnerabilities have not been publicly disclosed.”
In summary, the best case is Huawei is incompetent.
Given “Cisco [has previosuly] revealed parts of [an] independent expert's report produced for [a] case which proved that Huawei had stolen Cisco code and directly copied it into their products,” that wouldn’t be surprising.
At the end of the day, you have a company with strong links (down to its founder) to the military of an adversarial dictatorship and which has been proven to have violated international sanctions with Iran, North Korea, Syria and Venezuela. This isn’t a “beyond reasonable doubt” criminal case. It’s a reasonable weighing of odds determination.
DUAL_EC_DRBG was included in BSAFE and Juniper products. So even if we assume the worst of Huawei, it's really a matter of which back door you want in your networking equipment. My hope is that these constant accusations make Huawei drive big improvements in reproducible builds, source-available software, and verifiable hardware. But I'm not holding my breath.
The point being made is that industry-level security is not real evidence of malicious behavior on huawei's part. If you want people to avoid huawei, present proof.
This sort of pure propaganda just undermines your case. The founder of Huawei was never more than a low level engineer in the military, was forbidden from joining the CCP for many years .
He was banned and then “selected as a delegate from PLA to attend the National Science Conference” all before founding Huawei.
If this is the best hard evidence the US can bring forward, then the whole allegation sounds entirely political-driven.
What kind of logic is that?
Taiwan, Japan and South Korea aren't afraid of the US. They are afraid of China.
Finland, Romania, Poland, Ukraine and Estonia aren't afraid the US will invade and annex their territory. They are afraid of Russia's territorial ambitions in Eastern Europe.
For example, how do you think Australia feels about it right now?
"China’s peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Premier Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other’s commercial secrets."
"China reportedly steps up efforts to steal Australian company secrets"
Given how easy it should be for a capable government like the US to find something like this (especially given how common huawei gear is) and how "friendly" the US has been with China, I would expect to have seen at least some evidence surface by now. In fact, I would take the lack of evidence as a testimony to the innocence of huawei and the security of their hardware.
As someone with a lot of huawei in their infrastructure, this is what I really want to know as well.
The US government has lost a lot of credibility over the last few decades with its lopsided foreign policies that completely tip towards self-serving and agenda-pushing rather than decency and public good. There is nothing indicating that this particular issue is any different.
Unless the US government shows hard evidence that the company is harming us, we're not ditching them.
Innocent until proven guilty applies to entities you don't like too.
There is evidence that the US spy agency hacked in Huawei HQ for years and still the US cannot produce evidence of Huawei wrongdoing. But then again it's possible the US don't want to disclose it's intel source.
protecting people's IP is now a "jackboot regime"?