It's fairly simple. Did the app you download have anti-American sentiment posted on it? Banned. It could have been Chinese propaganda after all. Same goes for video hosting, web hosting, etc.
Isn't this why we have the legal system? Companies could sue the US government for that sort of thing? Or do you feel like the judicial arm of our government would not defend the rights of those companies? Or would the laws surrounding this plan be worded such that companies have no legal recourse? I still fail to understand this fear.
Would you invest in a disruptive new startup that made an app which allows individuals to communicate with end-to-end encryption, and had no restrictions on "anti-American" sentiment (meaning "anti- some particular political party" sentiment)?
The startup might win the court case, but you might lose your money before the government gives up its appeals and injunctions.
It looks like we are breaking the internet up along the lines of political boundaries. The US will have one internet, the EU another, China yet another... Hopefully the pendulum will swing back in the other direction soon...
This shouldn't be downvoted - it's relevant to hackers here because the executive branch found an effective way to hack the electoral process. Socio-political engineering at its finest!
Many municipalities have no-justification-needed absentee voting (vote-by-mail by any other name) which can be dropped off often weeks before in-person voting occurs. Likewise many places have early in-person voting.
1. Check your voter registration.
2. Register to vote if you need to and it's still open for registration in your state.
3. VOTE as soon as you can. If you're voting absentee then drop off your ballot early if possible. If you're voting in-person then look into early voting to avoid lines and keep everyone safe.
The key this year is to _personally drop off your ballot_ at an official drop point rather than mailing it in. USPS can and will deprioritize mail in ballots for the fall elections.
I mean, I know that with less than 90 days before one of the largest absentee voting elections in the history of the nation that I would fire 23 USPS administrators on a Friday evening several days after admitting to congress to slowing down mail delivery. That seems reasonable. Right?
Please don't argue in bad faith, and actually read the links provided.
The issue here is that the current Postmaster General fired the administrators who were pushing back against the "optimizations" he is making and wants to make to USPS policies. The final goal is to privatize USPS, which has been a Republican dream since the Reagan era.
Yes, I read all articles about the USPS the day they are published across a wide range of journals.
However, I'm simply looking for a direct, factual claim that supports that these firings were directly intended to slow down mail delivery so as to cause problems during the forthcoming election. So far all the claims I've seen are indirect; further, the PG has explicitly said they are prepared to handle mail-in votes during the upcoming election.
It's entirely unclear whether firing administrators (rather than mail carriers and postal office workers, etc) has a direct effect on mail delivery rates and accuracy in the short-term.
>However, I'm simply looking for a direct, factual claim that supports that these firings were directly intended to slow down mail delivery so as to cause problems during the forthcoming election. So far all the claims I've seen are indirect
You realize that this is an absolutely inane thing to ask right? The direct implication is that Trump is slowing down the USPS in order the guarantee his re-election - are you looking for a quote from Trump himself that he's doing this, because I doubt we will ever see one until it's too late.
No, those executives don't deliver mail. They did make all the decisions about how mail is delivered, who does it, and when. By centralizing the power structure DeJoy has put himself in the position of being able to make arbitrary decisions about postal delivery with very little immediate oversight.
The USPS is playing an unusually large role in this election and Trump (and, let's not forget, state-level actors that continue to take active measures in US elections) has indicated that he's open to messing with mail delivery to win.
Sure, I agree that Trump appears to be signalling that he is attempting to prevent mail in ballots from being delivered but it's really hard to picture how this strategy helps him?
IE, I'm struggling to put together some sort of specuative game theory about the election that leads to him being president again.
I do this anyways. Why would I pay postage to have something brought to a distribution center 20 miles away, wait a few days, then brought back to my town to get delivered to town hall when I can literally walk there and drop it off for free?
With everything coming out about how mail in ballots are being delayed and otherwise messed with and who knows what else is in store, what is the value of ensuring your vote gets counted relative to your time dropping it off personally?
I drop mine off at the neighbor's house up the street too. It's a short walk, nice time to go outside and the times I go it's only one or two other people there.
I just prefer to be vote by mail so I can fill it out at home without being rushed.
Trump's USPS' Postmaster General replacement fired 23 USPS executives. It's possible that vote-by-mail will be the easiest way for gerrymandering to occur.
It won't, but it's already not part of what we typically consider "the internet". One country pretty much always being isolated from it is somewhat different than further ripping the currently-connected bits apart.
> Chinese invented their great firewall for trump, that your logic?
Hope is not a strategy. AFAICT, both parties basically support stronger state control and more surveillance.
It will be interesting to see how EU/China/Russia/USA spheres of influence will develop. With the pandemic, a lot of "unthinkable" things have happened (travel prohibition from US to EU etc), so I think the various factions are emboldened to double down on
- keeping their data in their sphere
- improve surveillance of own citizenry
* China of course has been pretty much on this track for years.
* EU is using privacy as the good cause to sell this
* US is now doing the same with national security as excuse.
I don't see the big picture changing just because the president and administration change (if they do).
Judging by your politics the other party will do the same citing Russian interference, you will always be slaves to your two party system abs continue fighting with each other.
it swings back when we invent new protocols - which is to say it never swings back. From traditional publishing to radio to tv to the internet to gentrification once the bastards get control you gotta make the next thing.
At least to me it sounds like an announcement that they plan to "cut the lines" to countries that don't adhere to the standards of the current American administration.
A new protocol won't allow you to communicate with people in the United States if you're on a "blacklisted" comms company's network.
Well that's not how the Internet works. Perhaps they can blacklist prefixes from being accepted by American ISPs, but as long as ISPs peer with any ISPs from outside of the country, those advertisements will be coming in.
It sounds to me that this document is outlining their plan to change how the (read: "how their") internet works. No "path" that connects to any hardware that the US can arbitrarily deem as being in bed with the CCP.
It sounds like "clean" American ISP's won't be allowed to peer with arbitrarily "unclean" service providers of any kind or else risk losing their "cleanliness" designation.
There are new protocols being invented; namely the decentralized web protocols (IPFS, web3, dat (Breaker), etc. ). Whether you think cryptocurrencies are useful or not, there is a push to build a new open decentralized internet using these protocols and IPFS + ENS domains and the web3 protocol stack on Ethereum.
Power naturally consolidates. If you have a little more power than the next person, the first thing you do is use it to get a little more power. Let that feedback loop run for several thousand iterations and you end up with the massive inequality that has been a hallmark of human civilization since the agricultural revolution.
The only force I know of that has been able to moderate that feedback loop is organization. By very definition, what the elite few who consolidate power don't have is numbers. They are massively outnumbered, which is why they are constantly sowing discord (like fomenting racism). Because they know the only thing keeping them in power is the disorganization of the masses.
in fact the best thing to do to fight the Great Firewall of China is to make it easier for the Chinese people to access the internet-at-large including sites hosted in the US. This program will do the opposite.
This is 100% the answer, and one thing I've never understood about many, many aspects of American life.
If you want people to act a certain way, you incentivize that thing, not punish the opposite of the thing.
You want people to stop doing drugs? Make programs designed to support them during the withdrawal process, provide counseling and other necessary supports, and make it free. You want people off of welfare? Provide career training and education, and assistance in the job search process, and make it free.
Punishment doesn't give you what you want, it gives you the appearance of getting what you want, while the people you punish spend their time trying to figure out how to lie their way around you.
Most people aren't philosophers or social scientists, and their understanding of criminal science is based on their personal experiences with crime and punishment or their casual suppositions. This is why a trusted and high quality education is essential for a strong democracy.
> Generally the better educated are more prone to irrational political opinions and political hysteria than the worse educated far from power. Why? In the field of political opinion they are more driven by fashion, a gang mentality, and the desire to pose about moral and political questions all of which exacerbate cognitive biases, encourage groupthink, and reduce accuracy. Those on average incomes are less likely to express political views to send signals; political views are much less important for signalling to one’s immediate in-group when you are on 20k a year.
I'm not necessarily referring to people having a high level of education -- a PhD in mathematics doesn't give anyone a higher understanding of criminal justice or other civics issues.
What is important is a well-rounded secondary education and/or liberal arts post-secondary education.
They view it as a success and have double down on it, while the rest of the world continued to feed them knowledge free minds across continents spent centuries to accumulate. In short, they only took the useful bits to strengthen the government's grip on the population while leaving out all those things that made the vast amount of knowledge possible. They are getting all human knowledge for free, while it it not the same for us.
Strategically, this position is untenable. The free world is defenseless until we demand reciprocity. Balkanization, be that as it may, it's not the end, but a means to an end, the end should be all open for every one.
> leaving out all those things that made the vast amount of knowledge possible
No. This is the conceit of the humanities to attribute the past few centuries of industrial and scientific progress to their work. The Soviets, the Nazis, and the Japanese Empire all managed to progress useful knowledge while believing in completely different ideologies. Your John Lockes and Thomas Paines made no real contribution to the discovery of Penicillin or the Transistor. The idea that censoring ideology will stunt technological growth is a fantasy believed in only by ideologues.
I strongly advise you to look into the Needham Question. China could have industrialized a millennium ago, and yet it hadn't until around 50 years ago. Insulating one from knowledge can have tremendous effect on growth for centuries. All Soviets, Nazi and Japanese progress are built on ideas and attitudes first found in Reformation Europe.
The solution isn't more added on top. When China is your example of somewhere that is leading the way in doing something on the internet first, it's time to look at yourself long and hard in the mirror.
Isn't it already pretty balkanized? Different countries have different censors and copyright laws. I post a video here in the U.S., it might be legal here but illegal in the EU, or vis versa. And people in Europe enjoy tighter consumer privacy protections than me. And being in CA, I enjoy better protections than other Americans in other states, on the same 'national' internet. The internet has been balkanized for probably 30-40 years, whenever the lawyers first entered the chat. The countries that do highly censor content, like china or russia, censor all forms of media, not just the internet.
>The Clean Network program is the Trump Administration’s comprehensive approach to safeguarding the nation’s assets including citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.
I'd add that the collection of telecom companies at the bottom of the page is grossly misleading. It makes them appear as signatories or as if they're following America's lead.
Probably true. At the same time, they may have no choice. This sort of thing is not elective.
There are a lot of people around me taking that as a list of companies not to do business with. As if this will save them from the global surveillance dragnet. But here's the thing, you either submit to american surveillance and tracking, or you submit to some other nation's surveillance and tracking. You will not be able to choose companies that don't partner with their national governments for surveillance and tracking. So people taking this as a list of cooperating companies, and asking how to avoid this system, are being a little naive. Thinking that somehow, not being on our network will save them from surveillance. It won't. Best case, it saves them from surveillance by us.
The point I was referring to is that is that companies are listed that have announced Ericcson as their network infrastructure hardware supplier for years, and the decision has nothing to do with Pompeo's "Clean Path".
However, they are listed as if they are following the directive rather than having been long in front of it. It's gross political posturing, useful or not.
There's no good intention here. Its clearly a political document. It even calls out hiding covid research from China as if that helps humanity in any way.
Isn't it ridiculously easy to set up attacks from within a "clean" network? It probably does increase costs marginally (you have to fly people to "clean" countries, set up ISP access with third parties, etc) but are there any public estimates how much it does that vs the increased costs to run this network? I would think it's marginal.
Seeing the partner list this seems like more of a ploy by telecoms to attack tech companies than any legitimate attempt to secure networks.
> To prevent U.S. citizens’ most sensitive personal information and our businesses’ most valuable intellectual property, including COVID-19 vaccine research, from being stored and processed on cloud-based systems accessible to our foreign adversaries through companies such as Alibaba, Baidu, China Mobile, China Telecom, and Tencent.
There's a bunch of different measures discussed, but they all seem to remove some attack surface that we have seen exploited.
Securing the routers and network cables removes the means for man in the middle attacks (or at least makes them preventable with router security). Not connecting to telecos does the same (because of bgp highjacking and the like).
Removing chinese apps and not storing data on Chinese servers makes decreases the amount of data that can be extracted from large portions of the population by the CCP. E.g. preventing the "who knows who" graph from leaking wholesale (even if individual nodes can still be investigated via other means).
This doesn't fix all security problems, but it removes some of China's current advantages in cyberwarfare.
Not putting apps in Chinese app stores and devices looks to be an outlier in that it's a form of sanction (in response to human rights abuses) rather than a defensive measure.
Securing routers and network cables is basic stuff that we should be doing anyway (and probably are, at a classified level.) You don't need to balkanize the net in order to do those things.
Removing "Chinese apps" just means that different Candy Crush clones will be collecting that data, either directly or through their advertising networks. Or it means the Chinese companies who need to collect data will collect it through data breaches.
The best thing you can say is that this puts a speed bump in front of attackers, but since speed bumps aren't a security measure the reality is that it won't do anything.
> This doesn't fix all security problems, but it removes some of China's current advantages in cyberwarfare.
How? It makes attacks slightly more expensive (because you need to use infrastructure in a "clean" country), but it doesn't stop anyone that's dedicated and has money to spend.
Want your spy-app on the app store? Don't register your company in China, just do it in the US. Voila, you're "clean."
Why? Copy cats are normal, everybody copies things that are successful in other countries. How do you assure that the company that creates a new app "out of the blue" isn't secretly funded by China? Require a background check and federal approval before an app can be downloaded more than 1000 times?
You can't move around the many millions of dollars in advertising without the government being aware of it. Good old fashioned investigative work and arrest of anyone knowingly contributing to wirefraud is sufficient to stop clandestine apps from growing to the size of tiktok.
Sort of like how the CFO of Huawei is currently in jail.
Creating orwellian straw man arguments is not a productive method of conversation. Please stop.
> You can't move around the many millions of dollars in advertising without the government being aware of it.
Why would you need to? I don't understand the point you're making. It's not about the money, it's about data, right? Presumably the Chinese aren't using Tik Tok to fund their government, they're happy to spend money on data collection. From the outside, you can't tell whether a company is collecting user data to give them to the Chinese intelligence service or just to engage in "good old American surveillance capitalism". That these kinds of operations can collect data and fund themselves is just the cherry on top.
My point is that if "location of development" team and "immediate source of funding" are the criteria, you might keep the average Chinese developer out that just wants to release his hobby app. But you're not keeping out anyone that's dedicated, has money to spend and can just do it in plain sight, because the actual acts are not the criteria you look at, because they're identical to the things your companies do (which they obviously don't want to stop from collecting data).
If the initiative was for simply protecting companies and individuals from tracking and spying, I'd be on board and I could easily see how that might have some success. But it's not, and short of forcibly removing anyone with Chinese heritage from the US and doing lie detector test on everyone else to make sure they're not secretly working for China, there's no way to keep anyone safe from Chinese data collection invasive anti-privacy companies while not interfering with the regular invasive anti-privacy companies. Well, maybe by looking at growth rate and use of dark patterns, the Chinese agents might fear being uncovered and won't go all out with the abuse...
> Creating orwellian straw man arguments is not a productive method of conversation. Please stop.
Not everybody is a Chinese agent. "We will build a wall, it'll be great, nobody will be able to come through, and China will pay for it" just doesn't sound like a good plan to me.
> Why would you need to? I don't understand the point you're making. It's not about the money, it's about data, right?
It's inevitably about both. You don't make an app with the reach of tiktok without a huge amount of money changing hands. You need to advertise it, you need to motivate content creation, you need to buy servers, you need to pay for that (probably by selling advertising - but funding from the government works as well), and so on.
If someone made a popular app without a source of revenue, that would be just as much of a red flag that I would expect the government to look into (for tax reasons even).
You can't stop small things no one uses, big things have but noticeable footprints. Big things are also the things you care about stopping if your goal is to do things like "not let China collect a complete social graph".
What i don't get is why we should care about this (care as in, advocate for). MITM is a great argument for distrusting the everyone in the middle, not trying to increase trust in the middle man - no?
This just feels like an attempt to control who is the middleman spying on data, not actually securing Americans data. Which makes sense, coming from the government and whatnot - but i'm just trying to make sense of if there's an actual reason i should like this "Clean Network" (which is to say, my comment is an honest question, not an attack on the proposal).
Perhaps i'm just biased because of my (pet) passion for distributed systems. I don't trust any MITM, so i think i struggle to understand the concern for _who_ is in the middle.
I'd be far more interested in this type of pitch if it came with heavy support for encryption, distribution, etc.
Look at the "great cannon" attack for an example of why securing the middle is important. Secure software obviously shouldn't trust the middle, but the middle being compromised means that insecure software can do orders of magnitude more damage.
Moreover the middle can just shut down. Especially for things like embassies it's not a good idea to give the adversaries an easy off switch.
I agree that "encrypt all the things" would be a very nice addition.
No, this is propaganda by the current admin who's succeeding step by step to create a tyrannical position that has control-censorship abilities like the CCP et al.
This information has already been had by hackers (e.g. Equifax) and/or people from within US companies doing corporate sabotage to steal trade secrets from within a company, etc.
Some of the companies listed in the photo are only companies that do not (or have never) used Huawei equipment in their network infrastructure.
For instance, Rogers (Canadian telecom company) hasn't released any statements [as far as I'm aware—to date] following Pompeo's announcement. They've been set up to use Ericcson for their 5G rollout for several years.
It's misleading on the part of whoever drafted the document.
Opinion: The only reason Canadian telecoms and the Canadian government haven't officially announced an outright ban is because of the delicate situation with Meng + the two Michaels. They've almost certainly, behind the scenes, committed to it.
Oh no doubt. The Canadian gov is certainly more nuanced (sometimes to a fault) with a lot of issues.
I was just pointing out that the Canadian telecoms did this long before the US admin started honking their horn about "Clean Networks TM" and not at all to comply with American [government executive] directives like "if you are freedom loving you'll join us".
Has anyone published the evidence of Huawei being an "arm of the PRC surveillance state"? I've seen a lot of claims and a lot of out-of-court-settled lawsuits, but nothing really showing that they're using their devices or software infrastructure for surveillance.
The NSA barely acknowledges its own existence. It's not exactly known for publishing direct intelligence for public consumption.. The Mashable report you link was only possible because of the most notorious leak in the history of the world (Edward Snowden), who is currently a fugitive of the US government.
These are all valid reasons for concerns yet these do not qualify as proof of wrongdoing from Huawai. For 2) specifically, I'm not sure it would be helpful to declare all private companies started by veterans as "sharing deep ties to $Country's military operations".
There's no shortage of "guesses" and "plausible connections" around but the parent comment is specifically asking for actual proof in this instance.
People suspected the NSA were snooping and introducing backdoors and proactively places countermeasures against that. Why should the standard be different when it comes to China?
The standard shouldn't be any different and that's precisely the problem here:
* NSA is a governmental agency that by construction is tied to the state. Bytedance, Huawai and Tencent are privately owned companies in China and all "ties" to the Chinese governments are unsubstantiated. Blanket ban on private companies because of their country of origin and unsubstantiated suspicions results in clear discrimination and suppression of open competition in my mind.
* For my understanding, could you help by providing context on what specific counter-measures have been taken against NSA's intelligence effort based on people's suspicion?
People have been warning about BSafe and Dual_EC_DRBG for years before Snowden came along. Privacy advocates and security professionals had been placing out a blanket warning of "government" snooping for decades before Snowden. Richard Stallman, the guy who wrote most of the Gnu utils back in the days, had been signing his emails with M-x spook, which had been in Emacs since 1988. The Internet started out anti-spook way back in the days.
There’s such a long list of this stuff from various companies. It’s not hard to research this at all.
In terms of an anecdotal evidence... My father used to work for molex, one of his biggest complaints were fixing the molds after they were sent to Chinese factories. They would try to deconstruct them and couldn’t put them back together (this was the 90’s, early 2000’s). So they would be shipped back to the US operations to fix.
Eventually, he ended up spending years training up Chinese to replace him (my father, in China). Molex moved much of its tool making shop to China and shut down most US tool and die making operations.
Anyway, China has people who are trained, on factory floors, who are there to reverse engineer processes.
This has been known for decades, companies don’t really seem to care or know (I guess that’s possible as they are outsourcing manufacturing).
I have no doubt this is designed across all their industries and systems. It’s in their interest to do this.
EDIT: I want to point out, there’s no longer a need for China to reverse engineer. US companies ship the designs straight to China. This is probably why we’ve seen China catch up so fast. We trained their workforce and now provide them all the IP before we build it.
This has been known for decades, companies knew, and the way they dealt with this was to only give China obsolete tech or tech about to get out of date, so they didn't care. That's no longer the case as China is catching up fast and really threatening the competitive advantage of truly innovative companies all around the world.
I think part of it is moving most manufacturing to China had companies like Molex move as well (cheaper). Molex builds the molds for items (I’m sure other companies are doing this to). That means the Chinese are reviving the designs BEFORE manufacturing even starts (US or China or India).
My understanding from the tool & die industry is that’s only been happening the last decade or so. IMO that’s the real issue, because it’s decimating the ability to manufacture here and sure design can happen in the US, but if you can’t build the molds for the latest tech here then it doesn’t matter. Those designs are given straight to China, no need to reverse engineer.
Recently, Like in the case of 5G. They are the innovators and others are the catchers.
I think labeling every western company as truly innovator and the Chinese ones as copy-cats is the modus operandi in the US but that is clinging to the old stereotypes in fast changing times. They built up massive expertise and are putting it into use to gain more edge on other countries including the US.
Huawei's contribution to 5G is probably overstated. Looking at the 3GPP rapporteur roster, a lot of work is done by Qualcomm engineers with Chinese names. This is why immigration is so important to the US in order to attract the best talents to contribute to US IP.
GGP: Has anyone published the evidence of Huawei being an "arm of the PRC surveillance state"?
GP: My father used to work for molex, one of his biggest complaints were fixing the molds after they were sent to Chinese factories. They would try to deconstruct them and couldn’t put them back together
Taking apart competitors' products is standard & ethically accepted practice virtually everywhere, there are lots of published anecdotes. Eg the one in Soul of a New Machine, where the team at Data General analyze a VAX. And there's no relevance to the surveillance state.
That Molex story is great. Can only imagine how much magic is in some of those molds... trying to think through many molex connectors in terms of relief angles, tolerances, and manufacturability boggles the mind.
> people who are trained, on factory floors, who are there to reverse engineer processes.
I only read this once and don't know if it is true. Supposedly Technology Transfer was/is a distinct engineering specialty in China, up there perhaps with Civil, Electrical.
Coincidentally this was while working with a US manufacturer which somehow could never satisfy a Tech Transfer arrangement completely enough to get the final contracted payment. (Mixed reasons there.)
Frankly I wonder if China will [thus] preserve aspects of industrial civilization while the US works and/or collapses toward a relative dark age. (One case in point: nuclear power generation.)
Of specific concern is a 2017 intelligence law that obliges companies to "support, assist and cooperate with state intelligence services in accordance with the law, and maintain secret all knowledge on the national intelligence services." Another is China's cybersecurity law, which contains similar requirements.
Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.
RE the Bloomberg article, be aware that Vodafone rejected Bloomberg's reporting [1]: "The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.
"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'.
"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development.
"The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."
That's a nice way of saying that Bloomberg made up most of the article.
Huawei inked a $10 billion credit line with the China Development Bank (CDB) in 2004 to provide low-cost financing to customers buying its telecom gear. It was tripled to $30 billion in 2009.
“Like other tech companies that operate in China, including those from abroad, Huawei receives some policy support from the Chinese government,” Karl Song, vice-president of the company’s corporate communications department, said in a statement. “But we have never received any additional or special treatment.”
There's no large corporation in China that got there without financial backing, and board control, from the CCP.
Thus, all major Chinese corporations are a extension of the CCP.
I don't know why you tell me that, I'm not arguing anything, I'm just pointing out that Bloomberg is a bad source because they are making false claims and do not correct them.
> Thus, all major Chinese corporations are a extension of the CCP.
I believe that to be true. I also believe that to be true for all corporations in all nations. They're independent from the state until it matters.
See, that's a false equivalence, as the degree of entanglement between state and corporation matters, as well as how much workers would defy corporate policy aligning the company with the state, for e.g. ethical reasons.
I don't buy the cynical well, they're all the same. ByteDance employees attend CCP-indoctrination meetings in the regular. Is that the case for any US corporation? How many of them are lead by former former military, like Huawei?
The impression put out there by many people is that in China, the state, the military, and the corporations should be thought about as part of the same whole, not separate interests.
This section on Wikipedia covers the history of the concerns. I wouldn't say there's a definitive smoking gun that's public knowledge. Instead, there are several instances of vulnerabilities discovered in Huawei systems that may have been taken advantage of (by the PRC or other parties). My guess is that there's more to a few of these stories that only the intelligence community knows about.
One other point of concern from Western governments is that Chinese law compels Huawei to cooperate with Chinese intelligence services, which presents a vulnerability whether that law has been taken advantage of or not. This is much different than say, Apple, which has refused (or it has been simply impossible due to E2E) for them to cooperate.
Corporations are inherently organs of government, being incorporated under a specific jurisdiction and receiving liability limitations in return. At the very least, Huawei is an arm of the PRC surveillance state in the same way that Google is an arm of the USG surveillance state.
The problem is not that the claim is false, but rather the one-sided focus on it that justifies the USG surveillance state continuing to turn on its own people. If this were just some defense contractor pork for internal USG networks nobody would really care, but it sounds like they intend to fork most common Internet features while dictating how they operate.
CIA-staged gas pipeline explosion is an urban myth. I guess the same can be said about a lot of other casually known spy stories cited in this very discussion
Why has no one actually provided evidence of a single backdoor in the replies? The top reply is currently some anecdote that while interesting does not answer the question at all.
If anyone replies with an example of an actual unambiguous Huawei backdoor for which there isn’t a corresponding Cisco “backdoor” I’ll be happy to buy them a coffee. But why are so many of the replies to the parent comment just pure noise?
I grew up in Ottawa, Nortel HQ, and had lots of friends with parents working at Nortel. That's a town that does not buy a lot of Huawei.
What kept happening, from the perspective of people who worked there that I've talked to, was that Nortel would do heavy R&D investments and then a few months later Huawei would be selling identical hardware with zero R&D budget- for lower cost, naturally. It took Nortel years to finally figure out their network was highly compromised, likely by the PLA[0]. The PLA would steal industrial secrets and hand them to companies owned or controlled by the Chinese government, like Huawei.
One fellow I met at a wedding party once told me how he had actually read Huawei source code that included Nortel copyright notices. It was a joke by the end. Everyone knew.
As for as being an arm of the PRC, Huawei claims they're owned by their employees Trade Union. But Trade Unions in China, by law, are highly controlled and managed by the party. You can't have a trade union that isn't highly associated with the Communist Party. Huawei counter these arguments by saying it's very complex- but provide no evidence to the contrary.[1]
China’s National Intelligence Law from 2017 requires companies, organizations and citizens to “support, assist and cooperate with the state intelligence work.”
Yes, Huawei is an arm of the PRC surveillance state.
There is the story about a man who invented a way to coat glass with diamonds. He was negotiating to sell his invention to Huawei when they shipped one of his samples to China even though he instructed them not to because it was export controlled technology. The reason it is export controlled is that such an invention has applications in military laser weapons. I am summarizing from memory but you can read this article to learn more.
"In our time, political speech and writing are largely the defense of the indefensible. Things like the continuance of British rule in India, the Russian purges and deportations, the dropping of the atom bombs on Japan, can indeed be defended, but only by arguments which are too brutal for most people to face, and which do not square with the professed aims of political parties. Thus political language has to consist largely of euphemism, question−begging and sheer cloudy vagueness. Defenseless villages are bombarded from the air, the inhabitants driven out into the countryside, the cattle machine−gunned, the huts set on fire with incendiary bullets: this is called pacification. Millions of peasants are robbed of their farms and sent trudging along the roads with no more than they can carry: this is called transfer of population or rectification of frontiers. People are imprisoned for years without trial, or shot in the back of the neck or sent to die of scurvy in Arctic lumber camps: this is called elimination of unreliable elements. Such phraseology is needed if one wants to name things without calling up mental pictures of them."
--
EDITS: Simplified language, and removed quotes from OP as well as several paragraphs from the Orwell quote to make my comment shorter and easier to digest.
I am not sure why you got downvoted. This is absolutely the interpretation you can easily reach after reading it. Maybe readers perceive Orwell reference as too dramatic?
What would possible make you think Biden would change course on this? Neither party likes China and the whole idea that a new administration is going to roll back a hardline policy vs them is crazy.
I laughed, but also ... yes? As a lover of liberty I would much rather just my own government (by which I am ostensibly represented) have the ability to infringe on that liberty than 2 governments. I would want to support regulations that protect myself and neighbors from the influence of those other infringers, no?
The actions required to shut out that second attacker are blunt tools that impinge upon your personal freedom far beyond their stated purpose. And since you still have that primary attacker, then you still have to defend against them anyway.
The proper solutions to protect us from "China" are the same as the solutions to protect us from NSA - E2E encryption, P2P communication, decentralized namespaces, and making data transmission (ie trust) as non-interactive as possible.
Can we realistically implement these in the near future? Will this not function as a stop-gap in the meantime while we do work on your (better) solution?
Yes they can be implemented, when there is necessity. The tech industry has been coasting on commercial surveillance to fund centralized solutions, relying on consumers not looking too hard behind the curtain. I'd say that overall fiction is what is really collapsing here.
I don't see how it's possible to answer whether this will "function". None of the simplistic actions stated in the press release address any of the actual threats - hence everyone is filling in their own imagined technical specifics. This is basically another "series of tubes" moment, with politicians not understanding that while they can control the physical wires, they cannot control the emergent complexity of communications happening over the wires.
Is it really another "series of tubes moment"? Is it not true that a system crucial to the majority of economic, social, and political(!) activity in this country ought not to be running on hardware/software known to be designed/manufactured by what has proven to be a "malign actor"?
Your own government also has more tools to use against you. You'll pass through your own border more frequently, you're more available to be arrested, harassed by LE, etc.
How about as a lover of liberty, _nobody_ snoops on our data?
Of course you are correct, but the tools available to other governments still concern me greatly. Are we actually presently capable of making sure nobody snoops on our data? If so then I agree it is a better solution. But is it not better to use an imperfect plan which is implementable than wait for a perfect plan (if such a thing exists for cyber-security) to become implementable when a threat is present?
Depends how paranoid you want to be, and to what degree of certainty (after all it's impossible to prove a negative).
But in general, backdoors for "the good guys" are just more surface area for "the bad guys", and developers of products which take security seriously lock themselves out too.
For sure, but this page is also trying to position the US government as a trustworthy provider of equipment for other governments. Given some of the historical work done by the US secret services [1] it's laughable that another government would take this seriously.
The NSA didn't reveal any secrets that couldn't be looked up by anyone who cares about privacy. Is Thief A more trustworthy than Thief B because Thief A told you to lock your doors and windows and Thief B didn't, when both already have keys to your house?
The question I think this is an answer to is how you can have a reasonable expectation of freedom and privacy while sharing an internet with a CCP who has militarized their technology sector as a means to facilitate colonial expansion.
I'm no fan of anyone involved, but we should accept that the Internet as we may have known it has been compromised by exogenous governance structures and their gatekeepers in service of non- and even anti-internet agendas, and it can no longer seriously be considered a free territory for divergence and innovation. The U.S. and their Clean network seems naive in a way, but in this case, I don't object because I think it is the devil we know.
Computer security does not operate around large sweeping claims of some party doing something bad, and so doing something bad in retaliation. And it's impossible for the "Internet" to be compromised - by definition it's an open network that gets packets from A to B while letting most anyone listen in. So then, what are the specific problems?
If the problem is that China is copying designs, then the solution is to stop moving sensitive production there.
If it is that Chinese manufacturers are putting remote backdoors in products, then the solution is to make trustable designs with open firmware, and domestic production of sensitive parts to avoid hardware backdoors.
If the problem is apps with built in surveillance, then the solution is to secure mobile OSs to prevent data leakage.
If the problem is that Chinese groups are shitposting to manufacture political consent, the solution is better social media filters, reputation systems, and fixing our domestic institutions (eg the press) thus hindering the ability for anyone to manufacture consent.
None of these things are solved by top-down imposition of some blunt firewall, or whatever other misguided heavy handed ideas the politicians have in mind. From the perspective of network security, it's really no big deal if Internet addresses become 64 bits with the addition of a proxy.
This appears to be a rare example of a government providing a secure perimeter for its citizens to create and innovate without being subject to a foreign totalitarian machine's global spying operation. It's not a top down imposition.
Reality is, if the U.S. govt doesn't protect its networks, people and companies will have to protect themselves with encryption and hardware key management that keeps China out, which by extension means keeping US law enforcement out as well. It's a sovereignty issue.
If they weren't serious about this claptrap it would be downright hilarious. "Clean" means nothing, other than "Approved by us" which of course can mean anything they want, including shutting down anything they disagree with even internally, and changing day by day. In practicality there isn't much they can do legally to make any of this actually exist.
> there isn't much they can do legally to make any of this actually exist.
Please, let's stop the whole thing of "he doesn't have the power to do this". Maybe he cannot do everything, but the last four years have proved that he can do pretty much everything he wants with a few minor problems with justice that he will also disregard. Think about mass imprisonment of immigrants, travel bans, attacking protestors in major cities with unidentified military units, diverting money fro the military to build a wall against congress wishes, not allowing his co-conspirators to testify in Congress, affirm he will not accept the election results, etc. All of these things supposedly were not legal. But he doesn't care about the constitution, and the constitution only has any power if the government is willing to uphold it.
Simple, stop outsourcing manufacturing to China. Companies regularly get contracts which require an IP transfer in return for cheap mass labor. Of course there's IP which is stolen, but that's the cost of doing business when manufacturing at home has been shuttered.
But, wouldn't this need to be enforced by the government? How else are companies going to agree to stop outsourcing manufacturing to China? And if you agree that the correct solution involves government regulation, then what specifically about this plan doesn't accomplish your preferred outcome of "stop outsourcing manufacturing to China"? I may be naive but I also fail to see exactly how this plan is bad. Do you not feel the Chinese government is using technology to undermine the US, or that this isn't actually a legitimate and compelling issue of national defense?
My comment was intended to be descriptive, rather than prescriptive. IP theft isn't a new thing and American companies no doubt take it into account when manufacturing overseas.
Enforcing IP internationally is actually quite difficult anyways. Tariffs effectively restrict manufacturing overseas, as there's some breaking point in cost to produce.
I don't believe banning trade / manufacturing to China is a good idea, we depend on them for cheap consumer goods, and they depend on that revenue. We developed a dependency on Chinese manufacturing because it was cheap, and no with little to no manufacturing ability stateside, we're tied to their economy.
As someone who worked for the D.O.E for years, I can care less where consumer goods / technology is manufactured. The US government already has VERY strict rules about manufacturing for military / transportation equipment. "National Defense" isn't going to be decided by who owns TikTok or app-de-jour.
The US is ran & staffed by the hyper-partisan “Z-team” right now.
This is tragic & dangerous bc we need shrewd & wise people to make decisions + build coalitions in the opening decades of 21st century, not hyper-partisan kooks.
Some of the worst actors in cyber space rn is the Russian gov’t & their intelligence + “security” services —- it sure is funny (funny as in strange, not humorous) how difficult it is to get any of these apparatchiks to publicly acknowledge that
Are there any cybersecurity professionals on here who want to comment about the pros and cons of the network? I don't have the necessary expertise to ascertain the merits of it (actual threat vs. mitigated threat) but I don't like the "clean" verbiage. Nor do I like China's own longstanding protectionism and Great Firewall.
1) There are too many in/out points and encrypted paths in and out of the network to actually make this worth spending time on. Think of walling off the entire country, yet there is still air above the wall, movable earth below the wall.
2) It creates a false sense of security if you're on the "clean network" and may make some developers less considerate of securing apps, websites, etc, and some consumers of questioning the security and privacy of the apps they install. I.e. it weakens those within the "clean" firewall.
This is disgusting. Anybody working at an American firm that's supporting this initiative should be ashamed. Anybody working on this project is actively contributing to the destruction of international trust and cooperation.
I am beyond disgusted at my government. This Republican administration has been an unprecedented disaster on every front.
How would you suggest we limit the surveillance and active attacks on American infrastructure by the Chinese government? They show no signs of letting up and/or respecting how America works in the slightest.
Ok that helps the issue in issue in 20-30+ years (develop the tech, start mass production, replace all old hardware with it) what can we do in this decade?
That is the government's problem, had they asked me 20 years ago, I would've told them moving all manufacturing operations to China just to enrich a small small percent of people would be disastrous for the nation.
Right now I don't care whether China or USA spies, they are identical countries in my mind.
Keep in mind that China can still spy on even with this Clean Network.
WTF? Did you read beyond five words? Did you just see Trump and go full stupid as so many do?
This applies to US Government facilities that use 5G must adhere to the rules put forth, that makes sense. You want your own government to do its best to protect its assets from providers who cannot be trusted.
This is not a US only stance. This is the world reacting to a PRC effort to rewrite the ideals of the internet to their own. No one in the Western world trust China much anymore because not only for their own bullying at home but their overt threats to Hong Kong and Taiwan. You can damn well bet they will increase those if they perceive the US administration to be weak or insular which there is a good chance the US will turn inward soon just opening the door
Biden is going to be 110% behind this too. I don't have the slightest idea of why you'd think otherwise. People have been playing nice with China for the last few decades hoping they'd change and it hasn't happened maybe a different approach is needed.
411 comments
[ 841 ms ] story [ 7718 ms ] threadI don’t see anything about content filtering. Just transport integrity.
The closest we come to that is the prohibition on apps, but that’s still an ocean away from censoring text messages mentioning the Tiananmen massacre.
https://www.voiceofsandiego.org/topics/public-safety/sdpd-is...
The startup might win the court case, but you might lose your money before the government gives up its appeals and injunctions.
Trump's USPS' Postmaster General replacement, along with who recently fired 23 USPS executives:
"Lawmakers Demand Removal of Postmaster General DeJoy Over 'Nefarious' Efforts to Destroy the Postal Service and 'Aid Trump Reelection'" - https://www.reddit.com/r/politics/comments/i71z41/lawmakers_...
1. Check your voter registration.
2. Register to vote if you need to and it's still open for registration in your state.
3. VOTE as soon as you can. If you're voting absentee then drop off your ballot early if possible. If you're voting in-person then look into early voting to avoid lines and keep everyone safe.
https://www.forbes.com/sites/danielcassady/2020/08/06/postma...
https://www.washingtonpost.com/business/2020/08/07/postal-se...
The issue here is that the current Postmaster General fired the administrators who were pushing back against the "optimizations" he is making and wants to make to USPS policies. The final goal is to privatize USPS, which has been a Republican dream since the Reagan era.
However, I'm simply looking for a direct, factual claim that supports that these firings were directly intended to slow down mail delivery so as to cause problems during the forthcoming election. So far all the claims I've seen are indirect; further, the PG has explicitly said they are prepared to handle mail-in votes during the upcoming election.
It's entirely unclear whether firing administrators (rather than mail carriers and postal office workers, etc) has a direct effect on mail delivery rates and accuracy in the short-term.
You realize that this is an absolutely inane thing to ask right? The direct implication is that Trump is slowing down the USPS in order the guarantee his re-election - are you looking for a quote from Trump himself that he's doing this, because I doubt we will ever see one until it's too late.
1: May 6th, Trump appointee Louis DeJoy confirmed as Postmaster General and CEO.
2: June 30, Trump suggests that mail-in voting is fraudulent and suggests delaying the election because of it https://twitter.com/realDonaldTrump/status/12888181603895582...
3: July 15, DeJoy starts cutting costs and overtime during one of the most trying times the USPS has ever seen, resulting in delays: https://apnews.com/59c25efd4d325c4895f8ba85517f9bfd
4: August 7, DeJoy fires or reassigns 23 top executives, dramatically changing the existing power structure and centralizing decision making at the top. https://www.fastcompany.com/90538378/whats-happening-with-th...
No, those executives don't deliver mail. They did make all the decisions about how mail is delivered, who does it, and when. By centralizing the power structure DeJoy has put himself in the position of being able to make arbitrary decisions about postal delivery with very little immediate oversight.
The USPS is playing an unusually large role in this election and Trump (and, let's not forget, state-level actors that continue to take active measures in US elections) has indicated that he's open to messing with mail delivery to win.
https://www.washingtonpost.com/business/2020/08/12/postal-se...
That seems the more pertinent question.
I just prefer to be vote by mail so I can fill it out at home without being rushed.
"Lawmakers Demand Removal of Postmaster General DeJoy Over 'Nefarious' Efforts to Destroy the Postal Service and 'Aid Trump Reelection'" - https://www.reddit.com/r/politics/comments/i71z41/lawmakers_....
> Chinese invented their great firewall for trump, that your logic?
That's a completely needless swipe.
gp edited his/her comment after mine
It will be interesting to see how EU/China/Russia/USA spheres of influence will develop. With the pandemic, a lot of "unthinkable" things have happened (travel prohibition from US to EU etc), so I think the various factions are emboldened to double down on
- keeping their data in their sphere - improve surveillance of own citizenry
* China of course has been pretty much on this track for years.
* EU is using privacy as the good cause to sell this
* US is now doing the same with national security as excuse.
I don't see the big picture changing just because the president and administration change (if they do).
Narrator: "It didn't."
Yuck. I read HN to avoid these kind of low effort canned responses.
At least to me it sounds like an announcement that they plan to "cut the lines" to countries that don't adhere to the standards of the current American administration.
A new protocol won't allow you to communicate with people in the United States if you're on a "blacklisted" comms company's network.
It sounds like "clean" American ISP's won't be allowed to peer with arbitrarily "unclean" service providers of any kind or else risk losing their "cleanliness" designation.
The only force I know of that has been able to moderate that feedback loop is organization. By very definition, what the elite few who consolidate power don't have is numbers. They are massively outnumbered, which is why they are constantly sowing discord (like fomenting racism). Because they know the only thing keeping them in power is the disorganization of the masses.
If you want people to act a certain way, you incentivize that thing, not punish the opposite of the thing.
You want people to stop doing drugs? Make programs designed to support them during the withdrawal process, provide counseling and other necessary supports, and make it free. You want people off of welfare? Provide career training and education, and assistance in the job search process, and make it free.
Punishment doesn't give you what you want, it gives you the appearance of getting what you want, while the people you punish spend their time trying to figure out how to lie their way around you.
> Generally the better educated are more prone to irrational political opinions and political hysteria than the worse educated far from power. Why? In the field of political opinion they are more driven by fashion, a gang mentality, and the desire to pose about moral and political questions all of which exacerbate cognitive biases, encourage groupthink, and reduce accuracy. Those on average incomes are less likely to express political views to send signals; political views are much less important for signalling to one’s immediate in-group when you are on 20k a year.
https://dominiccummings.com/2017/01/09/on-the-referendum-21-...
What is important is a well-rounded secondary education and/or liberal arts post-secondary education.
In seriousness, you do both.
Same playbook.
As it is, this just makes it seem like China was right this whole time and the US ideals of an open internet were a failure.
Strategically, this position is untenable. The free world is defenseless until we demand reciprocity. Balkanization, be that as it may, it's not the end, but a means to an end, the end should be all open for every one.
No. This is the conceit of the humanities to attribute the past few centuries of industrial and scientific progress to their work. The Soviets, the Nazis, and the Japanese Empire all managed to progress useful knowledge while believing in completely different ideologies. Your John Lockes and Thomas Paines made no real contribution to the discovery of Penicillin or the Transistor. The idea that censoring ideology will stunt technological growth is a fantasy believed in only by ideologues.
And yet they still managed to adopt all the useful ideas they needed despite heavy political censorship.
Straight up consent manufacturing.
There are a lot of people around me taking that as a list of companies not to do business with. As if this will save them from the global surveillance dragnet. But here's the thing, you either submit to american surveillance and tracking, or you submit to some other nation's surveillance and tracking. You will not be able to choose companies that don't partner with their national governments for surveillance and tracking. So people taking this as a list of cooperating companies, and asking how to avoid this system, are being a little naive. Thinking that somehow, not being on our network will save them from surveillance. It won't. Best case, it saves them from surveillance by us.
It is a sad future. I'll concede you that.
However, they are listed as if they are following the directive rather than having been long in front of it. It's gross political posturing, useful or not.
the clean network fights back! we good.
Kidding aside, this is so blatant I can hardly believe I'm seeing it happen.
The img tag has a "srcset" attribute with resolutions from 85x48 to 1920x1080, but the "sizes" attribute is "(max-width: 300px) 100vw, 300px".
Seeing the partner list this seems like more of a ploy by telecoms to attack tech companies than any legitimate attempt to secure networks.
> To prevent U.S. citizens’ most sensitive personal information and our businesses’ most valuable intellectual property, including COVID-19 vaccine research, from being stored and processed on cloud-based systems accessible to our foreign adversaries through companies such as Alibaba, Baidu, China Mobile, China Telecom, and Tencent.
Am I missing something?
Securing the routers and network cables removes the means for man in the middle attacks (or at least makes them preventable with router security). Not connecting to telecos does the same (because of bgp highjacking and the like).
Removing chinese apps and not storing data on Chinese servers makes decreases the amount of data that can be extracted from large portions of the population by the CCP. E.g. preventing the "who knows who" graph from leaking wholesale (even if individual nodes can still be investigated via other means).
This doesn't fix all security problems, but it removes some of China's current advantages in cyberwarfare.
Not putting apps in Chinese app stores and devices looks to be an outlier in that it's a form of sanction (in response to human rights abuses) rather than a defensive measure.
Removing "Chinese apps" just means that different Candy Crush clones will be collecting that data, either directly or through their advertising networks. Or it means the Chinese companies who need to collect data will collect it through data breaches.
The best thing you can say is that this puts a speed bump in front of attackers, but since speed bumps aren't a security measure the reality is that it won't do anything.
How? It makes attacks slightly more expensive (because you need to use infrastructure in a "clean" country), but it doesn't stop anyone that's dedicated and has money to spend.
Want your spy-app on the app store? Don't register your company in China, just do it in the US. Voila, you're "clean."
Sort of like how the CFO of Huawei is currently in jail.
Creating orwellian straw man arguments is not a productive method of conversation. Please stop.
Why would you need to? I don't understand the point you're making. It's not about the money, it's about data, right? Presumably the Chinese aren't using Tik Tok to fund their government, they're happy to spend money on data collection. From the outside, you can't tell whether a company is collecting user data to give them to the Chinese intelligence service or just to engage in "good old American surveillance capitalism". That these kinds of operations can collect data and fund themselves is just the cherry on top.
My point is that if "location of development" team and "immediate source of funding" are the criteria, you might keep the average Chinese developer out that just wants to release his hobby app. But you're not keeping out anyone that's dedicated, has money to spend and can just do it in plain sight, because the actual acts are not the criteria you look at, because they're identical to the things your companies do (which they obviously don't want to stop from collecting data).
If the initiative was for simply protecting companies and individuals from tracking and spying, I'd be on board and I could easily see how that might have some success. But it's not, and short of forcibly removing anyone with Chinese heritage from the US and doing lie detector test on everyone else to make sure they're not secretly working for China, there's no way to keep anyone safe from Chinese data collection invasive anti-privacy companies while not interfering with the regular invasive anti-privacy companies. Well, maybe by looking at growth rate and use of dark patterns, the Chinese agents might fear being uncovered and won't go all out with the abuse...
> Creating orwellian straw man arguments is not a productive method of conversation. Please stop.
Not everybody is a Chinese agent. "We will build a wall, it'll be great, nobody will be able to come through, and China will pay for it" just doesn't sound like a good plan to me.
It's inevitably about both. You don't make an app with the reach of tiktok without a huge amount of money changing hands. You need to advertise it, you need to motivate content creation, you need to buy servers, you need to pay for that (probably by selling advertising - but funding from the government works as well), and so on.
If someone made a popular app without a source of revenue, that would be just as much of a red flag that I would expect the government to look into (for tax reasons even).
You can't stop small things no one uses, big things have but noticeable footprints. Big things are also the things you care about stopping if your goal is to do things like "not let China collect a complete social graph".
This just feels like an attempt to control who is the middleman spying on data, not actually securing Americans data. Which makes sense, coming from the government and whatnot - but i'm just trying to make sense of if there's an actual reason i should like this "Clean Network" (which is to say, my comment is an honest question, not an attack on the proposal).
Perhaps i'm just biased because of my (pet) passion for distributed systems. I don't trust any MITM, so i think i struggle to understand the concern for _who_ is in the middle.
I'd be far more interested in this type of pitch if it came with heavy support for encryption, distribution, etc.
Moreover the middle can just shut down. Especially for things like embassies it's not a good idea to give the adversaries an easy off switch.
I agree that "encrypt all the things" would be a very nice addition.
This information has already been had by hackers (e.g. Equifax) and/or people from within US companies doing corporate sabotage to steal trade secrets from within a company, etc.
For instance, Rogers (Canadian telecom company) hasn't released any statements [as far as I'm aware—to date] following Pompeo's announcement. They've been set up to use Ericcson for their 5G rollout for several years.
It's misleading on the part of whoever drafted the document.
I was just pointing out that the Canadian telecoms did this long before the US admin started honking their horn about "Clean Networks TM" and not at all to comply with American [government executive] directives like "if you are freedom loving you'll join us".
Considering the NSA hacked and had backdoors in Huawei servers for almost a decade, I imagine direct evidence shouldn't be difficult to produce.
https://mashable.com/2014/03/22/nsa-huawei/
Have you tried searching in wikileaks though?
1. The Chinese National Intelligence Law requiring every citizen to "intelligence work".
2. Huawei had the potential to reach mass adoption outside of China.
3. Huawei is a company deeply connected to the PLA.
4. Therefore Huawei, not only is its HQ required to spy for China, but that it is very likely to work with the PLA to spy for China.
[1]. https://en.wikipedia.org/wiki/National_Intelligence_Law
[2]. https://www.cnbc.com/2019/07/08/huawei-staff-and-chinese-mil...
There's no shortage of "guesses" and "plausible connections" around but the parent comment is specifically asking for actual proof in this instance.
* NSA is a governmental agency that by construction is tied to the state. Bytedance, Huawai and Tencent are privately owned companies in China and all "ties" to the Chinese governments are unsubstantiated. Blanket ban on private companies because of their country of origin and unsubstantiated suspicions results in clear discrimination and suppression of open competition in my mind.
* For my understanding, could you help by providing context on what specific counter-measures have been taken against NSA's intelligence effort based on people's suspicion?
In terms of an anecdotal evidence... My father used to work for molex, one of his biggest complaints were fixing the molds after they were sent to Chinese factories. They would try to deconstruct them and couldn’t put them back together (this was the 90’s, early 2000’s). So they would be shipped back to the US operations to fix.
Eventually, he ended up spending years training up Chinese to replace him (my father, in China). Molex moved much of its tool making shop to China and shut down most US tool and die making operations.
Anyway, China has people who are trained, on factory floors, who are there to reverse engineer processes.
This has been known for decades, companies don’t really seem to care or know (I guess that’s possible as they are outsourcing manufacturing).
I have no doubt this is designed across all their industries and systems. It’s in their interest to do this.
EDIT: I want to point out, there’s no longer a need for China to reverse engineer. US companies ship the designs straight to China. This is probably why we’ve seen China catch up so fast. We trained their workforce and now provide them all the IP before we build it.
My understanding from the tool & die industry is that’s only been happening the last decade or so. IMO that’s the real issue, because it’s decimating the ability to manufacture here and sure design can happen in the US, but if you can’t build the molds for the latest tech here then it doesn’t matter. Those designs are given straight to China, no need to reverse engineer.
https://www.lightreading.com/5g/huaweis-patents-wont-save-it...
"what has company X done?"
"company Y did this bad thing"
"all companies in Z do bad thing"
GGP: Has anyone published the evidence of Huawei being an "arm of the PRC surveillance state"?
GP: My father used to work for molex, one of his biggest complaints were fixing the molds after they were sent to Chinese factories. They would try to deconstruct them and couldn’t put them back together
Taking apart competitors' products is standard & ethically accepted practice virtually everywhere, there are lots of published anecdotes. Eg the one in Soul of a New Machine, where the team at Data General analyze a VAX. And there's no relevance to the surveillance state.
I only read this once and don't know if it is true. Supposedly Technology Transfer was/is a distinct engineering specialty in China, up there perhaps with Civil, Electrical.
Coincidentally this was while working with a US manufacturer which somehow could never satisfy a Tech Transfer arrangement completely enough to get the final contracted payment. (Mixed reasons there.)
Frankly I wonder if China will [thus] preserve aspects of industrial civilization while the US works and/or collapses toward a relative dark age. (One case in point: nuclear power generation.)
Of specific concern is a 2017 intelligence law that obliges companies to "support, assist and cooperate with state intelligence services in accordance with the law, and maintain secret all knowledge on the national intelligence services." Another is China's cybersecurity law, which contains similar requirements.
https://www.bloomberg.com/news/articles/2019-04-30/vodafone-...
Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.
"Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'.
"In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development.
"The issues were identified by independent security testing, initiated by Vodafone as part of our routine security measures, and fixed at the time by Huawei."
That's a nice way of saying that Bloomberg made up most of the article.
[1] https://www.bbc.com/news/business-48103430
Or the fact that Huawei is a de-facto public company, with massive subsidies by the CDB?
https://www.rfi.fr/en/contenu/20190530-huawei-key-beneficiar...
Huawei inked a $10 billion credit line with the China Development Bank (CDB) in 2004 to provide low-cost financing to customers buying its telecom gear. It was tripled to $30 billion in 2009.
https://www.wsj.com/articles/state-support-helped-fuel-huawe...
And it's funny, because they admit this is normal
https://www.scmp.com/tech/big-tech/article/3043558/huawei-sa...
“Like other tech companies that operate in China, including those from abroad, Huawei receives some policy support from the Chinese government,” Karl Song, vice-president of the company’s corporate communications department, said in a statement. “But we have never received any additional or special treatment.”
There's no large corporation in China that got there without financial backing, and board control, from the CCP.
Thus, all major Chinese corporations are a extension of the CCP.
> Thus, all major Chinese corporations are a extension of the CCP.
I believe that to be true. I also believe that to be true for all corporations in all nations. They're independent from the state until it matters.
I don't buy the cynical well, they're all the same. ByteDance employees attend CCP-indoctrination meetings in the regular. Is that the case for any US corporation? How many of them are lead by former former military, like Huawei?
So, no.
One other point of concern from Western governments is that Chinese law compels Huawei to cooperate with Chinese intelligence services, which presents a vulnerability whether that law has been taken advantage of or not. This is much different than say, Apple, which has refused (or it has been simply impossible due to E2E) for them to cooperate.
https://en.wikipedia.org/wiki/Criticism_of_Huawei#Espionage_...
The problem is not that the claim is false, but rather the one-sided focus on it that justifies the USG surveillance state continuing to turn on its own people. If this were just some defense contractor pork for internal USG networks nobody would really care, but it sounds like they intend to fork most common Internet features while dictating how they operate.
Spies to spy things. It's safe to assume that everyone with the power to do so is exploiting any advantage that they have.
Surely we can be less shitty about answering the OP’s question. As a start, it sounds like at some point there were unsecured Telnet servers in some Huawei devices: https://www.theregister.com/2019/04/30/huawei_enterprise_rou... It’s not entirely satisfying evidence because the Register believes it was legitimately for diagnostics. They also point out that there were comparable “backdoors” in Cisco equipment: https://www.theregister.com/2019/05/02/cisco_vulnerabilities...
If anyone replies with an example of an actual unambiguous Huawei backdoor for which there isn’t a corresponding Cisco “backdoor” I’ll be happy to buy them a coffee. But why are so many of the replies to the parent comment just pure noise?
What kept happening, from the perspective of people who worked there that I've talked to, was that Nortel would do heavy R&D investments and then a few months later Huawei would be selling identical hardware with zero R&D budget- for lower cost, naturally. It took Nortel years to finally figure out their network was highly compromised, likely by the PLA[0]. The PLA would steal industrial secrets and hand them to companies owned or controlled by the Chinese government, like Huawei.
One fellow I met at a wedding party once told me how he had actually read Huawei source code that included Nortel copyright notices. It was a joke by the end. Everyone knew.
As for as being an arm of the PRC, Huawei claims they're owned by their employees Trade Union. But Trade Unions in China, by law, are highly controlled and managed by the party. You can't have a trade union that isn't highly associated with the Communist Party. Huawei counter these arguments by saying it's very complex- but provide no evidence to the contrary.[1]
[0]https://en.wikipedia.org/wiki/Criticism_of_Huawei#Nortel
[1]https://en.wikipedia.org/wiki/Criticism_of_Huawei#Opaque_own...
Yes, Huawei is an arm of the PRC surveillance state.
https://www.bloomberg.com/news/features/2019-02-04/huawei-st...
* balkanized/siloed instead of globally standardized;
* permissioned instead of permissionless; and
* monitored via backdoors instead of optionally secure.
I'm reminded of this passage from George Orwell's classic piece, "Politics and the English Language" (http://www.public-library.uk/ebooks/72/30.pdf):
"In our time, political speech and writing are largely the defense of the indefensible. Things like the continuance of British rule in India, the Russian purges and deportations, the dropping of the atom bombs on Japan, can indeed be defended, but only by arguments which are too brutal for most people to face, and which do not square with the professed aims of political parties. Thus political language has to consist largely of euphemism, question−begging and sheer cloudy vagueness. Defenseless villages are bombarded from the air, the inhabitants driven out into the countryside, the cattle machine−gunned, the huts set on fire with incendiary bullets: this is called pacification. Millions of peasants are robbed of their farms and sent trudging along the roads with no more than they can carry: this is called transfer of population or rectification of frontiers. People are imprisoned for years without trial, or shot in the back of the neck or sent to die of scurvy in Arctic lumber camps: this is called elimination of unreliable elements. Such phraseology is needed if one wants to name things without calling up mental pictures of them."
--
EDITS: Simplified language, and removed quotes from OP as well as several paragraphs from the Orwell quote to make my comment shorter and easier to digest.
Make sure you're registered, and make sure you vote in November.
The proper solutions to protect us from "China" are the same as the solutions to protect us from NSA - E2E encryption, P2P communication, decentralized namespaces, and making data transmission (ie trust) as non-interactive as possible.
I don't see how it's possible to answer whether this will "function". None of the simplistic actions stated in the press release address any of the actual threats - hence everyone is filling in their own imagined technical specifics. This is basically another "series of tubes" moment, with politicians not understanding that while they can control the physical wires, they cannot control the emergent complexity of communications happening over the wires.
How about as a lover of liberty, _nobody_ snoops on our data?
But in general, backdoors for "the good guys" are just more surface area for "the bad guys", and developers of products which take security seriously lock themselves out too.
[1] For example, https://en.wikipedia.org/wiki/Crypto_AG
https://news.ycombinator.com/item?id=24108461
I'm no fan of anyone involved, but we should accept that the Internet as we may have known it has been compromised by exogenous governance structures and their gatekeepers in service of non- and even anti-internet agendas, and it can no longer seriously be considered a free territory for divergence and innovation. The U.S. and their Clean network seems naive in a way, but in this case, I don't object because I think it is the devil we know.
If the problem is that China is copying designs, then the solution is to stop moving sensitive production there.
If it is that Chinese manufacturers are putting remote backdoors in products, then the solution is to make trustable designs with open firmware, and domestic production of sensitive parts to avoid hardware backdoors.
If the problem is apps with built in surveillance, then the solution is to secure mobile OSs to prevent data leakage.
If the problem is that Chinese groups are shitposting to manufacture political consent, the solution is better social media filters, reputation systems, and fixing our domestic institutions (eg the press) thus hindering the ability for anyone to manufacture consent.
None of these things are solved by top-down imposition of some blunt firewall, or whatever other misguided heavy handed ideas the politicians have in mind. From the perspective of network security, it's really no big deal if Internet addresses become 64 bits with the addition of a proxy.
Reality is, if the U.S. govt doesn't protect its networks, people and companies will have to protect themselves with encryption and hardware key management that keeps China out, which by extension means keeping US law enforcement out as well. It's a sovereignty issue.
Please, let's stop the whole thing of "he doesn't have the power to do this". Maybe he cannot do everything, but the last four years have proved that he can do pretty much everything he wants with a few minor problems with justice that he will also disregard. Think about mass imprisonment of immigrants, travel bans, attacking protestors in major cities with unidentified military units, diverting money fro the military to build a wall against congress wishes, not allowing his co-conspirators to testify in Congress, affirm he will not accept the election results, etc. All of these things supposedly were not legal. But he doesn't care about the constitution, and the constitution only has any power if the government is willing to uphold it.
Enforcing IP internationally is actually quite difficult anyways. Tariffs effectively restrict manufacturing overseas, as there's some breaking point in cost to produce.
I don't believe banning trade / manufacturing to China is a good idea, we depend on them for cheap consumer goods, and they depend on that revenue. We developed a dependency on Chinese manufacturing because it was cheap, and no with little to no manufacturing ability stateside, we're tied to their economy.
As someone who worked for the D.O.E for years, I can care less where consumer goods / technology is manufactured. The US government already has VERY strict rules about manufacturing for military / transportation equipment. "National Defense" isn't going to be decided by who owns TikTok or app-de-jour.
it is what's done with ip especially military and national security secrets
This is tragic & dangerous bc we need shrewd & wise people to make decisions + build coalitions in the opening decades of 21st century, not hyper-partisan kooks.
Some of the worst actors in cyber space rn is the Russian gov’t & their intelligence + “security” services —- it sure is funny (funny as in strange, not humorous) how difficult it is to get any of these apparatchiks to publicly acknowledge that
(As non-native speaker) I always interpret A-Team as your most competent team for a given task.
1) There are too many in/out points and encrypted paths in and out of the network to actually make this worth spending time on. Think of walling off the entire country, yet there is still air above the wall, movable earth below the wall.
2) It creates a false sense of security if you're on the "clean network" and may make some developers less considerate of securing apps, websites, etc, and some consumers of questioning the security and privacy of the apps they install. I.e. it weakens those within the "clean" firewall.
I am beyond disgusted at my government. This Republican administration has been an unprecedented disaster on every front.
edit: in case someone was confused, talking about the initiative, not the government in general
Right now I don't care whether China or USA spies, they are identical countries in my mind.
Keep in mind that China can still spy on even with this Clean Network.
This applies to US Government facilities that use 5G must adhere to the rules put forth, that makes sense. You want your own government to do its best to protect its assets from providers who cannot be trusted.
This is not a US only stance. This is the world reacting to a PRC effort to rewrite the ideals of the internet to their own. No one in the Western world trust China much anymore because not only for their own bullying at home but their overt threats to Hong Kong and Taiwan. You can damn well bet they will increase those if they perceive the US administration to be weak or insular which there is a good chance the US will turn inward soon just opening the door