This report is why the US government is taking action against Huawei. In it, Huawei refuses to answer some key questions about the structure of their company that strongly indicates they are controlled by the CCP. So what did Huawei think was going to happen after that?
I think china views the concept of separation of companies, the government, and the military as a western notion. The ecosystem is fundamentally different from in the US, and western observers dont seem to be aware of this.
> The ecosystem is fundamentally different from in the US, and western observers dont seem to be aware of this.
This comment misses the whole point entirely. Obviously this is not a simple issue about cultural differences. The key point is that a telecom company that is a major player in the telecom infrastructure busines and is desperately trying to control the world's telecom infrastructure is actually surreptitiously controlled by the Chinese government. This fact is not minor cultural nitpicking.
It is really not a lens issue. The world needs telecom infrastructure, and the dominant player in the next gen telecom infrastructure is actually a sockpuppet of an oppressive totalitarian nation with a worldwide imperialist agenda.
As much as American government is in bed / interests aligned with its companies? Doesn't mean USA shouldn't try to fight against Chinese, but it's absurd to claim that the difference is anything else in America, there are just s bit different rules for the game and cultural rules.
> is actually surreptitiously controlled by the Chinese government
There's not evidence for that. It's a private company. It's not a state-owned enterprise, and doesn't function like one.
> This fact is not minor cultural nitpicking.
No, but it is part of a campaign to demonize China and Chinese companies. Many people in the US foreign policy establishment are worried about the existence of a peer-level competitor, and cannot accept that the US is no longer the sole superpower in the world. That's the fundamental issue here. It's why there's such a huge disconnect between all the fear about Huawei and the utter lack of evidence of backdoors in their equipment. This isn't about Huawei. It's about people in the US government trying to head off China as a competitor.
> > is actually surreptitiously controlled by the Chinese government
>There's not evidence for that. It's a private company. It's not a state-owned enterprise, and doesn't function like one.
What about the LA Times article?
>A study by professors Christopher Balding and Donald Clarke published April 17, 2019, argues Huawei is effectively state-owned because it is 99% owned by a "trade union committee." Trade unions in China are controlled by the government.
It's owned by the employees, through a mechanism that involves their trade union, with Ren Zhengfei (the founder and CEO) having veto power over decisions. The argument that this indirectly means the government controls the company is pretty tendentious.
I've seen it before, but I couldn't find any specific evidence. The tenor of the report is generally characterized by the following passage:
> Huawei’s failure to provide further detailed information explaining how it is formally regulated, controlled, or otherwise managed by the Chinese government undermines the company’s repeated assertions that it is not inappropriately influenced by the Chinese government.
In my book, that translates roughly to, "We have no evidence that Huawei is controlled by the Chinese state, but we're going to sow fear, uncertainty and doubt." That's typical of the US government's approach towards Huawei so far. They refuse to provide evidence of backdoors, but keep insisting they're there.
That's easy to say, but having read through the parts of the report that address whether Huawei is controlled by the Chinese government, I haven't seen any evidence. Above, I quoted a typical passage to you. You can see that it doesn't present evidence.
At this point, if there is evidence in the report, it would be easiest if you would to cite it.
Anyone who is interested in learning about this should just go check out the report for themselves. Your selected quote is a bit odd, Huawei can’t explain how it is regulated?
> Anyone who is interested in learning about this should just go check out the report for themselves.
Indeed. It is telling, however, that you keep saying the report is full of evidence on every page, but won't actually mention any piece of evidence. I find that very typical of the political campaign against Huawei in the US.
> I think china views the concept of separation of companies, the government, and the military as a western notion.
"China" views it that way. All 1.4 billion chinese do?
> The ecosystem is fundamentally different from in the US
This is simply not true. The history of US began as a government created to protect US business interests. The first major act of congress was a tariff to protect american companies. Every war we fought against the native americans, chinese, middle easterners, south americans, mexicans, etc were to further the interests of US companies. Whether you are talking about railroad companies in the 1800s or US oil companies in the 20th century. Maybe you might want to read up on where the term banana republics came from?
> and western observers dont seem to be aware of this.
Actually western observers are aware of it because it was the "west" which helped china industrialize. Do you want to know what country china modeled itself after to modernize its economy? The 1800s US. Which is the modeled followed by south korea, japan and taiwan as well.
Pretty much every major world economy works the same exact way - collusion between state + companies + military.
The only difference between US and china is that the US is the inheritor of the european colonial word order and hence is leading the "western/white" bloc. China has no bloc ( at least yet ) so is going alone at it.
The separation of companies, government and military is a western notion - one that no western power practices. Which wasn't lost on the chinese, south koreans, japanese, taiwanese, etc.
Great points all around but I've got a nitpick about the second to last paragraph. In fact, China is not going it alone. It is something like 9 unique nations that have within the last few hundred years gone through considerable change in political control. Only in approximately the last 70 years have most been forced to coalesce by the CCP.
Alternatively, the primary difference between the USA and PRC is not that the US necessarily has more global influence, but that the PRC does not pretend to value the autonomy of its citizens.
I wonder if this is a fair implication. Hypothetically let’s say huawei is controlled by the ccp what can they be made to do that an American company can’t be made to do by an American Congress and president (ccp is kind of both combined)
I imagine is an American company can fight back in court thou we’ve seen stories about companies being unable to fight back or comply very willingly
I’m down voted for pointing out that basically all companies comply with the directives of the president/parliament/prime minister. Then we have an article about a NSA lotus notes back door
Huawei has extensive ties with not only the Ministry of State Security, which is kind of like a combination of the CIA/FBI, but also the Shanghai State Security Bureau and Organization 610.
Regarding 610, it might exist it might not. Supposedly operating as a “CIA within a CIA”, they are kind of like a Praetorian Guard that reports to the highest levels of the CCP.
Anyway Ren Zhengfei, the founder, is a former Army Colonel in the PLA. He was a specialist in comm systems, and was “laid off” in 1983. This was the same year the MSS was founded, which wound up kind of “stealing” all the intelligence work and signals stuff that had previously been the domain of the Army.
Later the MSS would find it much more advantageous to establish front companies, and it was this wave of front companies with unlimited black budget funding that began in mid 1990s that Ren rode all the way to the top.
FUN FACT: The Green Army, one of the original Chinese hacking groups from 1996-1997, eventually all of its first members came together and established Nsfocus.com which still exists today and is quite big.
If you pick a Chinese supplier then you might end up with Chinese entities backdooring and/or copying your product. If you pick a supplier from another country, then you are up to twice as bad off as that supplier will get their stuff manufactured in China.
Naw. A Chinese company embedding a backdoor in a chip is way more damaging to the reliance as China as a global supplier of electronics manufacturing than a Chinese company that controls the software. With software it is much easier to embed a backdoor because a backdoor can look like an innocent bug.
Not that any of this really matters. So many parts of software are broken from a cybersecurity standpoint that it's more a matter of degree than secure versus not secure. I'm sure the Chinese are able to have open source contributors have their patches applied to Linux or Python with innocent bugs in them. Still though, network attacks break a lot of what keeps the internet secure, and I doubt the Americans are making it up when they say that Chinese manufactured network gear is a national security threat.
Shouldn’t you be able to make a hardware backdoor look like a bug. I mean, imagine if Intel’s predictive branching (meltdown) bugs were intentional... it could stay hidden for years and look like a mistake
I don’t understand why this story is such a big deal, but it keeps getting covered.
There are no US companies that compete with Huawei’s 5G technology, so my government is going after them anyway they can. Seems simple enough to me. That said, there is another factor: Huawei smartphones sort of compete with Apple gear, but at lower prices. This also helps a US company (Apple).
It think it is fairly common that governments do back-flips to help domestic industries. The Chinese government certainly helps their industries.
To supplement your comment; all the things in being alleged may well be true, but none of it seems unusual or particularly unexpected. It does seem quite likely that it has only become an issue because Huawei is out-competing US companies.
Although I suspect the US will discover their treatment of Meng Wanzhou is crossing a line. The idea that the US can regulate commerce between a Chinese company and an Iranian country is breathtakingly audacious and the idea that the US can go after individuals on this pretext is outrageous. If someone pulled this stunt on them and black-bagged Tim Cook for violating labour laws they might start to realise they've opened a can of worms.
Do you think that they wouldn't be taking a hard look at them otherwise? It seems like scrutiny and suspicion goes back over a decade, but it could all be pretext.
I assume we both agree that fully open hardware and software is better here, but given that I guess it's just a matter of which country you're most okay with giving a backdoor into your private life.
I guess I still trust the US in this regard more than China, even with the NSA leaks. But I definitely think that if I was individually targeted they'd get whatever they want. Well, either country really.
Isn't it relating to fraud because they lied about the transactions, as in the US is perfectly fine if third parties conduct trade with blacklisted entities, but the third parties have to suffer the consequences of those trades (such as they themselves getting blacklisted).
That might be true but rates as a bit of a "so what?" in practice. I'm sure all i-s are dotted and t-s crossed under US law. However, compare and contrast this to the US law lovingly nicknamed 'Hague Invasion Act' [0] - sovereign states are not expected to quietly sit down and take it quietly when foreigners start harassing their authority figures.
It certainly has terrible optics - the US decides to bully a strategically threatening Chinese company with superior capability? That is likely to disrupt their extensive data gathering and surveillance operations? In the middle of trade talks? Whatever legal quibbling they want to argue over, it is a tough sell as a rules-based decision. It looks highly political.
It’s hardly surprising that the US is going after Huawei. The US enjoys a commanding lead in technology globally. That overwhelming lead is threatened by a company which is now a leader in 5G technology and becoming a global player. Naturally the US will try to protect its own companies, it’s very telling that they haven’t given evidence of any wrongdoing.
> In an official statement, Huawei went on to call Bloomberg’s report “misleading” and said that the story “refers to a maintenance and diagnostic function, common across the industry, as well as vulnerabilities, which were corrected over seven years ago.” It added that “there is absolutely no truth in the suggestion that Huawei conceals backdoors in its equipment.”
It was never proven to begin with. Like any good backdoor it "could simply have been a mistake" (deniability).
The quotes you personally selected actually admit that the technical aspects of the accusation are correct, but claim that the ability to exploit the gear to spy on their users was not intentional but instead a side-effect of the company's incompetence.
Is it "technically correct" to call standard diagnostic software that most telecommunications manufacturers install on their gear (and which does not allow unauthorized access) a "backdoor"?
Vodafone, the company that Bloomberg claims was targeted by these backdoors, publicly contradicted Bloomberg. They pointed out that the diagnostic software did not allow unauthorized access:
> The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.
> Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy'.[1]
Huawei routers had Telnet installed on them, which is completely standard. Vodafone, the company that was supposedly targeted, disputed Bloomberg's characterization of standard diagnostic software as a "backdoor":
> The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet.[1]
This is not the first time Bloomberg has made sensationalist claims about Chinese backdoors. This one fell apart with even the lightest of scrutiny. One wonders if the Bloomberg reporter even understood what Telnet is.
It sounds like a backdoors to me. Oops we forgot to not install telnet on all routers we sell is as close to an admission of guilt as one might hope for.
Is it really that surprising that the US would object to a company with extremely close ties to an authoritarian surveillance state providing the nations' infrastructure? Huawei was founded by a PLA colonel and has deep ties to the Chinese state and power structure.
Imagine if a US company was founded by ex-Military officers, stole tech from Chinese companies, and tried to build China's telecom backbone while accepting huge subsidies from the US government. No one would bat an eye if they passed on that deal.
The great thing is both of you are right. Now the rest of the world at least has a choice. (I still pick the us because their government is too caught up in stupid things to care about me)
If someone introduces a counterexample that they believe is comparable, calling "whataboutism" doesn't refute anything.
It's a move to exclude the information, and ultimately to stop discussion. What, after all, can one say in response? It isn't an argument—it's a label that is intended to stigmatize. This verbal trick is so empty that it's surprising it has currency among smart people. I think it's because the word itself is so catchy.
When someone brings up information isn't in fact comparable or relevant, the reasonable thing to do is to explain why it isn't, and give the other person a chance to respond. It's natural for people to disagree about what's relevant in an argument—that's part of having a disagreement in the first place. Trying to close off discussion so only your side's examples count as admissible isn't good discourse. Being first to raise a topic doesn't confer power to control the conversation.
Perhaps the more helpful broader point, though, is that all these canned arguments are repetitive and therefore low-quality. They're like slapping a sticker on something rather than engaging with it. Because of that, they make threads worse and more predictable. People tend to respond badly and strike back, rather than continuing in good faith—and it's easy to see why, because labels like "whataboutism" express dismissiveness.
If you are defending the biggest asshole of them all, you kind of are. China is like a zen buddhist temple compared to the shitstorm US has brought to this planet.
>Roald Dahl was assigned to work with Drew Pearson, one of America's most influential journalist as the time. "Dahl described his main function with BSC as that of trying to 'oil the wheels' that often ground imperfectly between the British and American war efforts. Much of this involved dealing with journalists, something at which he was already skilled. His chief contact was the mustachioed political gossip columnist Drew Pearson, whose column, Washington Merry-Go-Round, was widely regarded as the most important of its kind in the United States."
Whataboutism is bad when it's responding to a statement that "X is bad".
But it is the exact correct response to a statement that "X is uniquely bad". People like you forget this obvious distinction and just use it as a general insult to shut down conversation.
A review of Huawei devices by the company I work for, Finite State, found numerous (and some trivial) backdoors in 55% of Huawei projects. It is briefly mentioned in the article above. Here is more information on that report: https://finitestate.io/2019/06/26/report-finds-cybersecurity...
This report is pretty weak. I'm not sure I can nail down the "55%" number, but it's counting things like out-of-date OpenSSL, accounts in /etc/shadow, and at one point a survey across whole firmware images counting "memcpy" and "execl".
Wow that's a grossly misleading executive summary. Your company should be ashamed of itself.
I read the report itself:
- Devices came with a default username/password. Called a "backdoor."
- Devices used password auth instead of public key cryptography for SSH out of the box. Called a "backdoor."
- Default public key cryptography keys for SSH auth instead of password. Called a "backdoor."
- Devices contained public certificate authorities. Called a "man in them middle."
- Devices contained well known vulnerabilities in common open source software.
If I had paid Finite State for this report, I'd fire them on the spot and blacklist them. I particularly love the Schrödinger's cat of public key SSH auth. If the vendor doesn't enable it by default it is a "backdoor" and if they do it is "hard-coded certificates" and thus a "backdoor."
According to Finite State's logic I've never used a vendor that didn't contain multiple "backdoors." Particularly as doing so is impossible (since you need to enable public certificate SSH auth AND not provide users any way of actually using it).
The thing that surprises me is that they found "backdoors" in only 55% of devices? Shouldn't it be 100%, or did you feel like misleading that much was too unbelievable (and people might e.g. read the report and call you out)?
PS - No conflicts or stakes here (don't even run Huawei's stuff that I know of). Just decided to read the report because of the extraordinary claims made, found out there was nothing there.
If something has a default password, default private key, or trusts a default public key, and that isn't clearly documented, that seems like a backdoor to me. It would be an undocumented way of Huawei or random hackers taking over your device.
And even if it's documented, although it's not a backdoor, it's still generally bad for security. Any device with non-unique default passwords or default keypairs will generally have hackers scanning the internet to compromise them. The keypair should be randomly generated on first use. The device should prompt for what password to use on first use.
>If I had paid Finite State for this report, I'd fire them on the spot and blacklist them.
Whoever paid Finite State for that report presumably was happy with the outcome that was arranged for them. Alternatively, they could have written the report on their own in order to drum up business and "reputation" in the cybersecurity industry.
> Wouldn't surprise me if this newfound paranoia leads to a golden age for cybersecurity, and a wave of new best practices.
I'd be shocked if this happened. This requires politicians to both care about and understand cybersecurity enough to enforce it, and for there to be no opportunists looking to cash in on the ignorance of policy makers.
People demanded more security after 9/11. We got the Patriot Act and the TSA, so the government spies on its own people and an agency that has proven 95% (!!!) of the time to fail to detect a weapon.
Ronald Reagon declared a war on drugs - I've already made this comment too political so I won't delve into that.
For anything complicated enough the general public cannot easily understand it, there is no incentive for politicians to actually care about it. They can just give it lip service with a few talking points and then never actually do anything actionable.
I'm sorry, but after skimming his wiki I'm not seeing the relevance of that relationship. Are we to infer that being ethnic Chinese without close ties to the mainland would create a conflict of interest?
Most of the points listed in the article are excuses to attack a successful Chinese company. It looks like the US prefers China to just manufacture for others and not sell directly high tech products.
"Seattle prosecutors alleged in January 2019 that Huawei employees stole T-Mobile trade secrets in 2012. They said that Huawei pressured its U.S. staff to get details about a smart-phone-testing robot named Tappy and that a Huawei employee removed the robot arm and took it home and photographed it. Huawei denies any role. It says employees acted on their own, in “a moment of indiscretion.”"
That's perfectly believable. I, myself, am compelled to fiddle about with other people's technology.
> The Supercomm telecom trade show was winding down and most people had gone home when Zhu Yibin, a China-based employee of Huawei, was caught by security June 23 photographing the circuit boards of an optical networking device owned by Fujitsu Network Communications after removing the casing, according to a report by Light Reading. Zhu also had two pages of proprietary AT&T diagrams and a list of six vendors to visit, with two high-tech products highlighted.
I would answer if I had a meaningful thing to say, but I'm afraid my social credit score could suffer and I could be banned by chinese government from buying cheap backdoored electronic cigarette gears.
This report is why the US government is taking action against Huawei. In it, Huawei refuses to answer some key questions about the structure of their company that strongly indicates they are controlled by the CCP. So what did Huawei think was going to happen after that?