Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report Says China Will Demand Source Code

Posted by kdawson on from the said-the-spider-to-the-fly dept.

An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies that don't comply. China is calling this an "obligatory accreditation system for IT security products." The plan is to go into effect next May, according to sources. "Products expected to be subject to the system are those equipped with secret coding, such as [a] contactless smart card system developed by Sony Corp., digital copiers, and computer servers. The Chinese government said it needs the source code to prevent computer viruses taking advantage of software vulnerabilities and to shut out hackers. However, this explanation is unlikely to satisfy concerns that disclosed information might be handed from the Chinese government to Chinese companies. There also are fears that Chinese intelligence services could exploit such confidential information by making it easier to break codes used in... digital devices."

7 of 305 comments (clear)

  1. Re:Simple solution by anss123 · · Score: 3, Informative

    With Closed Source, you HAVE to trust the company.

    In case of hardware you still have to trust the company. Programming backdoors in Verilog may be trickier, but far from impossible.

  2. Re:Biased view of the world have we? by unlametheweak · · Score: 3, Informative

    I think it is the motives of the Chinese government that most worries people. The Chinese government certainly doesn't have a good reputation when it comes to stealing things (whether it be piracy on the high seas or piracy in it's own country [regardless of the more recent RIAA/MPAA financial alliance]).

    I would like to see the Chinese government insist that their own native businesses release source code (to the public; business, governments, etc) to ensure that there are no dubious security concerns. It would be in character of the Chinese government to play the hypocrite here.

  3. I'm not so sure by Gazzonyx · · Score: 2, Informative

    So you would have no issue if Bush, Blair, Putin or any other government figurehead demanded that companies hand over their source code?

    Comparing RMS to the Chinese government is apples and oranges. Our culture/society is based on the idea that we are free to choose (albeit, sometimes with consequences) many facets of our lives and businesses.

    I, personally, believe that open source is a better process from a software development standpoint. That being said, I also respect that companies are free to choose their licensing and business models as they see fit (within reason, of course). RMS is saying that he wants the source to be free, whereas the Chinese government is demanding it.

    Isn't this the same country that has been sending picture frames with viruses embedded to infect USB drives attached to them? They're making demands without having the common courtesy to pretend to have the moral high ground. Of course, that's just my opinion; I could be wrong.

    --

    If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.

  4. The Chinese are VERY dishonest. by Anonymous Coward · · Score: 5, Informative

    "Expect to see more Sorny goods if this goes ahead!"

    Maybe not. Maybe: "Expect to see a lot of counterfeit products labeled Sony, in the same kind of packaging Sony uses."

    Ever since the days of the DOS operating system, when it was only the Taiwanese who supplied computer parts, the Chinese have been extremely dishonest. They would deliver computer parts until a distributor got established. They would get paid when a load was delivered to a ship in Taiwan. But, the would eventually deliver a huge load of junk, stuff that had failed testing but had been saved for that purpose. That would put the U.S. distributor out of business.

    At the same time, there would be a Chinese distributor in town that just began doing business, selling the same items.

    Now that everyone has paid to build factories and complicated procedures in China, they are very vulnerable to Chinese control.

    Here are a few stories, chosen from thousands. The Chinese governments, in Taiwan and mainland China, have always pretended to be interested in stopping counterfeiting:

    FBI and Chinese seize $500 million of counterfeit software.

    Dangerous Fakes: How counterfeit, defective computer components from China are getting into U.S. warplanes and ships.

    YouTube videos about Chinese counterfeiting

    The World's Greatest Fakes: Chinese Copies Are Making Their Way Back To U.S.

    Heparin Find May Point to Chinese Counterfeiting

    Chinese Product Counterfeiting Causes US Job Layoffs

  5. Re:yeah, right by ozphx · · Score: 2, Informative

    Yes, the DoD does. As does any decent sized organisation, government or not. Its just a matter of signing the NDA.

    Microsoft granted the Chinese government access to the Windows source in 2003 IIRC.

    --
    3laws: No freebies, no backsies, GTFO.
  6. Re:Biased view of the world have we? by zenyu · · Score: 3, Informative

    RMS wants source code to be released free for everyone.

    The Chinese government (according to the extract provided in the slashdot summary...) wants to be able to inspect the source code for their own purposes (with the possibility implied by the article authors that they might then seek to gain from it).

    The former is embracing freedom. The second is not.

    I think that is a very important point. I've heard Eben Moglen talk about this. To paraphrase his take on the Free Software is Communism meme: Yes we do share some of the goals of communism, such as no child should be denied an education, but our methods are the polar opposite from that of Communist states. We rely on voluntary sharing to achieve our goals not the power of government, not only is this method successful with information because the costs of duplication are negligible and the positive network effects of sharing are immense, but we also don't believe the ends justify the means. We only want to use means that are moral and just irrespective of our goals.

    But I think people are making a mountain out of a molehill here, if you read the article you'll see that China is only demanding the software to hardware crypto devices. All real crypto devices use public algorithms. And this software is already made available to all Western governments, Western ones just get the source by putting the source code requirement into procurement contracts. Since China is not asking for the VHDL for the hardware they have no hope of using this source for reverse engineering the devices, all they can do with it is check for the most obvious of illegal back doors.

    Yes, it's wrong for the Chinese government to obtain this information by fiat rather than by the sugar of a procurement contract or a court order _after_ a crime has been committed. But this is not very news worthy, China has an authoritarian government and it has had one for as long as I've been alive. This is how authoritarian governments do things, in an authoritarian state when you refuse a customs search you are forcibly searched, in a liberal democracy they send you and your belongings back to where you came from. This permeates throughout the whole society. Writers here on /. are ascribing all kinds of nefarious motives, but I bet the motive is exactly the same as when their own government looks at this source code. It has nothing to do with reverse engineering these public algorithms and everything to do with looking for back holes. China is just using the same authoritarian methods as other authoritarian states; remember the US, Russia and France still have laws on the books banning the export of strong crypto to their 'enemies', left over from more authoritarian times. The US even has a recent history of serious proposals for much more draconian regulation of crypto, remember the Clipper Chip? Remember how you had to jump through hoops to get Netscape with a paltry 128-bit key support just so that it would take 5 minutes for a criminal to get your credit card from an online transaction instead of you broadcasting your banking information completely in the clear?

    The article is also complete garbage. The article ends with some silly babble about how Microsoft has made their money by keeping it's source code a secret. Any large purchaser can get their hands on the source code to Microsoft's released products, the Chinese government has copies of it, so does your government. I've even had a Microsoft evangelist _beg_ me to look at the source to help them with a driver problem.

  7. Re:So they can counterfeit by Anonymous Coward · · Score: 1, Informative

    There are plenty of stupidity in your post, but I'll point out the obvious one...

    South East Asian nations are still used as a source of cheap de facto slave labour

    South East Asian nations choose the price at which they let Western Nations operate. It's not hard for the nation to set a minimum wage law. Ever wonder why they don't? Oh, because the country gets to majorly benefit from it! They get massive employment for their population, making a fairly decent wage by their standards, and the country gets a massive infrastructure. And who's bringing these poor third world nations into industrialized nations? That's right, your greedy western corporation.

    Someone give this kid a macro-economics class and a psychiatrist to reverse his stupid activist brain-washing..