Slashdot Mirror
India, China Try Import Regulations As Security Tools
An anonymous reader writes "The Register reports that the Chinese government is forcing vendors to cough up the source code to their encryption alogrithms before they can sell their equipment to the Chinese government. The EU doesn't seem to like it, but if I were in their position I'd want the same thing."
China's biggest neighbor goes further; another anonymous reader writes "Telco equipment from China could have spyware that gives access to telcom networks in India. The Indian government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India. The biggest gainers from the move could be Ericsson, Nokia, and Siemens, which have been losing market share to aggressive Chinese equipment-makers in India."
are the ones that are open to peer review. So Kudos to the Chinese for being smart enough to make these idiot companies with closed-source encryption technologies provide them with the source code for review. Good encryption does not rely on obfuscation of code and processes!
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
This seems like a natural progression down the line of diminishing trust between countries. It's not very surprising, especially since the Chinese government *may* have been 'supportive' of some of the China/Google hacking. It appears the downside of possibly endorsing or supporting security breaches is other people/countries/etc will suspect you of it from that point on.
... and I can't blame India for not trusting Chinese technology. Nobody wins when no one trusts each other.
I can't blame the Chinese government for wanting to have the encryption information
If you're going to give your source code to the Chinese, you know for certain they will copy it and never buy a product from you again.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Security through security!
Set your phasers on "funky"!
Unless the source can be compiled from scratch and used in place of the pre-compiled versions, including flashing of firmware, creation of installable ROM images or OS installs, having source code guaranteed by analysis to be exploit-free gains the user nothing. There could still be spyware in the final product. Short of self-installing, I guess creation of bit-equivalent or checksum-equivalent binaries would be good enough as a verification mechanism.
Yes, India is, like, right now in the process of auctioning 3G licenses. This will really bring benefits to Ericsson and Nokia Siemens.
One that hath name thou can not otter
I think China's move makes sense - they just want to check and make sure there is no backdoor in your code/algo. As an earlier post said "Good encryption does not rely on obfuscation of code and processes." They trust what the users want to encrypt, just making sure the devices are not leaking the info to uninvited parties.
As for India, this is very bad. They are just paranoid. This sets up a very bad example. They are scaring off all the business partners and hence the opportunities. Think if you are a vendor, how can you be sure that they would never do the same thing to you one day?
I have worked in the defense industry for a while, and used to work in the "Government" division of a major telecom company.
One project we had worked on was encrypted cell phones for gov use. Our customers were only interested in a solution that was top to bottom US made from cleared companies. The chipset, OS, drivers, etc, were all built in the US, so there was no issue of "back doors"
I also heard rumors at one point about some contractor actually finding mal-ware type SW embedded in the firmware of Lenovo laptops that could sort of call home to momma. I've never seen Lenovo boxes around after that.
I think these issues are going to be bigger than just a single point in the infrastructure chain. With so much cyber activity going on, I think many countries are going to face the same sort of issue India is trying to prevent.
The headline suggests that China is using import rules to bolster security. I think it is the other way round. They are using the demand for source code as a barrier to trade to (unfairly) help domestic firms. Not very many overseas firms are going to provide source code, leaving the market open to Chinese firms.
see conditions begin to favor agile, much smaller businesses that can efficiently produce most important things at home
I tend to disagree; while conditions may differ elsewhere, our Supreme Court's transformation of corporations into super-citizens will in fact encourage corporations to become ever bigger so as to ever better afford the purchase of both political advertising and politicians. Given enough political control, a corporation can simply and effectively modify the rules of the game to make "doing business" prohibitively expensive or complex unless you are already of sufficient size.
And they will do that; the important thing to remember is that our corporations have grown themselves to the size that they are now for the competitive advantage that size provides in the pursuit of profit; they do not, in fact, like competition, and size provides more and better opportunities to eliminate competition.
lolll...ask Wal*Mart.
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
in the 80's and 90's American manufacturers gave away their technology to the Chinese to get a piece of the huge Chinese market. This allowed the Chinese to modernize their manufacturing technology by decades in a few years. Then instead of opening their markets, China flooded the world markets and decimated the foreign competition.
One might hope managers of corporations would learn from the past...
I think India isn't doing the restrictions for Trust or Security reasons. Their politicians couldn't care less. For the right price, they will sell you a state or two.
It probably has more to do with keeping knock off China phones off the markets to keep the big corps happy. In India, there is rampant import of Chinese knockoff phones. An HTC becomes a HIC. They add a little line at the bottom and cut the price from $400 to $50. I kid you not. Quality control is an issue, but if you have the right connections, that won't be a problem. The phone is from the same factory that makes the name brand, its the same materials, same machines, and same people. Just the 3rd shift of lineman and it doesn't go through QC before shipment.
So for sometime, the India government has been pressured to put a stop to this import. They haven't been very successful but that doesn't mean they don't look like they are trying. Exactly how do you stop 50 individually owned stores stuffed into an area the size of a CVS from selling the same stuff to a population that creates a massive amount of demand but isn't willing to pay like credit based Americans are. Not to mention your enforcement divisions are willing to look the other way for a dollar of that $50 sale. Additionally, the worst offenders are the politicians and those connected to them.
Why do obnoxious dumbasses like you bring up poverty everytime India does something good or aspires for something that only developed countries has 'rights' to? A developing country cannot aspire to have security and be able to defend itself from commie and islamic terror neighbours? Cant it become self-sufficient in space, defence and other technological advances? Because it is poor, the entire populace is doomed to live in 15th century?