Slashdot Mirror

← Back to Stories (view on slashdot.org)

India, China Try Import Regulations As Security Tools

Posted by timothy on from the you-can't-enter-our-theme-park dept.

An anonymous reader writes "The Register reports that the Chinese government is forcing vendors to cough up the source code to their encryption alogrithms before they can sell their equipment to the Chinese government. The EU doesn't seem to like it, but if I were in their position I'd want the same thing." China's biggest neighbor goes further; another anonymous reader writes "Telco equipment from China could have spyware that gives access to telcom networks in India. The Indian government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India. The biggest gainers from the move could be Ericsson, Nokia, and Siemens, which have been losing market share to aggressive Chinese equipment-makers in India."

14 of 108 comments (clear)

  1. The only encryption algorithms worth a damn by al0ha · · Score: 4, Insightful

    are the ones that are open to peer review. So Kudos to the Chinese for being smart enough to make these idiot companies with closed-source encryption technologies provide them with the source code for review. Good encryption does not rely on obfuscation of code and processes!

    --
    Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
    1. Re:The only encryption algorithms worth a damn by Anonymous Coward · · Score: 4, Insightful

      I don't think that's why they want to view the source code...

    2. Re:The only encryption algorithms worth a damn by _merlin · · Score: 5, Interesting

      What's really funny is that India is stopping buying Chinese made teleco equipment whilst other countries like the US; also great friends of China (when will you stop blocking their discipline against the rebel province of Taiwan???) still continue to buy Chinese.

      No, it's actually quote logical. You see, for Western countries, China is a nominally communist "bad guy" that conveniently serves as an example of what the opposite of their idea of "freedom" would be. In practice, they're too distant for this to cause any change in behaviour, and buying their cheap products seems to keep the plebs happy. OTOH, India and China are highly populous nuclear armed mega-countries that share a disputed land border (see Arunachal Pradesh) - that warrants a degree of caution when dealing with each other.

  2. Copying by mwvdlee · · Score: 5, Insightful

    If you're going to give your source code to the Chinese, you know for certain they will copy it and never buy a product from you again.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    1. Re:Copying by Jawn98685 · · Score: 5, Funny

      Yes, but you can then buy "Genyooine Cisko Router" for only $199 American dollar, so is good deal for everybody.

    2. Re:Copying by game+kid · · Score: 4, Funny

      That one sucks. I prefer "Ginuwine Sisqó Router" because its Web interface has lots of thongs and double entendres.

      --
      You can hold down the "B" button for continuous firing.
    3. Re:Copying by Myji+Humoz · · Score: 4, Interesting

      How does giving the source code for an encryption algorithm equate with giving the sourcecode for the hardware?

      For that matter, how the heck does giving someone the source code (controlling software, drivers, encryption, backup algorithms, etc) equate with giving them blueprints for your hardware?

      Mindless Chinabashing at its best.

      --
      Signatures are the new names.
  3. What a novel concept by srussia · · Score: 5, Insightful

    Security through security!

    --
    Set your phasers on "funky"!
  4. Re:Trust by FooAtWFU · · Score: 5, Insightful

    I'm just reminded of the old security-oriented definition of Trust: the person you trust is the person who can break your security. It's a perfectly healthy attitude to trust people (/businesses/nations) as little as possible when the security of your data is at risk. In arena of IT security, we need less "trust" and more "verify".

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  5. What's the point exactly? by c0d3g33k · · Score: 4, Insightful

    Unless the source can be compiled from scratch and used in place of the pre-compiled versions, including flashing of firmware, creation of installable ROM images or OS installs, having source code guaranteed by analysis to be exploit-free gains the user nothing. There could still be spyware in the final product. Short of self-installing, I guess creation of bit-equivalent or checksum-equivalent binaries would be good enough as a verification mechanism.

  6. This really can be a problem by ThermalRunaway · · Score: 5, Interesting

    I have worked in the defense industry for a while, and used to work in the "Government" division of a major telecom company.

    One project we had worked on was encrypted cell phones for gov use. Our customers were only interested in a solution that was top to bottom US made from cleared companies. The chipset, OS, drivers, etc, were all built in the US, so there was no issue of "back doors"

    I also heard rumors at one point about some contractor actually finding mal-ware type SW embedded in the firmware of Lenovo laptops that could sort of call home to momma. I've never seen Lenovo boxes around after that.

    I think these issues are going to be bigger than just a single point in the infrastructure chain. With so much cyber activity going on, I think many countries are going to face the same sort of issue India is trying to prevent.

  7. Re:Trust by Arker · · Score: 5, Insightful

    Nobody wins when no one trusts each other.

    Au contraire, when it comes to security, everyone wins when no one trusts each other.

    The chinese move, at least, is long overdue. No one should ever trust a device whose source code is secret.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  8. Actually it's security as an import regulation by M_Hulot · · Score: 4, Interesting

    The headline suggests that China is using import rules to bolster security. I think it is the other way round. They are using the demand for source code as a barrier to trade to (unfairly) help domestic firms. Not very many overseas firms are going to provide source code, leaving the market open to Chinese firms.

  9. Re:The future... by ibsteve2u · · Score: 4, Interesting

    see conditions begin to favor agile, much smaller businesses that can efficiently produce most important things at home

    I tend to disagree; while conditions may differ elsewhere, our Supreme Court's transformation of corporations into super-citizens will in fact encourage corporations to become ever bigger so as to ever better afford the purchase of both political advertising and politicians. Given enough political control, a corporation can simply and effectively modify the rules of the game to make "doing business" prohibitively expensive or complex unless you are already of sufficient size.

    And they will do that; the important thing to remember is that our corporations have grown themselves to the size that they are now for the competitive advantage that size provides in the pursuit of profit; they do not, in fact, like competition, and size provides more and better opportunities to eliminate competition.

    lolll...ask Wal*Mart.

    --
    Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"