India, China Try Import Regulations As Security Tools

An anonymous reader writes "The Register reports that the Chinese government is forcing vendors to cough up the source code to their encryption alogrithms before they can sell their equipment to the Chinese government. The EU doesn't seem to like it, but if I were in their position I'd want the same thing." China's biggest neighbor goes further; another anonymous reader writes "Telco equipment from China could have spyware that gives access to telcom networks in India. The Indian government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India. The biggest gainers from the move could be Ericsson, Nokia, and Siemens, which have been losing market share to aggressive Chinese equipment-makers in India."

Copying

[mwvdlee]

If you're going to give your source code to the Chinese, you know for certain they will copy it and never buy a product from you again.

Re:Copying

[Jawn98685]

Yes, but you can then buy "Genyooine Cisko Router" for only $199 American dollar, so is good deal for everybody.

What a novel concept

[srussia]

Security through security!

Re:Trust

[FooAtWFU]

I'm just reminded of the old security-oriented definition of Trust: the person you trust is the person who can break your security. It's a perfectly healthy attitude to trust people (/businesses/nations) as little as possible when the security of your data is at risk. In arena of IT security, we need less "trust" and more "verify".

This really can be a problem

[ThermalRunaway]

I have worked in the defense industry for a while, and used to work in the "Government" division of a major telecom company.

One project we had worked on was encrypted cell phones for gov use. Our customers were only interested in a solution that was top to bottom US made from cleared companies. The chipset, OS, drivers, etc, were all built in the US, so there was no issue of "back doors"

I also heard rumors at one point about some contractor actually finding mal-ware type SW embedded in the firmware of Lenovo laptops that could sort of call home to momma. I've never seen Lenovo boxes around after that.

I think these issues are going to be bigger than just a single point in the infrastructure chain. With so much cyber activity going on, I think many countries are going to face the same sort of issue India is trying to prevent.

Re:Trust

[Arker]

Nobody wins when no one trusts each other.

Au contraire, when it comes to security, everyone wins when no one trusts each other.

The chinese move, at least, is long overdue. No one should ever trust a device whose source code is secret.

Re:The only encryption algorithms worth a damn

[_merlin]

What's really funny is that India is stopping buying Chinese made teleco equipment whilst other countries like the US; also great friends of China (when will you stop blocking their discipline against the rebel province of Taiwan???) still continue to buy Chinese.

No, it's actually quote logical. You see, for Western countries, China is a nominally communist "bad guy" that conveniently serves as an example of what the opposite of their idea of "freedom" would be. In practice, they're too distant for this to cause any change in behaviour, and buying their cheap products seems to keep the plebs happy. OTOH, India and China are highly populous nuclear armed mega-countries that share a disputed land border (see Arunachal Pradesh) - that warrants a degree of caution when dealing with each other.