Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Agrees To Chinese Security Audits of Its Products

Posted by samzenpus on from the looking-behind-the-curtain dept.

itwbennett writes According to a story in the Beijing News, Apple CEO Tim Cook has agreed to let China's State Internet Information Office to run security audits on products the company sells in China in an effort to counter concerns that other governments are using its devices for surveillance. "Apple CEO Tim Cook agreed to the security inspections during a December meeting in the U.S. with information office director Lu Wei, according to a story in the Beijing News. China has become one of Apple’s biggest markets, but the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security, Lu told Cook, according to an anonymous source cited by the Beijing News."

114 comments

  1. Absolutely fair.. by Rick+in+China · · Score: 2, Insightful

    More countries should be doing security audits on more products.

    1. Re:Absolutely fair.. by Anonymous Coward · · Score: 5, Insightful

      "Security Audits" - In other words, making sure these governments have a way to access secure information stored on confiscated iPhones from activists, dissidents, journalists, and other troublemakers.

    2. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      Mod this insightful.

    3. Re: Absolutely fair.. by Anonymous Coward · · Score: 0

      So to have the same rights as the US government? A government that's also not that friendly to free speech anymore - only if it suits them.

    4. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      Many countries are already doing this, sometimes without the permission of the vendor. They do so to protect state secrets (and indirectly the citizens), not to protect the citizens directly. I suspect the Chinese will publish some of their findings (but obviously not all of them) both in order to help their citizens and for propaganda purposes. Many countries choose not to publish any of their findings.

    5. Re:Absolutely fair.. by bloodhawk · · Score: 2

      It is common practice for most countries, the only thing new here is a western country letting china do it too.

    6. Re:Absolutely fair.. by Anonymous Coward · · Score: 2, Funny

      No, it says "protect the security and privacy of their users". Are you accusing them of lying?

    7. Re:Absolutely fair.. by gnasher719 · · Score: 1

      "Security Audits" - In other words, making sure these governments have a way to access secure information stored on confiscated iPhones from activists, dissidents, journalists, and other troublemakers.

      How would a security audit achieve this? Just curious. I'm sure you know a lot more about this than I do.

    8. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      More countries should be doing security audits on more products.

      Yeah right.

      The last time we let a country perform an "audit", DHS was born, and a couple trillion taxpayer dollars vaporized all so we could feel safer in the skies...you know, those skies where entire fucking aircraft still end up "missing" in the year 2014.

      The last time a guy named Edward tried to call out the auditors for stepping out of line, the country blackballed him.

      And ironically, if this sort of "inspection" was going on in the US, it would be the NSA doing it...to ensure their software is functioning properly.

    9. Re:Absolutely fair.. by weilawei · · Score: 3, Informative

      I believe the GP was suggesting that the phrase "security audit" was being used in a euphemistic manner.

    10. Re:Absolutely fair.. by bouldin · · Score: 1

      Here in America, we don't even audit our damn voting machines.

      Unmodified, general purpose COTS non-voting software (e.g., operating systems, programming language compilers, data base management systems, and Web browsers) is not subject to the detailed examinations specified in this section. However, the accredited test lab shall examine such software to confirm the specific version of software being used against the design specification to confirm that the software has not been modified. Portions of COTS software that have been modified by the vendor in any manner are subject to review.

      The parts of the standard that actually cover auditing the voting code aren't exactly thorough, either. After all, democracy, schmemocracy!

    11. Re:Absolutely fair.. by swb · · Score: 2

      This was my first thought -- it's a search not for security of the devices, but a search for exploits of these devices and/or some form of industrial espionage.

      But I wonder -- can Apple set the terms of the audit? Ie, you get to examine whatever it is you examine in our office using our provided systems which aren't connected to the Internet. You may not bring any electronic devices into the audit facility. You may not reproduce any code you review in our facility by any means, including notes, pseudocode, block diagrams, etc.

      I suppose there's still some risk -- ie, deliberate subterfuge involving copying in some way or the use of a memory savant or some error so obvious they know how to attack it without any information exfiltrated.

      I don't know, but I also assume that a truly thorough security audit of a large, novel (ie, you didn't write it) code base is hard and may be dependent on 2nd order effects, like the actual generated object code. Which may make it extremely time-consuming -- didn't the funded audit of TrueCrypt take an extremely long time just to do the initial audit?

    12. Re:Absolutely fair.. by gtall · · Score: 1

      That, and I wonder how intrusive are the security audits. I wouldn't put it past the Chinese government to think of the security audits as a legal way to steal technology ideas.

    13. Re:Absolutely fair.. by AmiMoJo · · Score: 0

      The NSA installed the backdoor, can't blame others for wanting to find it. That way they can protect themselves, exploit it for their own use and pick up some hints on the sort of techniques that the NSA likes to use.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:Absolutely fair.. by gnasher719 · · Score: 1

      I believe the GP was suggesting that the phrase "security audit" was being used in a euphemistic manner.

      And in what alternate universe would Apple agree to a euphemistic security audit?

    15. Re:Absolutely fair.. by gnasher719 · · Score: 3, Insightful

      Consider that China is legally allowed to do security audits or "security audits" on any open source system. So what would Apple have to be afraid of that Linux or OpenSSL just as examples don't have to be afraid of?

    16. Re:Absolutely fair.. by weilawei · · Score: 1

      I can't really answer that, since I don't have any information on their internals, thus, I'd be speculating. I was merely pointing out what the GP appeared to be saying.

      Do I agree with the GP? No idea. It's rather difficult to pass judgement on things without any actual details. I'd prefer to skip speculation and just wait for the results.

    17. Re:Absolutely fair.. by Muad'Dave · · Score: 1

      In a world where several BILLION up-and-coming wage earners are ripe to purchase their products, which, incidentally, wouldn't exist if not for the cheap labor still extant in that very same country.

      --
      Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
    18. Re:Absolutely fair.. by swb · · Score: 4, Interesting

      Fear one may just be outright industrial espionage.

      I'm guessing that security in Apple products goes above and beyond whatever (likely modified) FOSS libraries they use, but would also include stuff like their whole-disk encryption system, the touch ID sensor and its encodings, etc. So there's a fair amount of proprietary tech in these devices.

      Fear two might be obtaining what amount to currently unknown zero-day exploits that could conceivably open all iDevices to security risks exploitable by Chinese intelligence.

      AFAIK, recent models and OS levels have a generally accepted level of security that makes them difficult to break or exploit and I think this has come to be seen as a competitive advantage. Even if the security is beatable by the NSA in a lab situation, the marketing value is to businesses worried about lost devices or devices used in vertical markets with security compliance regulations.

      Which is why I wondered how much Apple can control the terms of a security audit. Do the the Chinese just get handed a memory stick with ios-82-iphone6-source.tgz they can take back to their office or do they sit in a plain white room with locked down desktops that do a one-way remote console to a machine with source code? Or worse, a plain white room with a bunch of binders of printed source code?

    19. Re:Absolutely fair.. by Minupla · · Score: 4, Interesting

      Hrmm, this might work out well for us non-govt people.

      Consider:

      NSA: "Apple, you must let us 'review' your code. We'll keep our findings to ourselves, you can't tell anyone"
      Apple: "OK"
      NSA digs through code, finds exploits, locks them up for future weaponization ...
      China: "Apple, we'd like to "review" your code. We're going to tell the world about it"
      Apple: "OK"
      NSA: "Crap, now those evyl Chinese will find our exploits. Darn, I guess we'd better tell Apple to fix them after all or the Chinese will be spying on us!

      At the end of the day, the best we can hope for is that the various spooks keep each other honest.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    20. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      No accusation, stating it as a fact. and the OP is right

    21. Re:Absolutely fair.. by stealth_finger · · Score: 2

      In a world where several BILLION up-and-coming wage earners are ripe to purchase their products, which, incidentally, wouldn't exist if not for the cheap labor still extant in that very same country.

      Maybe their regional ads will say 'Designed in California. Made in China'

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
    22. Re:Absolutely fair.. by phayes · · Score: 4, Insightful

      What better way to learn what undiscovered security holes there are in a product than to be able to see the source code?

      Oh, you thought that the reason China wants to audit the code is so that they can "protect" their citizens. Yes, because not at all well known for targeting dissent, no, not at all...

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    23. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      In a world where Chinese market share is valued more than individual right to privacy.

    24. Re:Absolutely fair.. by NatasRevol · · Score: 1

      That's not all it says...

      --
      There are two types of people in the world: Those who crave closure
    25. Re:Absolutely fair.. by drinkypoo · · Score: 0

      But I wonder -- can Apple set the terms of the audit?

      No, but they can create different versions for different nations with different back doors approved by each region's security apparatus...

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    26. Re:Absolutely fair.. by BasilBrush · · Score: 1

      Losing the additional security that closed source gives over open source.

      Note that the phrase "There's no such thing as security through obscurity" is a nonsense. Security through obscurity alone is poor security. But it does indeed add a level of security when combined with other security practices.
      https://en.wikipedia.org/wiki/...

    27. Re:Absolutely fair.. by Anonymous Coward · · Score: 1

      It means that they get to see the source code under NDA. They negotiated the same thing for Windows. Having source makes it a little easier to find exploits to add to an NSA-like arsenal backing a FOXACID-like system. Though it's possible to find exploits without source, it's natural for them to want every advantage they can get.

      Hopefully this is less of a big deal for Apple than it was for Windows since much of the Apple source code is already public: Darwin and WebKit. There's still a lot of closed-source attack surface, though.

      For ChromeOS it's a non-event because ChromiumOS is already open, and you can build ChromiumOS and run it on a Chromebook. Even the development head is open, unlike Android. The PDF reader and Flash runtime are not open, but at least they're sandboxed.

      I don't think the audit is useful for the stated purpose because Apple can choose what they hand over, and there's no "reproduceable build" like there is with Tor and soon Firefox. If Apple did insert back doors at NSA's request, not only would they have the opportunity to remove these backdoors from the audit, they might worry about being punished if they didn't.

      Normal software audits are requested by the auditee. Think about what you would want if you audited Huawei's source. There's no sane way to do it. If the auditee is adversarial, a software audit done in any normal way is worthless. But getting some Huawei source to hand to our spy agency so they could find more Huawei exploits is a great idea if we want to increase the reach of our global collection network.

      Tim Cook is therefore either really stupid, or doesn't care.

    28. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      your EFFing lunatic gov't lied everywhere it can and can't. So basically, no other gov'ts would allow any major US company to wiggle their balls around their comm's. Including Apple, Google, whatever, ya know.

    29. Re: Absolutely fair.. by jd2112 · · Score: 1

      By 'users' I'm sure they actually mean the communst party elite...

      --
      Any insufficiently advanced magic is indistinguishable from technology.
    30. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      Here in America, we don't even audit our damn voting machines.

      Because of, you know, whatever you vote, your slavery is totally determined by your EFFing "United States Electoral College".

    31. Re:Absolutely fair.. by Etherwalk · · Score: 2

      Here in America, we don't even audit our damn voting machines.

      Because of, you know, whatever you vote, your slavery is totally determined by your EFFing "United States Electoral College".

      Unless you're in one of the few states that either has proportional representation or is a swing state. I have seriously considered moving to a swing state for that reason.

    32. Re:Absolutely fair.. by painandgreed · · Score: 1

      In a world where several BILLION up-and-coming wage earners are ripe to purchase their products, which, incidentally, wouldn't exist if not for the cheap labor still extant in that very same country.

      Maybe their regional ads will say 'Designed in California. Made in China'

      Probably should actually say 'Designed in California. Made in Taiwan, Japan, and Korea. Assembled in China.'

    33. Re:Absolutely fair.. by rtb61 · · Score: 2

      It depends what they are actually saying when they say they want to security audit the devices. I take that to mean complete access to the source code for all software supplied with the device and complete access to detailed hardware designs. So yep, a security audit will allow the Government of China to hunt down bugs and make use of them "to access secure information stored on confiscated iPhones from activists, dissidents, journalists, and other troublemakers". Likely it goes deeper than this and they want to access all possible associated Apple devices with or without the users permission upon a global basis and Apple is like 'meh' profits first. Apple users in the US better watch out, it's not like the Government of China's investigatory agencies are even slightly free of corruption and many of the 'er' hidden features they find are pretty much guaranteed to become available to organised crime.

      --
      Chaos - everything, everywhere, everywhen
    34. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      Yeah the "red state" I live in votes around 45% democrat, but has 100% republican representation. Guess how many fucks they give about 45% of the population here.

      Not that they care about the poor republicans, either, but hey at least we can bring guns into bars and churches now.

    35. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      and how is this different than the American government security auditing? Or do you actually believe your government are the good guys and not just the slight lesser of two evils?

    36. Re:Absolutely fair.. by Jane+Q.+Public · · Score: 1

      "Security Audits" - In other words, making sure these governments have a way to access secure information stored on confiscated iPhones from activists, dissidents, journalists, and other troublemakers.

      Not necessarily. There are legitimate kinds of audits, too. In fact the U.S. should be doing more of them.

      We have already found foreign chips (guess where they were made) that were "backdoored", even in some military products. And others that were cheap forged copies of better chips.

      Whenever we have electronics that are important to not just military security but even just citizen privacy and dependence (like phones), we should be doing thorough security audits.

    37. Re:Absolutely fair.. by Anonymous Coward · · Score: 0

      Is TFA about audits being granted by the USG? No. STFU.

    38. Re: Absolutely fair.. by Anonymous Coward · · Score: 0

      pretty much this. let's see what a Chinese tech company says when the USA ask for their source so they can protect their users. not happening. Tim Cook needs to go. the building is already on fire.

  2. Of Course by theshowmecanuck · · Score: 3, Insightful

    Since most of their operations are in China (even if de facto), they are essentially a Chinese company. They have to agree.

    --
    -- I ignore anonymous replies to my comments and postings.
    1. Re: Of Course by kthreadd · · Score: 1

      They have outsourced parts of their business to companies in China, but that does not make them a Chinese company.

    2. Re: Of Course by Anonymous Coward · · Score: 0

      Not legally, but China can stop Apples revenue stream in less than an hour, so Apple is basically a chinese company. Their manufacturing is in China, huge part of their customer base is in China. If china ever gains the trust of international companies their HQs will move there as well. Currently the risk vs profit ratio of having manufacturin in china seems to be accectable for many companies. US and Europe being politically unstable also helps china in this competition.

    3. Re: Of Course by Anonymous Coward · · Score: 0

      Yeah, right.

      Over 90% of their employees are Chinese, and they are based in Ireland in order to avoid tax.

      What's American about Apple?

    4. Re: Of Course by Crashmarik · · Score: 0

      . US and Europe being politically unstable also helps china in this competition.

      ROFL

      OK there that was funny.

    5. Re: Of Course by Anonymous Coward · · Score: 1

      The corruption?

    6. Re: Of Course by theshowmecanuck · · Score: 0

      I had the same first reaction but after thinking, there is some merit to this idea. China has a fairly stable set of policies. North America and Europe often change policies based on election cycles and what the latest 'lobbyist' put in his political puppet's pocket. No judgement on what the best system is, but the point does have some merit. Both of course have even more back room deals.

      --
      -- I ignore anonymous replies to my comments and postings.
    7. Re: Of Course by theshowmecanuck · · Score: 1

      Someone please explain to me why this would be flamebait? I am just pointing out facts that people here on Slashdot get modded up for all the time.

      --
      -- I ignore anonymous replies to my comments and postings.
    8. Re: Of Course by Crashmarik · · Score: 1

      It's Slashdot
      Facts that someone doesn't like are the ultimate flamebait.
      Pointing out logical flaws in an argument is trolling.
      Likely we ran into an anti America/Europe/West person or just pro Chinese/ child of their elite type

  3. Wait a second by codeButcher · · Score: 2

    I thought Apple products were assembled in China? (By chinese spies masquerading as low-wage workers, etc. etc. etc.)

    Also, Lenovo.

    --
    Free, as in your money being freed from the confines of your account.
    1. Re: Wait a second by Anonymous Coward · · Score: 0

      I heard your government goes far with telling stories China are the ones who is doing the surveillance, not them. I feel so sorry for you!

    2. Re:Wait a second by AmiMoJo · · Score: 1

      I don't think the assemble the code by hand any more.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Wait a second by drinkypoo · · Score: 1

      I thought Apple products were assembled in China?

      Manufactured and assembled. They used to assemble parts for the US market in Sacramento, but they decided that they should keep the proceeds from the Mac tax instead of paying American workers to build products which are associated with America.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re: Wait a second by Anonymous Coward · · Score: 0

      Hah, well clearly they need to find out why things aren't phoning home proper.

  4. this proves nothing whatsoever. by Anonymous Coward · · Score: 4, Insightful

    If Apple cooperates then how do they know the devices and software are exactly the same thing that Apple sells in China. The thing to do would be to acquire random samples in China and elsewhere jailbreak and then analyze. Never mind that Apple may not include obvious back doors but instead subtle behaviors that can be exploited and also explained away if discovered by outsiders.

    When push comes to shove it is all bullshit to use enemy technology. If I was in their shoes I would go for my own hardware and software developed without any input from the outside.

    They are probably more interested into breaking into existing I-devices so don't use these things what you want neither the US-G or the CN-G to know. That simple. Nobody is your friend here.

    1. Re:this proves nothing whatsoever. by Rick+in+China · · Score: 4, Funny

      If I was in their shoes

      You probably are in their shoes.

    2. Re:this proves nothing whatsoever. by Anonymous Coward · · Score: 0

      Not modded up (as of now), but I thought it was funny.

    3. Re:this proves nothing whatsoever. by Anonymous Coward · · Score: 0

      The Chinese government already has developed its own technology in some cases with government backdoors. They've done this indirectly through other government sponsored institutions. There is at least one piece of home-grown tech I can actually identify that has a backdoor put in by the Chinese government itself and it was “designed” into the product. It isn't just being added after the fact.

      The backdoor in this case was quite crude and the software used on it was based on Free Software. This was actually how it was discovered in part. While the sources were not available (and that isn't unusual) there was an entity wanting them in the western world. The entity was interested in contract manufacturing of this item for distribution in the west with some slight changes. To do that the western entity required sources. Unfortunately the manufacturer was merely licensing the designs and only had a binary. This isn't unusual, but it turns out they could get the sources for a price-or so they claimed. They made sure this price was ridiculously high to avoid having to release it. Ultimately the western entity decided to reverse engineer it instead.

      After all this the people at the factory started freaking out about it. All communication ties were instantly cut with the western entity once the factory found out the project had the source code. The exact reason for the disconnect of communication was only confirmed because a person was sent to the factory to investigate what happened. There never was any communication with the factory of a backdoor either- only of the reverse engineering work which had been performed and resulting source code. They could not say over email the reason they had become disinterested in working with the western entity over phone or email. Ultimately they feared backlash from the government and being seen as cooperating with the enemy. They feared government retaliation.

      The device was almost entirely Free Software already so it was kinda pointless to refuse the source too.

      It highly likely the US government has also got backdoor access to at least many of our devices. The Replicant project identified an application that is included all-or near all Android phones. It is a proprietary bit of software as the OS layer. However there could be a backdoor at an even lower laywer potentially.

      For those who care about privacy, liberty, and freedom these are some of the reasons you need to demand the products you buy come with the complete set of sources. There are very few organizations/people/companies taking steps to reverse engineer and/or get companies to cooperate in the release of code at a hardware level. Even if you don't like the FSF the “Respect Your Freedom” (certification that hardware is not dependent on non-free software) project is one project everyone should be in support of. See fsf.org/ryf

  5. get ready by Anonymous Coward · · Score: 0

    Comrades , get ready for RedFlag iOS!

  6. Exploitable flaws by Anonymous Coward · · Score: 1

    It will enable the Chinese intelligence services to identify more currently unexploited flaws in the security of Apple's products. I doubt they will let Apple know of all the flaws that they find.

    I suspect also that Apple could not refuse to cooperate, and I would be surprised if the intelligence services in the USA are not doing precisely the same.

    I wonder if the Europeans are regretting the disembowelling of Nokia as a phone manufacturer?

    1. Re:Exploitable flaws by Anonymous Coward · · Score: 1

      If you could choose, would you have allowed or disallowed Apple to let China do this audit?

  7. The trouble is.. by Anonymous Coward · · Score: 0

    "the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security"

    I don't trust America very far when it comes to technology, but I trust China even less. The last four words are the most dangerous, sure you can conduct security audits (or just don't have your officials use these phones) but why do I get the feeling they want to insert that extra bit of code to track anyone.

  8. Well. by Anonymous Coward · · Score: 0

    A thief always fears theft.

    A spy always fears being spied upon.

    1. Re:Well. by Anonymous Coward · · Score: 0

      You are naive if you think countries like China and Russia don't want the technology that the NSA/CIA/etc are using. Or that they will use it in a less dangerous manner.

  9. From the home of industrial espionage, China by sethstorm · · Score: 0, Troll

    Given the historically proven record of China and its espionage, it should be the other way around. It is a part of their history and their culture.

    Nortel? After the Chinese were done with them, Huawei and ZTE rose up as PRC military-backed entities.
    US government contractors? The Chinese have been continually caught with their hand in the cookie jar.
    Any company that deals with China? Expect clones if your designs aren't tightly controlled.

    On the other hand, the accusations against the US rely on baseless allegations from a cowardly individual. The desire to preserve one's own life, through the trading of national secrets for protection, put the lives of US citizens at danger. Enemies changed their actions based on the improper and unlawful disclosures of classified material.

    The only valid response to such demands from China is to turn up the heat on their actions. Huawei's banishment from the US and Australian governments was a good start in that respect.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
    1. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 0

      On the other hand, the accusations against the US rely on baseless allegations from a cowardly individual.

      really?? seriously? most of the allegations have been proven to be true, the ones that haven't been proven they just refuse to comment on. and cowardly? he possibly performed one of the bravest acts of all given the US's track record with assassinations.

    2. Re:From the home of industrial espionage, China by X.25 · · Score: 0

      Given the historically proven record of China and its espionage, it should be the other way around. It is a part of their history and their culture.

      Nortel? After the Chinese were done with them, Huawei and ZTE rose up as PRC military-backed entities.
      US government contractors? The Chinese have been continually caught with their hand in the cookie jar.
      Any company that deals with China? Expect clones if your designs aren't tightly controlled.

      On the other hand, the accusations against the US rely on baseless allegations from a cowardly individual. The desire to preserve one's own life, through the trading of national secrets for protection, put the lives of US citizens at danger. Enemies changed their actions based on the improper and unlawful disclosures of classified material.

      The only valid response to such demands from China is to turn up the heat on their actions. Huawei's banishment from the US and Australian governments was a good start in that respect.

      It's a pretty bad troll. 3/10 at most.

      But I really loved the part about "cowardly individual". I think it was the highlight of your troll.

      Also, home of industrial espionage would be the USA.

    3. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 1

      > the accusations against the US rely on baseless allegations from a cowardly individual.

      And the F35 is a good bird :)

    4. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 0

      > On the other hand, the accusations against the US rely on baseless allegations from a cowardly individual.

      Hmm. sethstorm == cold_fjord?

    5. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 0

      So you're fine with your country's constant violations of its founding principles?

      Why would you be fine with that?

      You're certainly not the land of the free now, are you?

    6. Re:From the home of industrial espionage, China by drinkypoo · · Score: 1

      Also, home of industrial espionage would be the USA.

      I can't help but think of wooden shoes clogging machinery.

      Arguably, the home of industrial espionage would be either the UK or Germany. You need industry before you can have industrial espionage, so it seems like the proper powers for the era.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:From the home of industrial espionage, China by DocSavage64109 · · Score: 1

      The mods seem to disagree with you.

    8. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 0

      I'm 30 and certainly think he exemplifies the concept of 'American Hero'. Oh and I have a clearance.

    9. Re:From the home of industrial espionage, China by Anonymous Coward · · Score: 0

      I just wanted to say, thank you for your service. I believe that we need intelligence agencies, but they should be reigned in when they exceed their mandate or their mandate becomes excessively expanded to target domestic civilians.

      Intelligence agencies should serve the people and provide information to enable the creation of policy, not dictate policy themselves. When they cease to serve the people and begin to serve their own interests or the interests of a select few, then they have become dangerous.

      Intelligence is necessary--critical even--to the survival of a nation, but domestic surveillance is one of those things that destroys nations. I love my country and wish that it will continue and prosper, but there's some seriously fucked up shit going on.

      Again, thank you for your service. Remember your oath and uphold it, even if it costs you personally. After all, freedom isn't free, eh?

    10. Re:From the home of industrial espionage, China by Sarten-X · · Score: 1

      I seem to recall tales of trade cities that were quite paranoid about outsiders learning their craft, some of which predated industrialized Great Britain or Germany by a rather large number of years.

      Perhaps the most well-known example is Murano, whose artistic glassblowing techniques were held in high esteem by the region. An older example would be Damascus metalworking, and I have vague recollections of similar industrial pride dating back to Egypt.

      I'm afraid my memory is not a particularly reliable source, but I believe there were often stiff penalties for trying to export the local expertise. Perhaps someone with a more complete knowledge of history can fill in the details...

      --
      You do not have a moral or legal right to do absolutely anything you want.
  10. Trust by Anonymous Coward · · Score: 0

    While they're at it, do you think China could audit U.S.-bound products as well?

    1. Re:Trust by Anonymous Coward · · Score: 0

      The US already audits all US products, no way they are letting you have products without first inserting US sanctioned backdoors.

    2. Re:Trust by Anonymous Coward · · Score: 0

      Really? I'd like to know which US auditor audited all those freemium games that you play on your mobile device. How about explaining which US auditor inspects items purchased on eBay from China? How about cell phone jamming devices? Those have become somewhat popular despite their legal status. Who audited that? Who audited the Stringrays?

      This is not China. There is no monolithic entity auditing all US products. There are auditors who check certain categories of goods (meat, for instance), but not "all US products".

  11. Oh please oh please oh please... by Anonymous Coward · · Score: 0

    Please let some unscrupulous investigator leak the source code for iOS and Mac OS X!

    1. Re:Oh please oh please oh please... by Anonymous Coward · · Score: 0

      Unfortunately, you'd be bound up in legal red tape if you attempted to. While not a trade secret if released to the public at large (except for the unfortunate initial soul who would be charged), it forms a copyrighted work. You can't simply compile a copy of it and release it, expecting people to pay money for it. The people not paying money for it will soon find it out of date.

      What you really need is a clean-room reverse-engineered version of OS X. Sell that and watch Apple squirm. (Better have your lawyers on retainer.)

  12. Exploitable flaws by Anonymous Coward · · Score: 2, Interesting

    Nokia failed in design and marketing. Why would "Europe" regret that? It's not like "Europe" could have helped a bit. That's just how market works. Besides, the same people are still making phones, only they run MS software now. Nice phones, I have one, good exchange sync, works as a phone, WhatsApp works, nice camera. UI looks better imho compared to iOS and android. Software ecosystem may lack a bit, but everything I need in a phone is available. I have android phone also, but it's sitting on a desk at home because I have no use for it.

    Doesn't really matter who spies my phone. I only live for a couple of decades anyways, if someone wants to waste their time spying on me I say good riddance, hope they found it interesting. I'm also sure it doesn't matter one bit who actually made the phone. If some entitity with sufficient funds wants to spy on them they will. IT's not like the information security is too strong on any of those.

  13. Chinese AC Convention? by catmistake · · Score: 1

    Chinese New Year
    Chinese Zodiac
    Chinese Opera
    Chinese Laundry
    Chinese Restaurants
    Chinese Checkers
    Chinese Doll
    Chinese Puzzle Box
    Chinese Room
    Chinese Medicine
    Chinese Handcuffs
    Chinese Security Audits

    --
    The Admin and the Engineer
    1. Re:Chinese AC Convention? by Anonymous Coward · · Score: 0

      Ancient Chinese Secret

    2. Re:Chinese AC Convention? by Anonymous Coward · · Score: 0

      Jackie Chan!

    3. Re:Chinese AC Convention? by Anonymous Coward · · Score: 0

      Chinese Master

    4. Re:Chinese AC Convention? by Anonymous Coward · · Score: 0

      Chinese Grandfather

  14. It's good enough to shoot down China's copy. by Anonymous Coward · · Score: 0

    N/T

  15. That wasn't trolling, despite the modbombing. by Anonymous Coward · · Score: 0

    (insert something witty to say here)

  16. Better Chinese Clones by Hasaf · · Score: 2

    I was chatting with friends in China about this article. The immediate and unprompted comment was that this will allow the Chinese clone makers direct access to the coding in the Apple products

    1. Re:Better Chinese Clones by Anonymous Coward · · Score: 0

      Yes it will. Apple is playing a dangerous game here. There have been too many incidents of Chinese companies screwing their American partners in China

      Just ask Fellowes.

      http://www.chicagobusiness.com/article/20110409/ISSUE01/304099987/fellowes-makes-federal-case-of-legal-dispute-with-chinese-partner

  17. No access to source code by Anonymous Coward · · Score: 0

    "Apple will cooperate with spot network security audits of its products by Chinese officials, according to the story." A security check and access to source code are not the same.

    1. Re:No access to source code by Anonymous Coward · · Score: 0

      Wow, one lone poster actually read the article.

    2. Re:No access to source code by Anonymous Coward · · Score: 0

      Quick! Hang the bastard!

  18. Products? by maestroX · · Score: 1

    Does that include auditing MacOSX (integrated cloud services et al)?

  19. Why give China access to data by sabbede · · Score: 1

    that they won't disclose to us? I don't know if any of you have ever tried to get this info from Apple, but they really don't make it easy. Or possible.

    1. Re:Why give China access to data by Chrisq · · Score: 1

      that they won't disclose to us? I don't know if any of you have ever tried to get this info from Apple, but they really don't make it easy. Or possible.

      Just wait until the Chinese leak it online

  20. You are believing Lu and the GFW? by Anonymous Coward · · Score: 1

    How naive you are. Apple just wants to make money from Chinese market. They don't care about privacy.
    What Lu means is really, that you have to give your private key to us, or use the SMn ciphers(Chinese government home made ciphers, whether there are flaws or not, we don't know).

    -- one Chinese

  21. Another black mark by DriveDog · · Score: 1

    ...if that means the Chinese government gets to look at Apple's source code while Apple's customers do not.

  22. Nothing good can come of this. by mitcheli · · Score: 1

    So, what do we think? Will the Chinese Government use this opportunity to provide valuable input to Apple on security vulnerabilities that they discover to help better secure Apple products? Or will they squirrel away the things they discover to their Intel agencies? My bet's on the latter.

    --
    Select from tblFriends where interesting >= 4;
  23. An "option" by gwstuff · · Score: 1

    Gee, I wonder what the other option was...

  24. Consider the source by Anonymous Coward · · Score: 0

    All the stories today about this subject is from the same source: Beijing News. Should we even put much trust on Chinese news source? Most of them are considered to be mouth piece of the Communist Party.

  25. Auditing security" sounds a lot better than... by plaidhacker · · Score: 1

    "Researching zero days"

  26. So is the converse true? by Rick+Zeman · · Score: 1

    Can the US demand to security audit any Chinese product? Can we demand to see the source/firmware of, say, Huwai routers?

  27. I don't think it's really a security audit by misosoup7 · · Score: 1

    The Chinese is most likely doing this as a response to the US banning ZTE and Huawei telecom products in the US. The US government is accusing ZTE and Huawei of building backdoors and other security concerns into their hardware, so China wants to hit back with something equally annoying. China is basically saying that's cool, we can screw with your companies too. Especially since China is a huge market to cell phone makers that most US companies have yet to really tap into. And with a huge growing middle class, the amount of profit for products like iPhone and Android based phones is huge. China is basically holding the iPhone hostage to get better treatment of its companies outside of China.

    1. Re:I don't think it's really a security audit by Rick+Zeman · · Score: 1

      The Chinese is most likely doing this as a response to the US banning ZTE and Huawei telecom products in the US. The US government is accusing ZTE and Huawei of building backdoors and other security concerns into their hardware, so China wants to hit back with something equally annoying. China is basically saying that's cool, we can screw with your companies too. Especially since China is a huge market to cell phone makers that most US companies have yet to really tap into. And with a huge growing middle class, the amount of profit for products like iPhone and Android based phones is huge. China is basically holding the iPhone hostage to get better treatment of its companies outside of China.

      The problem with that is the Chinese market craves iPhones and the US market couldn't care less about ZTE and Huawei products. All that'll do is piss off the Chinese with disposable incomes, "the growing middle class" and Chinese leaders will get voted out of office.

      Oh wait. It's a dictatorship.

  28. For what - to verify the Chinese malware? by jtara · · Score: 1

    Wait. Do you mean that Apple has just agreed to allow the Chinese to audit the Chinese-made iPhones that have Chinese malware that the Chinese put in to the iPhones that Apple is shipping from China to China? Next they will be wanting to audit the Chinese-made iPhones that have Chinese malware that the Chinese put in to the iPhones that Apple is shipping from China to the U.S. as well? Before or after the NSA interdicts the Chinese-made iPhones made in China by Chinese and shipped (via some secret stop-off) to the U.S.? Will they audit to make sure that both the Chinese and NSA-installed malware is still present?

  29. Huh???? Chipping, anyone? by sgt_doom · · Score: 1

    But what about all those semiconductor chips out of China, which are part of those American drones, which allow Iran to bring them down (when they are illegally overflying their airspace)?

    The socialist response to Obama's SOTU:

    https://www.youtube.com/watch?...

    And the Real Obama:
    https://firstlook.org/theinter...

  30. Human rights by Anonymous Coward · · Score: 0

    Meanwhile, the headline of a PCWorld article is "China tightens Internet control by blocking VPN services".

    Tim Cook is all for protecting the environment, and for protecting workers' rights. That's great. I hope some day he'll care about human rights.