Slashdot Mirror
Tech Companies Worried Over China's New Rules For Selling To Banks
An anonymous reader writes: China is putting into place a new set of regulations for how banks interact with technology, and it has many companies worried. While the rules might enhance security for the Chinese government, they devastate it for everyone else. For example, not only will China require that companies turn over source code for any software sold to banks, the companies building the software (and hardware) must also build back doors into their systems. The bad news for us is that most companies can't afford to simply refuse the rules and write China off. Tech industry spending is estimated to reach $465 billion in 2015, and it's projected for a huge amount of growth.
Those Chinese banks are going to be the target of a huge amount of hacking. It's like an invitation. We've built a way for you to take over our system. Please try and find it.
No additional development is required, just reuse the code that was written for NSA backdoors.
US banks say "there is no backdoor" while waving their Jedi arms over our heads.
So china wants hardware back doors to all banks as the ones there use the same base hardware as the us ones.
try joshua
Now when I want to open an account at a bank, I'll have to ask them if their bank software vendor has or has planned to do business in China.
Hands up, everyone who thinks the software developers are going to go through the trouble of developing two separate applications.
This is what you get for spying on each and everybody and infiltrating everything. So now they distrust everybody and (rightfully) are asking for the source.
The result will be that they then will have the source and will do their own improvement and not coming back for more. This basically means that they can do one more deal by selling the software and then they will start selling the software themselves (including the backdoors)
So the wise thing would be NOT to sell anything. However if just one company will sell, they are all lost.
I am not even worried about the backdoor, because that was in there already.
The next will be that they ask the source code for other software as well (Microsoft anybody?)
Don't fight for your country, if your country does not fight for you.
Refuse and have the rest of us as your costumers.
Just tell me whom to trust and whom to not.
They want the source code and backdoors written in? Why not write your own backdoors?
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Now that we know how YOU do things we can steal what we want from the code giving ourselves a boost, and hand off the code to our military cyber warfare equivalent and figure out how to fuck your banks/stock market/whatever else we can get in to. Sounds like we'll be selling the rope to get hung by to me.
Then the US at least should enact a law saying that US banks can only use any software with source released to Chinese authorities when that source has been released to the public, and that there can be no backdoors whatsoever, and that they can only enter into transactions with banks using software without backdoors. Yeah, right, I can see the NSA going along with that...
Is this good for open source software? The source is available and China can do whatever they want...
Sorry, but am I meant to believe the US government doesn't also insist on backdoors?
Because they pretty blatantly want backdoors in crypto and everything else.
So let's not pretend it's just China doing this ... every damned government is insisting on this crap.
And, really:
Boo frickin' hoo. You think China gives a crap about a stern letter from the US Chamber of Commerce? Or that they care if you have access to their markets?
Other than that's the only way they can keep expanding indefinitely, what makes corporations feel like they're entitled to be in any market?
I'm betting a bunch of the companies involved in this collective hand-wringing are already enabling the US government to have access through other backdoors -- so don't pretend it's even more terrible when China does it.
If America is so concerned about backdoors and exploits in Chinese made products ... make 'em yourselves.
American companies need to stop acting like they can tell countries where they do business what they're willing to do. Suck it up, you want access to the market you play by the rules. Just like they would have to do to do business in the US.
I hear this crap and I just hear "Waaah, how are we to make a profit if you impose rules on us, woe is us, how will be maximize executive bonuses if there are rules?"
Lost at C:>. Found at C.
China mart AKA walmart will press the US GOV to have us to play along and let them move there IT to china as well (we can suck up more walmart welfare for the displaced workers)
Only a matter of time until the source is leaked and people can simply open up backdoor.c and have fun with that.
doing business with the PRC is a One-Way street, they'll absorb your technology, your techniques and your skills and will saturate your markets to kill off your own industries. We're in a war folks, it's time people woke up to that fact and stopped treating the Chinese Government as friendly.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
China can ask for the source, but I don't see any US firm agreeing. They certainly wouldn't care about China-only builds having back-doors; that I'm sure they'd agree to. But giving up the source? No way. If they do that, they know that the code will quickly be incorporated into products from Chinese companies and their sales will drop soon afterwards as the thieves sell their own versions for far less.
This is what their tireless spying and fight for control over everything inside and outside their own borders bring. At least China is open about what they are doing, while the U.S does it behind our backs.
As an old guy it reminds me of Kruschev's statement "they will sell us the rope with which they hang themselves."
I certainly wouldn't run any product of US origin, without its source code being public, and open to security audit. The US regime has shown itself to be a totalitarian Stasi state that tortures people, collaborates corruptly with private companies, and sponsors and supports terrorism.
This is a matter of how can you afford not to abandon China now?
China will steal and use your source code for their own products, they've aptly demonstrated that they don't give a single care to non-Chinese copyright and companies. Any company that builds in backdoors for the Chinese will have MASSIVE known security hole for everyone else to try and exploit, and you can confirm the backdoor because they're doing business in China.
How exactly can you not cut China off right now unless they want their companies to go under?
+1 to you for this sentence : "...what makes corporations feel like they're entitled to be in any market?"
If you dont like their rules or cant obey them dont go there.
All you ever see on any "China" related slashdot post is about how their rules are "wrong". If they are, they can fix them on their own without you constantly complaining they limit your profits.
Backdoors are there for everyone that finds them, not just those who requested them, i see major bank system hacks in the next few years.
Basically China is demanding that it too should get the same state-of-the-art technology that NSA already got stealthily.
Simple, split the code base... One for China, one for rest of the world...
The Chinese government isn't a notorious good developer. If they require back-doors then lots of people are going to walk into them - not just the Chinese government.
If all the vendors have to build these holes, then every bank in the world is going to be Swiss-cheese. Not only will exploits work in mainland China, they will also work elsewhere. Sure there can be 101-level checks (honeypots, bait, portwatching, traffic analytics) but that isn't going to stop APT from just walking away with the money, identities, or strategic transactions.
This sounds like as bad of an idea as the NSA collecting and storing all the data in the world. The data is never going to be abused - until it is. There is going to be no international repercussions - until there are. It isn't going to hurt - until it does. Unlike a doctors office, this isn't someone who allegedly swore a Hippocratic oath - these are politicians. Remember that every politician is just the larger shark in the pool - the one trait that is required for sustainability, altruism, is antithetical to the large-scale political success that puts them in power.
OSS stuff like Linux and xBSD is already out there, and they can build their own back doors. Microsoft already gives companies and governments access to the source code for its products. I guess the mainframe providers (IBM, Fujitsu, etc.) are the only ones left that this would affect. That, and the network device manufacturers...I could definitely see Huawei getting a boost by being the only network device manufacturer allowed to sell to Chinese banks.
I guess the question is why -- every country on earth spies on every other country and its own citizens. So, it's probably being done to boost domestic companies. One of the things that's really going to make China come out on top this century is their ability to do stuff like this...it's one of their greatest strengths. If they decide they want to do something, it's done with zero debate. Their big overarching project right now is a massive urbanization project -- just picking up millions of rural peasants and physically moving them to cities. Can you imagine the US or a European country trying something like that? It would never work, look how much people complain when a local government uses eminent domain to build a road or public works project.
The summary is right though - companies can't ignore China. There are billions of people and a huge growing middle class, all with the full will of their government pushing through whatever is needed. There are always possible bumps in the road, but I'm assuming China will be the dominant superpower in a couple of decades just because they can make stuff happen that we can't/won't.
Write different software for China and suggest to the rest of the world that they never use the Chinese version of the software.
Problem solved.
Be seeing you...
It's great news. Considering I'm still seething over the bailouts I love this. Anything to f*** the banks over is a good thing. Am I worried? No. The crook banksters will just have to pay double, if not triple, across the board for all their software. 1set backdoored for china lol, and one for the rest of the world.
Most people use the term “open source”, but don't realize that this is a mistake. While it might have been a good idea to attract business interests by untying freedom from the development model it has the negative effect of endorsing proprietary software and the inclusion thereof within otherwise Free Software projects. This has enabled companies to insert backdoors into mainstream commercial projects like Android with greater ease and compromise all of our security. Critical pieces of code are not being released that enable third parties (AMT in Intel CPUs) access to our systems/devices at a very low level. It's scary how little we know of what our devices are actually doing. I'm generally an advocate of Free Software, but don't take the position we should move everybody to 100% free software, as that too can hurt our goal. I do think we need to get more people to think about the hardware they utilize and wherever remotely possible to make better choices that respect our freedoms. If you haven't heard of the Free Software Foundation's effort to certify hardware you should check it out: fsf.org/ryf. It's not an absolute solution to privacy and security, but it's a good start. There are more significant commercial projects in the works that will add new computing devices, but only if the community helps fund them. Ask yourself this: Do you want to live in a world where the government and corporate interests have total control over your life? Because thats where we're heading.
Most companies can't afford to forgo a market? That isn't even internally logically consistent. Try "Most companies are evil enough to follow along".
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
Companies will just write two copies of their software: one for China and another for the rest of the world.
Oh, and the backdoors, here, can be made as secure as any account - just compile in a public key owned by China, and attach it to a default account. Unless you're not legally allowed, you get a good audit log of what China is doing, same as any other user.
...so that Chinese company can make the next version of the banking software
There are a number of Chinese companies who are prohibited from doing any business with the US governement, and USA actively pressures other countries from doing any business with them while promoting US alternatives; specifically, Huawei, ZTE, CNOOC, etc...
All have been prohibited from doing active business in the US because of unsubstantiated concerns about national security. China seems to be returning the favor.
One more reason to embrace encryption. This is yet, ONE MORE example of the complacency in the US in regards to privacy and/or security. People are generally lazy (and stupid) and concerned only about the fast buck.
Then if said company is selling to western banks, these should be avoided.
I prefer the "u" in honour as it seems to be missing these days.
Libraries and library systems are a major, long-term target of the security services and politicians. Those guys want to know if you read "Steal This Book", or in an older age, "Lady Chatterly's Lover", so they can blackmail you. The library community soon learned that it was smart to meet the most stringent privacy standards set by law. After all, you also can't afford to cheese off Germany and the EU and get tossed out of their market.
Countries who would prefer to have back-doors have a hard time making a case for them, as they don't want be seen publicly trying to convince a company to break a good law.
The same logic applied to all software: China has just encouraged all countries to demand open or at least auditable source, and builds that can be proven to be from those sources, so customers can be sure that the backdoors aren't in.
Smart customers will insists on open source, so they can check themselves.
davecb@spamcop.net
Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build âoeback doorsâ into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country.
Sounds like the US Government's policy, and I'm not even joking.
Comment removed based on user account deletion
Opening up business relations with China was the worst thing America (Nixon) ever did.
Really? banking software ?
Adding and subtracting currency, multiplying interest... beside encryption WTF a banking software has that could be view as trade secret ? even though, encryption should be open source with well understood algorithm.
Banking is an old profession, the methods are well know , and well regulated in many country, if they have trade secret it's in hidden algorithm developed to screw you or for some fraud to hide tax evasion and stuff, get it in the open for all to see!
"The bad news for us is that most companies can't afford to simply refuse the rules and write China off"
That's only because somebody somewhere will do what they want, and no company wants to lose business for not being unscrupulous weasels.
"Tech company announces murder for hire department so they don't lose business to the Mafia"
Any tech company that complies with these rules is shortsighted at best, and will be shooting themselves in the foot. I guarantee it will be the first and last version of your software sold to a Chinese bank because they'll take the source code and build on it themselves after that. Good luck with that.
Just raise your prices to include all source code. Tripple the price at least.
"The bad news for us is that most companies can't afford to simply refuse the rules and write China off."
Actually it is _very_ easy to just write of China. I've done this with unreasonable customers no matter how big they are. There are plenty of other customers who are reasonable. Just say no to totalitarianism.
But when it's not the US Gov doing it, the bad sides of the requirements become obvious....
Quickbooks is barely more than a website any more. If the software you sell them is just a dumb web browser to an HTML5 presentation layer: you kill 2 birds with one stone. IE. Piracy and IP protection.
Now when someone had modded it up I saw my regular mistake.
Customers.
I guess it's fairly obvious what I mean but it's such a shitty mistake but since I've always written it wrong.
Also there's also been the word consumers which I've wondered if the one above even existed.
Damnit. Couldn't they let consumers and customers start in the same way? Cunsomers? ;D
Sorry the Internet! Maybe it's all your fault for not letting the Nazis win! Kundschaft and Kostüm. That's more like it for a Swede!
And Their banks = Business interests?
Isn't this similar to what happened to Lenovo a while ago?
America covertly does it and China overtly does it.
Casteism