Chinese Agency Linked To Cyber-Espionage Operations Will Review Source Code of Foreign Firms (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Chinese Agency Linked To Cyber-Espionage Operations Will Review Source Code of Foreign Firms (bleepingcomputer.com)

Posted by msmash on Friday September 1, 2017 @08:50AM from the growing-concern dept.

An anonymous reader shares a report: According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China's nation-state cyber-espionage campaigns. China's new cyber-security law (CSL) gives the China Information Technology Evaluation Center (CNITSEC) the legal power to conduct "national security reviews" of foreign companies that want to activate on the Chinese market. According to articles in the CSL, this also includes the power to request access to any app or service's source code. Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.

16 of 62 comments (clear)

Min score:

Reason:

Sort:

Listen up software companies by LeftCoastThinker · 2017-09-01 08:55 · Score: 3, Insightful

Bend over and prepare to have your software stolen by the world's number one IP rights violator.
I hope the Trump administration starts putting real teeth in pushback against this kind of crap. As in blanket embargo on all goods imported from China until they start respecting our IP and stop manipulating their currency... I would be happy to buy lifetime guarantee products from the US instead of the chicom trash that stocks most department store shelves.

--
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
1. Re:Listen up software companies by ShanghaiBill · 2017-09-01 08:59 · Score: 4, Insightful
  
  I would be happy to buy lifetime guarantee products from the US instead of the chicom trash
  I would be happy to buy products with open source, regardless of where they are manufactured.
2. Re:Listen up software companies by Swave+An+deBwoner · 2017-09-01 09:10 · Score: 4, Informative
  
  Doing so would entail substantial financial risk for the Trump business conglomerate:
  
  https://www.bloomberg.com/news/articles/2016-12-02/ivanka-trump-s-china-sewn-line-turns-profit-at-a-political-cost
  
  http://www.businessinsider.com/ivanka-trump-clothing-line-made-in-china-hong-kong-2017-2
3. Re:Listen up software companies by LeftCoastThinker · 2017-09-01 09:36 · Score: 3, Insightful
  
  Not really. Get back to me when source code for software starts walking out the back door of the NSA and starts being sold legally with no recourse under a different brand name in the US. Because that is what we are talking about in China.
  "Get your Wandows 10 here, $10 per license for unlimited use and resale. The same exact thing as Windows 10 at a fraction of the price. Only slightly pirated."
  
  --
  If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
4. Re:Listen up software companies by ShanghaiBill · 2017-09-01 09:56 · Score: 3, Insightful
  
  Last time I checked, Hong Kong was a limited democracy form of government and not part of mainland China.
  Check again. Things changed in 1997.
  Also, when you buy clothes "from Hong Kong", that means they are shipped through HK, not made there.
5. Re:Listen up software companies by AmiMoJo · 2017-09-01 09:57 · Score: 2
  
  I seem to recall the NSA had some kind of leak a few years ago. Windows is massively pirated in the West already.
  In any case, I think you vastly overestimate the value of Windows source code.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:Listen up software companies by ShanghaiBill · 2017-09-01 09:59 · Score: 2
  
  Almost every company that bitches about their product being stolen by the Chinese never bothered to patent it IN CHINA.
  That is not what most of them are bitching about. They are complaining when that Chinese company starts exporting to America.
7. Re:Listen up software companies by Penguinisto · 2017-09-01 10:23 · Score: 4, Insightful
  
  This, right here. If its open source, there's nothing to try and steal.
  I am curious, though - what's to stop companies from telling China to piss off, and instead "activate" in India, Vietnam, Taiwan ("...because fuck you Beijing, that's why"), etc... It's not like China has a monopoly on cheap labor (or even on untapped markets...)
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
8. Re:Listen up software companies by Sassinak · 2017-09-01 10:40 · Score: 2
  
  You do realize that they don't manipulate their currency right?.. that has been proven many MANY times over.
  And its not a matter of respecting IP that's the issue.. The larger cause for concern is basically an espionage group having the ability to review and possibly steal/alter code. IP is stolen all the time.. (from everyone)..
  And a blanket embargo won't do anything other than make the local citizens hurt.. (its not like wages rise as fast as COL).. And salaries have been depressed for the last 30 years.
  
  --
  God made the Idiot for practice, and then He made the School Board -- Mark Twain Look for http://Thebar.steelbeachca
9. Re:Listen up software companies by Knightman · 2017-09-01 11:17 · Score: 3, Interesting
  
  You are aware that the US economy only functions because of China, right?
  China owns about $1.1 trillion of the US debt, Japan about as much too, in total about 11% of the total US national debt.
  A majority of the consumer goods imported to the US comes from China, an embargo will make a huge impact on the economy and getting into a pissing contest with China will mostly hurt the US badly.
  
  --
  --- Reality doesn't care about your opinions, it happens anyway and if you are in the way you'll get squished.
Start with Microsoft Windows 10 Telemetry . . . by PolygamousRanchKid+ · 2017-09-01 09:13 · Score: 2

Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.
Isn't that the whole purpose of what Microsoft Windows 10 Telemetry does . . . ?
Maybe the Chinese authorities have a deal with Microsoft, so that Microsoft collects the data on Chinese users and sends it directly to Chinese authorities' servers . . . ?
Maybe the Chinese authorities have a deal with Microsoft, so that Microsoft collects the data on US users and sends it directly to Chinese authorities' servers . . . ?

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
1. Re:Start with Microsoft Windows 10 Telemetry . . . by Bruce+Perens · 2017-09-01 09:32 · Score: 2
  
  It would not be treason unless the information revealed was defense secrets of the country. Not what web sites people are looking at. And even then, it would probably be espionage rather than treason unless we happened to be at war with China at the time.
  It is not inconceivable that Microsoft could be providing information to China on the behavior of US consumers, without breaking any US law.
  
  --
  Bruce Perens.
Hong Kong: part of China by XXongo · 2017-09-01 09:42 · Score: 3, Insightful

Huh... Last time I checked, Hong Kong was a limited democracy form of government and not part of mainland China.
Right on the first part (with the "limited" the key word here), but it's been part of mainland China since 1997.
http://www.bbc.com/news/world-asia-china-40426827
Read between the lines. by Gravis+Zero · 2017-09-01 09:45 · Score: 4, Insightful

Chinese authorities say this is to protect citizens by searching the source code of foreign companies for secret mechanisms that collect data on Chinese users and send it to foreign servers.

What they really want is for the mechanisms to be on Chinese servers so that they can have access to all your information on their own citizens, lest one of them have some wrongthink.

--
Anons need not reply. Questions end with a question mark.
So, status quo, huh? by JohnFen · 2017-09-01 10:26 · Score: 2

Russia and the US have had requirements like that for years now. China's a late-comer to this game.
Code Review To Find Exploits by mentil · 2017-09-01 17:11 · Score: 2

The source code is being reviewed by the state cyberwarfare division? Sounds like they're scouring the code to find exploits they can use to attack enemies/spy on everyone.

--
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.