Forgot your password?
typodupeerror
Security Communications Encryption Government IT Your Rights Online

India, China Try Import Regulations As Security Tools 108

Posted by timothy
from the you-can't-enter-our-theme-park dept.
An anonymous reader writes "The Register reports that the Chinese government is forcing vendors to cough up the source code to their encryption alogrithms before they can sell their equipment to the Chinese government. The EU doesn't seem to like it, but if I were in their position I'd want the same thing." China's biggest neighbor goes further; another anonymous reader writes "Telco equipment from China could have spyware that gives access to telcom networks in India. The Indian government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India. The biggest gainers from the move could be Ericsson, Nokia, and Siemens, which have been losing market share to aggressive Chinese equipment-makers in India."
This discussion has been archived. No new comments can be posted.

India, China Try Import Regulations As Security Tools

Comments Filter:
  • "biggest neighbor"? (Score:2, Informative)

    by by (1706743) (1706744) on Thursday April 29, 2010 @03:59PM (#32035932)
    Isn't Russia China's biggest (at least by area) neighbor, not India?
  • TFA doesn't say that (Score:2, Informative)

    by Mr Otobor (1097177) on Thursday April 29, 2010 @04:03PM (#32035970)

    First off, TFA article doesn't mention source code; second, it quite explicitly says 'details are murky' and it is unclear what the PRC is asking for. At least as far as the article goes, that is what is said.

    Second, to some comments: Other countries already have various schemes in place for reviewing code (which doesn't preclude flaws or backdoors, intentional or not, from being included in compiled / embedded code...)

    India is saying what other countries fear, but since they are in China's backyard and vice versa, it's not surprising they're willing to go a little further and say it out loud as well as act on it. Also, as a bit of a reminder, India and China are as much --if not more so-- in competition than US/China/Europe: India has been trying to bolster it's sea power as it falls further behind China in that regard, China has close ties with Pakistan partially because Pakistan and India don't like each other particularly much, India is courting Afghanistan partially to offset Pakistan's power, etc. And let's not forget China and India have fought an actual war, albeit a fairly small one, and India lost and has never accepted the outcome.

  • by Anonymous Coward on Thursday April 29, 2010 @04:37PM (#32036474)

    ... signing them with a private key. That's enough to slip in some clever assembler routine that can be used as a backdoor, I'm guessing.

    Nope. Signed files are designed so that you can extract the original data minus the signature and calculate a hash on it. Otherwise you could never check the signature.

    And since you can extract the original data, you can compare it to your own build.

    Signing does not provide a backdoor.

  • by Mike McTernan (260224) on Thursday April 29, 2010 @04:38PM (#32036514) Homepage

    smart enough to make these idiot companies with closed-source encryption

    It's often overlooked that GSM development started in 1982. At that time computing power was a fraction of what it is now and DSPs, rather than dedicated logic used in today's chipsets, would be used for the first implementations of this new technology. Mobile phones are also very power sensitive devices - battery life is very important.

    So given these pressures, some corners had to be cut to make the system workable on the available technology. This lead to the A5 algorithms being both proprietary and somewhat lightweight given the limited computing resources in a mobile phone. Due to the huge success of GSM and the number of handsets out there, it rapidly becomes very difficult to change the standard in such a fundamental manner. 3G is one attempt to upgrade the GSM standards and brings in new ciphers based upon an existing published standard [espacenet.com], but even that has taken a long time to get traction and GSM is still very widely available.

    So to say these companies are idiots is somewhat ignorant of the historical practicalities required to make GSM a success.

  • Re:Copying (Score:2, Informative)

    by mwvdlee (775178) on Thursday April 29, 2010 @05:18PM (#32037096) Homepage

    China has a very bad track record when it comes to copyright protection and the production of knock-off products. It is true that software is only part of a product, but there's no need to make it any easier for them.
    Chinabashing it may be, but mindless it sadly is not.

  • by Chirs (87576) on Thursday April 29, 2010 @06:32PM (#32038008)

    It's hard to test a linux kernel build for instance, because it embeds the time of the kernel build (and other information) into the kernel binary itself.

"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison

Working...