India, China Try Import Regulations As Security Tools 108
Posted
by
timothy
from the you-can't-enter-our-theme-park dept.
from the you-can't-enter-our-theme-park dept.
An anonymous reader writes "The Register reports that the Chinese government is forcing vendors to cough up the source code to their encryption alogrithms before they can sell their equipment to the Chinese government. The EU doesn't seem to like it, but if I were in their position I'd want the same thing."
China's biggest neighbor goes further; another anonymous reader writes "Telco equipment from China could have spyware that gives access to telcom networks in India. The Indian government has officially told mobile operators not to import any equipment manufactured by Chinese vendors, including Huawei and ZTE. The ban order follows concerns raised by the Home Ministry that telecom equipment from some countries could have spyware or malware that gives intelligence agencies across the border access to telecom networks in India. The biggest gainers from the move could be Ericsson, Nokia, and Siemens, which have been losing market share to aggressive Chinese equipment-makers in India."
Re:Trust (Score:3, Interesting)
I could just as well see it as a progression reflecting increasing levels of economic interdependence. Granted, economic interdependence isn't quite the same thing as trust - it's more substantial; it's trust expressed through actions.
Re:Copying (Score:5, Interesting)
For that matter, how the heck does giving someone the source code (controlling software, drivers, encryption, backup algorithms, etc) equate with giving them blueprints for your hardware?
Mindless Chinabashing at its best.
This really can be a problem (Score:5, Interesting)
One project we had worked on was encrypted cell phones for gov use. Our customers were only interested in a solution that was top to bottom US made from cleared companies. The chipset, OS, drivers, etc, were all built in the US, so there was no issue of "back doors"
I also heard rumors at one point about some contractor actually finding mal-ware type SW embedded in the firmware of Lenovo laptops that could sort of call home to momma. I've never seen Lenovo boxes around after that.
I think these issues are going to be bigger than just a single point in the infrastructure chain. With so much cyber activity going on, I think many countries are going to face the same sort of issue India is trying to prevent.
Actually it's security as an import regulation (Score:4, Interesting)
Re:The future... (Score:5, Interesting)
see conditions begin to favor agile, much smaller businesses that can efficiently produce most important things at home
I tend to disagree; while conditions may differ elsewhere, our Supreme Court's transformation of corporations into super-citizens will in fact encourage corporations to become ever bigger so as to ever better afford the purchase of both political advertising and politicians. Given enough political control, a corporation can simply and effectively modify the rules of the game to make "doing business" prohibitively expensive or complex unless you are already of sufficient size.
And they will do that; the important thing to remember is that our corporations have grown themselves to the size that they are now for the competitive advantage that size provides in the pursuit of profit; they do not, in fact, like competition, and size provides more and better opportunities to eliminate competition.
lolll...ask Wal*Mart.
India's isn't about Trust. (Score:4, Interesting)
I think India isn't doing the restrictions for Trust or Security reasons. Their politicians couldn't care less. For the right price, they will sell you a state or two.
It probably has more to do with keeping knock off China phones off the markets to keep the big corps happy. In India, there is rampant import of Chinese knockoff phones. An HTC becomes a HIC. They add a little line at the bottom and cut the price from $400 to $50. I kid you not. Quality control is an issue, but if you have the right connections, that won't be a problem. The phone is from the same factory that makes the name brand, its the same materials, same machines, and same people. Just the 3rd shift of lineman and it doesn't go through QC before shipment.
So for sometime, the India government has been pressured to put a stop to this import. They haven't been very successful but that doesn't mean they don't look like they are trying. Exactly how do you stop 50 individually owned stores stuffed into an area the size of a CVS from selling the same stuff to a population that creates a massive amount of demand but isn't willing to pay like credit based Americans are. Not to mention your enforcement divisions are willing to look the other way for a dollar of that $50 sale. Additionally, the worst offenders are the politicians and those connected to them.
Re:The only encryption algorithms worth a damn (Score:5, Interesting)
No, it's actually quote logical. You see, for Western countries, China is a nominally communist "bad guy" that conveniently serves as an example of what the opposite of their idea of "freedom" would be. In practice, they're too distant for this to cause any change in behaviour, and buying their cheap products seems to keep the plebs happy. OTOH, India and China are highly populous nuclear armed mega-countries that share a disputed land border (see Arunachal Pradesh) - that warrants a degree of caution when dealing with each other.
Re:I would want this too (Score:3, Interesting)
Not just backdoors, i have seen implementations of encryption with serious weaknesses...
I saw a commercial encryption product which used an off the shelf 128-bit AES implementation (and their marketing literature made a big point of saying it used AES), but due to the way it derived a key from your entered passphrase there were only 2^21 possible keys making it trivially easy to brute force.
Another package i saw used OpenSSL to handle encryption, which seems sensible - use a known good set of algorithms... Only they initialized a pseudo-random generator with a static value...