India Bars ZTE, Huawei, Others From Sensitive Government Projects 160
hypnosec writes "The Indian Government has decided it won't be using telecom equipment from international vendors, and has barred all such foreign companies from participating in the US$3.8 billion National Optical Fiber Network (NOFN) project — a project aimed at bringing high-speed Internet connectivity to the rural areas of India. The DoT has decided that it will be going ahead with 100 per cent domestic sourcing and has released a list of certified GPON suppliers. This decision comes after the research wing of the ministry, C-DoT, advised the telecom department to bar Chinese companies like ZTE and Huawei, keeping in line with a similar decision by the U.S. In an internal memo, the research body advised the department that both these Chinese companies are a security threat to the telecom world."
Re:Tinfoil Hats? (Score:5, Insightful)
I can understand the paranoia over buying equipment supplied by a company known to be tight with a foreign power you don't always get along with. But I also really wish someone would show some proof of something close to a security threat in one of these products before the whole world goes crazy about "OMG the Spies!!!"
There is tons of hardware by these companies available all over the world, and so far (to my knowledge) nobody has ever found any evidence of a back door, or any spying capability in any of it. And honestly, I don't see any reason to think that those companies are any more likely than any other company in the world to do that.
Re:Tinfoil Hats? (Score:5, Insightful)
The top three owners of ZTE are all members of the PLA. All three are high ranking officers. One of them is also believed to be a high ranking member of the Chinese equivalent of the CIA.
These men claim that their PLA association is past history and not relevant but they are all still ranking officers in the PLA. Maybe just maybe their ownership is related to the corruption of the PLA and communist party in general and that there is no real connection. The problem is that even if there is no involvement now, the PLA could direct intervention and backdoored firmwares.
I'd be surprised at any government stupid enough to put in place telecom equipment from a company owned by the military of a sovereign nation. You're probably at risk with any non native produced equipment BUT that risk goes up enormously if that foreign company is owned not only by the government of a foreign nation but the military of that nation.
Re:Tinfoil Hats? (Score:3, Insightful)
Duh (Score:3, Insightful)
"In an internal memo, the research body advised the department that both these Chinese companies are a security threat to the telecom world"
You mean becoming completely dependent on another country, a specific company, etc. for resources, especially defense critical resources, can be a 'security threat'? Really?
No shit. I know I left that clue bat laying around here somewhe....
Re:Tinfoil Hats? (Score:5, Insightful)
No, it's not racism. It's a legitimate concern, but it doesn't just apply to the chinese. Who's to say that Cisco/nortel/juniper et al don't also have backdoors in their firmware? Frankly, no western country has a right to bitch about chinese government abuse of civil liberties and police state paranoia when they themselves are doing the same things. I'm surprised the indian government isn't choosing to distrust western closed hardware as well. They should.
This is yet another reason why closed software sucks. There's no way to audit what's running on the hardware.
Re:if you can do the work at home, do it (Score:5, Insightful)
I rather like the idea of interdependence growing to the point where countries simply can't afford to have wars with one another, myself.
Re:Tinfoil Hats? (Score:4, Insightful)
Would India want a country it has been at war with rally doing their base to base to capitol optical links?
You do realize that most countries that do business today have at one time or another been at war with each other?
Re:Tinfoil Hats? (Score:3, Insightful)
Are you seriously suggesting that the PLA wouldn't hide secret functions in its gear?
I'm saying they didn't. There's a difference.
This is primarily a security decision, and if there is nationalism or protectionism at play AT ALL it is secondary to the real actual threat.
There is no threat, so secondary concerns become the only one when the "primary" is a farce.
You've posted similar fairy tales before, handwaving away legitimate security concern as racism. You realize that it's ridiculous to assert this, don't you?
Yes, it's ridiculous to look for proof before wasting billions spending money on other companies who may have the same or worse. With so many people looking at Huawei under a microscope, how do you think they'd get away with hidden back doors? It's improbable at best, and at this point, pretty much statistically impossible. How long until you admit you were wrong? 5 years? If there's no attack by China in 5 years, backed by Huawei transformers leaping from their networking gear, will you admit it then? 10 years? Or will it take 1000 years of no Huawei backdoors until you believe?
Re:if you can do the work at home, do it (Score:5, Insightful)
This was exactly the same argument made on the eve of WWI, that the world economy was too interdependent for war to be waged between the major powers. What happened afterwards is history.
My own take is that the nuclear deterrent is much more potent than any economic deterrent.
Just hire their engineers! (Score:3, Insightful)
Re:Tinfoil Hats? (Score:2, Insightful)
But if there isn't a good chance of a backdoor in their software, I'm a monkey's uncle.
A monkey's descendant, actually, according to Mr Darwin. There may well be backdoors of all kinds in SW; I don't think we need to be any more concerned about whether it comes from China or the US. Friendly nations are only friendly now, they may become less so in the future, and will quite likely have prepared for such a scenario in several ways.
Security by perfect code is just as illusory as security by obscurity; it is a kind of magical thinking. They can help slow down an enemy, but it isn't enough in any way. A better bet is to keep friend and foe where you can see them, and to make sure that your friendship is worth more than any alternative.
Aren't these companies partly owned by the People's Liberation Army?
No. The Chinese state may be involved in many enterprises, but the state is not the same as the army, and the army does not control the state. The picture is far more complex than you seem to think - the Chinese is no more one monolithic entity where all parts are in perfect lockstep, than the American 'state' of states; it wouldn't work in any other way - the national government rules over provincial governments, who rule over lower level, local governments etc. The higher level governments often have surprisingly little influence on the lower levels. Some companies are owned by government institutions at some level, but many are privately owned, and many private business people more or less 'own' their local government.
What we should worry about in China (and anywhere) is not the national government, but the foul taint of corruption that springs from unelected, private business owners, who have far too much influence. If you think about it, when we hear about the appalling working conditions in some Chinese factories, this is exactly what is going on: rich people - capitalists, if you will - who treat their workers worse than animals and use their wealth to buy influence and pay off the police.
The Chinese national government are trying very hard to get to grips with this problem, because it is vital for China's future. No one wants to do business in any sense with somebody that you can't trust, and you can't trust a system that is rotten with corruption and crime.
Re:Tinfoil Hats? (Score:4, Insightful)