The US Bans Huawei, ZTE Telecommunications Equipment Sales Over Chinese Spying Fears (cnn.com) 74
The U.S. government "has banned approvals of new telecommunications equipment from China's Huawei Technologies and ZTE," reports CNN, "because they pose 'an unacceptable risk' to US national security."
The U.S. Federal Communications Commission said on Friday it had adopted the final rules, which also bar the sale or import of equipment made by China's surveillance equipment maker Dahua Technology, video surveillance firm Hangzhou Hikvision Digital Technology and telecoms firm Hytera Communications.
The move represents Washington's latest crackdown on the Chinese tech giants amid fears that Beijing could use Chinese tech companies to spy on Americans.
"These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications," FCC Chairwoman Jessica Rosenworcel said in a statement.
The move represents Washington's latest crackdown on the Chinese tech giants amid fears that Beijing could use Chinese tech companies to spy on Americans.
"These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications," FCC Chairwoman Jessica Rosenworcel said in a statement.
Direct link (Score:3)
https://docs.fcc.gov/public/at... [fcc.gov]
They're not wrong (Score:5, Insightful)
We should be developing our own home-grown comms equipment, and the government should further be creating its own firmware for those devices that's out of the hands of the vendors. And they should be based on our own ICs and other components. We can do eet! And there's no reasonable argument against it given the size of our economy, and our military.
Re: (Score:2)
Why not just open source everything?! You prefer to isolate yourself from the rest of the human race?!
You're confusing the purposes of open source and open standards.
Re: (Score:2)
No: we are talking about malicious software/hardware here... get it?
I don't get what you're trying to say then, no. There are good reasons to have software that isn't identical to everyone else's.
Re: (Score:2)
Hardware that isn't locked to secret vendor firmware and you that can customize with your own software is the original point of Free software. GPL has been revised multiple times in order to approach that goal, it's a real battle that I don't think FSF will ever win.
Re: (Score:2)
Oh yeah, I'm in favor of that stuff in general, especially for anything that falls into consumers' hands. I take for granted that I don't get to know what's slipped into communications infrastructure.
Re: (Score:2)
Re:They're not wrong[, the game IS crooked] (Score:2)
If they're not wrong, are they confessing America's incompetence and inability to compete? Or just a reflection of the unequal playing field?
Or to put it optimistically: It's not that we cannot analyze their devices to find the security problems or monitor the devices to detect suspicious activities. It's just that they don't have to explicitly ban American devices to keep them out of China. On this optimistic theory, our explicit ban should really be justified by their secret ban?
But I am inclined to think
Re: (Score:2)
they don't have to explicitly ban American devices to keep them out of China.
That's because China knows that this kind of spying is real, both because it's been done to them and because they've done it. It should surprise no one.
Re: (Score:2)
I forgot to mention that aspect. Blinded by too much optimism (again). I sure would like to believe that secure devices and software are possible, but...
New (and tangentially related) thought from one of Kurzweil's books about AI and human minds: Bugs represent and implement the insanity in software-driven computers. Based on an old thought: Everyone is crazy, but the craziest people are the ones who think they are sane and everyone else is nuts. (This also explains why the Culture's minds tend to nuttiness
Re: (Score:1)
We should be developing our own home-grown comms equipment, and the government should further be creating its own firmware for those devices that's out of the hands of the vendors. And they should be based on our own ICs and other components. We can do eet! And there's no reasonable argument against it given the size of our economy, and our military.
We ARE developing our own equipment. Ever heard of Cisco Systems, Motorola, Verizon and Google?
Re: (Score:2)
Well, we were. But I remember a reading on Slashdot a couple of years ago about CISCO gear being imported from China (and coming with pre-installed malware).
That said, modern chip foundries are so expensive that there are, I think, only a couple of leading edge factories in the world. (But why not build the next one in Texas. OTOH, it needs to sell to a world market to be successful, so don't be an unreliable supplier.)
Re: (Score:1)
Well, we were. But I remember a reading on Slashdot a couple of years ago about CISCO gear being imported from China (and coming with pre-installed malware).
That said, modern chip foundries are so expensive that there are, I think, only a couple of leading edge factories in the world. (But why not build the next one in Texas. OTOH, it needs to sell to a world market to be successful, so don't be an unreliable supplier.)
Huawei started by reverse-engineering Cisco switches and peddling the cheap copies for a fraction of the original price. Cisco is still designing network equipment, second to none. Cisco's problem is that they're too expensive, not that they don't have technology.
As for the insanely expensive foundries, some are being built:
TSMC in AZ [9to5mac.com]
It's not Texas, but is close.
Re: (Score:2)
Huawei started by reverse-engineering Cisco switches and peddling the cheap copies for a fraction of the original price. Cisco is still designing network equipment, second to none. Cisco's problem is that they're too expensive, not that they don't have technology.
One of our customers brought in a Huawei chassis router. They paid me to configure it for them. The firmware was a poorly-edited Cisco 6500 firmware (they didn't even successfully clear out all the references). I'm assuming the hardware was off-the-back-of-the-truck Cisco boards.
It was pretty amusing at the time (~2012-ish probably?)
At that juncture at least, the idea that Huawei could possibly be a threat was pretty laughable. I haven't seen any of their newer equipment, though.
Re: (Score:2)
If we are so afraid of the Chinese, why doesn't the US government have their won version of the Great Firewall of China to simply block traffic to China? I mean it's pretty simple. Even if you get a tainted device into your network, if it has no means to communicate to its command and control, it's just a device. The way I see it, we're afraid of these devices because ultimately they are nicer and cheaper and American made products can't compete on function or price.
Much easier to sell the big scary boggey
Have our cake and eat it too (Score:2)
We want their money, but we don't want them flying drones in restricted airspace or hack our infrastructure or perform state funded industrial espionage.
We should be scared of China, that's rational behavior. One because they are so ambitious and on the offensive against the West. And two because our shit really does stink and we aren't going to stay ahead of China for much longer. Their economy moving ahead and dominating the world wouldn't be such a problem if the CCP shared our values, but they clearly d
Re: (Score:2)
American networking gear is second-to-none.
I've been a professional network engineer (senior level, now) for just over 16 years.
I have thousands of hours using Ciscos, Junipers, Adtrans (Now Nokia), and Aristas.
During this time, I got to play with the occasional oddball pile of shit Huawei or ZTE.
For shits and giggles, I tabulated MAC OUIs across a few of my peering points in North America (~1000 peers, including all the major content and eyeball networks).
Juniper:
Re: (Score:2)
Now do 5G or mobile
Obviously, I cannot speak to the access-layer, but I do peer with every large mobile provider on the planet. They're not using Huawei there.
Parent's argument was:
The way I see it, we're afraid of these devices because ultimately they are nicer and cheaper and American made products can't compete on function or price.
This is demonstrably false at the Autonomous System level, so I'm left with no reason to believe it's true at the access-level, either.
Huawei does make cheap gear, but at the AS router level, you really, really, really get what you pay for (which is why nobody is using them)
Can't think of any reason to think that their access-level stuff isn't
Re: (Score:2)
US companies are dominant in the traffic forwarding space, so I don't really get what you're trying to say.
Balance of payments (Score:3)
Re: Balance of payments (Score:1)
Re: (Score:1)
That is one way to improve our balance of payments with China. What next, smart TVs? They are virtually everywhere, and it seems quite possible to find spyware in them. You could use them to listen in to homes, businesses, and who knows what else.
How many people would you need to listen to random people's TV sets? Most of the "gain" would be things like "darling, can you fetch me another Bud from the fridge". That is why Amazon Alexa has failed: it required real people to listen and react. There was not much AI about Alexa. That's why Alexa has lost $10G.
Re: Balance of payments (Score:2)
I'm sure the same computers that can create original art and music and drag 9-dan Go masters up and down the court will be of no use whatsoever in solving this problem in the future.
Re: (Score:2)
In the future, yes. But how far in the future? You're going to need lots of local preprocessing to make the communication level acceptable.
So sometime late in the decade that will be a real problem. Right now the problem is targeted spying. Or spying on data that's already been preprocessed.
Re: (Score:1)
In the future, yes. But how far in the future?
Tomorrow is the first day of the future.
Re: (Score:2)
After that, it's just transmitting the text back somewhere for more complicated model AI crunching.
Re: (Score:2)
Well, Alexa and Siri seem to be evidence that you're correct, but that seems a lot to add to an ordinary TV. (OTOH, I haven't bought a TV in the last couple of decades.)
Re: (Score:2)
It's not a new TV, either. I imagine all new models have some kind of "AI Voice Assistant".
Like I said, it's so computationally cheap to do it (the trained ML models run very well on cheap INT8 accelerators) that there really isn't any reason not to implement them.
Re: (Score:2)
That is one way to improve our balance of payments with China.
What's the point? If they want to send us real goods in exchange for paper, why complain?
Re: (Score:2)
It's all about protecting US corporations from competition, can't have free market forces lowering prices and profits can we.
The USA is also big on spying on people, and they have been caught multiple times.
Re: (Score:2)
Yea spyware in your TV, real scary stuff. What are they going to do, listen to conversations you have with your wife over what to watch on Netflix? It seems so low value that is might not be worth the bandwidth necessary to process the audio.
I would think that devices for attacking the US would focus on government, military, and infrastructure. What you propose above is easy to defend against, don't let Senators keep smart TVs in their home. We already have restrictions on the phones that government employe
Meanwhile, every kid has Tictoc on their phone... (Score:2)
Nope.. (Score:2, Interesting)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
The US doesn't have to prove anything to you or anyone else.
If US voters don't like it they can vote differently.
Re: (Score:2)
Re: (Score:1)
That would be sharing intelligence info with other countries' leadership.
That may or may not have happened. There may or may not be such intelligence info. I'm not privy and doubt anyone else here is either.
They do not have anything to prove to random internet non-US citizen jackasses at all, ever, for any reason.
But I would reasonably safely assume that if such info did exist, given previous sharing of far more sensitive info, not only have we already shared it but other countries' intelligence agencies w
Re: (Score:1)
Uh wut? I wouldn't normally respond to AC one liner babble but this is too good.
Please explain what Trump has to do with the Biden admin blocking big Chinese tech companies.
Re: (Score:2)
In the age of ballistic missiles with fusion multiple independently targeted warheads with active countermeasures, you bet your fucking ass the first few players in that club were going to prevent everyone else from joining.
The US isn't the only party ensuring non-proliferation compliance. China, Russia, UK, and France are all on the same page.
That particular issue is a hegemony of the world's nuclear armed powers, not the US alone.
Re: (Score:2)
I guess you forget the US retreated from the treaty back in 2019. And it's the US that bullies the other countries much more publicly
BTW, it doesn't mean I'm all for countries like North Korea or Iran having nuclear weapons, far from it, but I do think the country with the biggest mouth should show they are committed to a non nuclear weapon world before pointing fingers at others.
Re: (Score:2)
I guess you forget the US retreated from the treaty back in 2019.
No, the US did no such thing.
You are thinking of the INF treaty, not the NPT (non-proliferation)
Re: (Score:2)
It's an interesting article, but it focuses on politics. It doesn't discuss whether the concerns are reasonable...except from Huawei's point of view. And Huawei's concerns are clearly reasonable.
Home use, also (Score:5, Interesting)
Re: (Score:2)
I disagree. I'm not a military contractor, just a home-owner, so I'd actually rather be spied on by the Chinese than by Five-Eyes. China won't care about my porn choices or tax evasion.
You can be sure China does not allow NSA-infected Cisco equipment in any sensitive areas.
Re: (Score:2)
> You can be sure China does not allow NSA-infected Cisco equipment in any sensitive areas.
Huawei is a Cisco clone, China does not need Cisco as Huawei takes that role. I think in the current state of network gear, no one needs Cisco anymore.
Re: (Score:2)
I think in the current state of network gear, no one needs Cisco anymore.
Yup, we do.
I'm a Senior Network Engineer for a western hemisphere regional ISP.
We're constantly labbing alternatives to Cisco and Juniper, but really, ultimately, your edges are all still Cisco and Juniper today.
Smaller networks can get away with other solutions, but nobody big can.
The internet BGP table is too fucking big, filtering requirements are getting too fucking complex, and intra-AS circuit transport protocols still don't have a reasonable answer to MPLS, no matter what anyone tells you about
Re: (Score:2)
I've been balls deep in the firmware of every single home router I've touched. The Chinese aren't putting any more nefarious shit in their little barely-modified broadcom copy-pasta jobs than anyone else.
I've directly worked with 6 different vendors to fix security vulnerabilities in their firmwares, and the Chinese are about as good as the American companies at this- which is to say fucking terrible.
If security is an actual concern of yours, learn to u
new rules? (Score:1)
So, just continuing the previous guys efforts.
Re: (Score:2)
These companies/products have been banned for Government use for years, and for many government contractors too. This part where the FCC will not approve new equipment for use in the US at all is new.
Living in Venezuela everyone spies on you (Score:2)
If we buy Cisco, Ericsson or Nokia, the five eyes spy on us.
If we buy Kaspersky, we are spyed by Russia's FSB.
If we buy ZTE or Huawei's we get spied by China's PLA.
Since being spied is par for course... What to do?
Well, you ask the customer who do they preffer that spies on them (for instance, our govt. heavily leans on being spied by Russian and China than to being spied by Five Eyes, meanwhile, a big chunk of the private sector preffers being spied by the Five Eyes).
If they have no prefference whatsoever,
Re: (Score:2)
Since being spied is par for course... What to do?
The answer is and always has been open source.
Re: (Score:2)
If we buy Cisco, Ericsson or Nokia, the five eyes spy on us.
No, they're not.
If we buy Kaspersky, we are spyed by Russia's FSB.
No experience there.
If we buy ZTE or Huawei's we get spied by China's PLA.
No, they're not.
I've been an embedded engineer, a professional security researcher (after a couple of public CVEs, the headhunters came running), I've been a software engineer, and I've been a network engineer.
I work with big iron networking gear on a daily basis. Nobody is spying on you. No Cisco or any other device are shipping off your traffic encapsulated to some black datacenter in China, Bletchley, or Fort Meade.
That being said, from a policy perspective, I do
Re: (Score:2)
If we buy Cisco, Ericsson or Nokia, the five eyes spy on us.
No, they're not.
Edward Snowden would like to enter the chat.
If we buy Kaspersky, we are spyed by Russia's FSB.
No experience there.
Me neither, but that's what the USoA govt is saying.
If we buy ZTE or Huawei's we get spied by China's PLA.
No, they're not.
Movistar Venezuela (a wholy owned subsidiary of Telefonica-Movistar Spain) would like to enter the chat (they found something in 38.2 seconds).
I've been an embedded engineer, a professional security researcher (after a couple of public CVEs, the headhunters came running), I've been a software engineer, and I've been a network engineer.
Good for you, I coudl list my credentials myself, but "in the Internet no one knonws if you are a dog" ;-)
That being said, from a policy perspective, I don't know if I trust that Huawei couldn't be forced to inject some kind of capacity into their gear that they ship abroad... But I can also say we'd find it in 38.2 seconds.
Paraphrasing Rice and Trout: "the perception in the mind of the objective customer is the reality". If the Venezuelan Govt is convinced that the five eyes are spying o
Re: (Score:2)
Edward Snowden would like to enter the chat.
Stop being stupid.
Edward Snowden has nothing to do with this.
Movistar Venezuela (a wholy owned subsidiary of Telefonica-Movistar Spain) would like to enter the chat (they found something in 38.2 seconds).
lol.
Na. Movistar claimed the Venezuelan government forced them to spy on their customers, not that there was Chinese spyware on their gear.
Good for you, I coudl list my credentials myself, but "in the Internet no one knonws if you are a dog" ;-)
That's because you have none. People with real credentials aren't full of shit.
Paraphrasing Rice and Trout: "the perception in the mind of the objective customer is the reality". If the Venezuelan Govt is convinced that the five eyes are spying on the via backdoors in the Cisco Gear, they'll demand Huawei and ZTE. And if a private company is convinced that the PLA is helping the Venezuelan Govt to spy on them via backdoors in Huawei/ZTE/Inspur kit, they'll demand Cisco/HPE Kit, is that simple.
You're unhinged.
I can agree with that statement.
That's good, because unlike you're fever-pitched dreams, that is actually what Snowden's whistleblowing showed.
Re: (Score:2)
Edward Snowden would like to enter the chat.
Stop being stupid.
Edward Snowden has nothing to do with this.
For an Infosec superstar, you seem very unable to handle a thesaurus. At least try to be more subtle with your ad-hominems, it makes you look bad.
Movistar Venezuela (a wholy owned subsidiary of Telefonica-Movistar Spain) would like to enter the chat (they found something in 38.2 seconds).
lol.
Na. Movistar claimed the Venezuelan government forced them to spy on their customers, not that there was Chinese spyware on their gear.
Yes, in their transparency report of 2022 Movistar indicated that the Venezuelan govt (our govt) forced them to spy on their citizens (us, me included). That is very recent and very publicly known...
I was alluding to an inciden
Re: (Score:2)
For an Infosec superstar, you seem very unable to handle a thesaurus. At least try to be more subtle with your ad-hominems, it makes you look bad.
I don't see any good reason to church up the label. Perhaps you have confused me with someone who tries to be diplomatic in the face of conspiracy theorists.
I was alluding to an incident in the early '10s when a very important (one might say core) piece of equipment of the 3G NW was found calling home to China at regular intervals.
We can unpack this in good faith if you like.
First, I'll need a citation.
However, what I can say, is that network gear "calling home" is not weird, and is not evidence of malfeasance.
Actually, I do have credentials, but I try not to brag, my credentials are scatered around my comment history, if interested. Nonetheless, let me list two: I am an electronics engineer, with an MBA. Remember the MBA part, as it comes in Handy for the next point:
Electronics engineer is not a credential that is relevant in this field.
The implication was not that you're unhinged because a quote by "Rice and Trout" existed.
The imp
So what IP cameras can I buy? (Score:2)
So if I can't buy Dahua or Hikvision IP cameras, which ones can I buy? It seems most of the cameras out there come from these companies. When searching for US made IP Cameras, many websites list "American" companies, but they are selling rebranded Chinese stuff. It appears Pelco and Ubiquiti sell US made stuff (or at least have made statements that they are compliant with the National Defense Authorization Act), but Ubiquiti cameras are 3-5 times as expensive as the Dahua / Hikvision cameras and can't reall
Re: (Score:2)
So if I can't buy Dahua or Hikvision IP cameras, which ones can I buy?
Any cameras made abroad (china included) that are NOT rebrands of Dahua/Hikvision... Unless you are hell-bent on getting USoA made cameras.
Re: (Score:2)
So if I can't buy Dahua or Hikvision IP cameras, which ones can I buy?
Any cameras made abroad (china included) that are NOT rebrands of Dahua/Hikvision... Unless you are hell-bent on getting USoA made cameras.
Not necessarily set on 'murica cameras, but looking for easier ways to determine which cameras are not Dahua/Hikvision or their rebrands. Short of looking at product images from the Dahua/Hikvision websites and then looking for similar pictures / case styles of other products (and of course short of just buying something and seeing what it really is), it seems kind of hard to know when browsing, who really makes something.
sure would like some evidence (Score:1)
I have no doubt that the Chinese government _could_ force backdoors into hardware/software, but are they ?
It seems impossible that somebody, somewhere would not at some point find actual evidence of something funny going on, and once they did that would be the end of Huawei. It might very well be the end of Chinese semiconductors for anything other than transistors and simple logic gates.
You kind of have to get into CT territory in that they capability is not yet activated waiting for the "opportune moment"
Re: (Score:2)
And yet, theoretically, as we all know, you really can't even trust your compiler as Thompson famously wrote about
That's why you use a different compiler to compile your compiler.
Good. Now do TikTok (Score:1)