I don't really see the fear mongering or problem here.
This executive order would forbid the government from purchasing and installing Telecom/Networking equipment that would be considered to have a higher than acceptable risk.
Given that China isn't exactly the most friendly nation to the US, and given Huawei is by nature, an extension of the Chinese Government, it's not unreasonable to assume China might at some point in the future (or already is) use Huawei to conduct electronic espionage against other nations.
Just like it wouldn't be unreasonable for China to forbid purchase and use of Cisco equipment within the Chinese government.
(We should also not forget or excuse Chinese IP theft which has enabled Huawei to produce competitive products in the first place...)
> (We should also not forget or excuse Chinese IP theft which has enabled Huawei to produce competitive products in the first place...)
I certainly can, because it would be hypocritical to be against Microsoft using IP rights as a bludgeon on Linux, Qualcomm on Apple, Oracle on Google, and then be upset with Huawei on anything but stealing trade secrets.
Patents have not helped the common man for at least a hundred years as companies have paid for dubious patents to bludgeon smaller competitors with. Copyrights have strangled the arts since Steamboat Willie and have prevented the public from deciding what stories they want to share.
Trademarks and Trade Secrets, however, seem mostly fine, as knowing the real origin of a product is a greater good for the public than letting copycats grift them, and being clever doing something should be rewarded but once it can be replicated, the competition heats up and again helps the general public with better quality goods and services.
You mean like the guy who invented the super soaker?
Or the guy who invented the aero press?
Or that time sears ripped off an inventor - and patents ensured they had to pay? [1] Or that other time when they misrepresented the value of a patent [2] - in that case the absence of the patent would mean there was nothing to have stolen.
Seriously, patents only really became terrible in the late 80s and 90s when the US gov. started allowing patents on what were functionally just concepts rather than actual inventions saying how something worked, and allowing patents on obvious uses of computers by virtue of "on a computer".
Patents on mechanical inventions are literally the only way for the "common man" to be able to make money off an invention. Without the patent rights:
* you have to be able to raise the capital to produce the device (corporations and the already rich have that - amazon was kept afloat solely because Bezos was already a billionaire).
* You have to price your device to pay off the capital expenditure, in addition to all the other costs
* You have to do that while also undercutting businesses that already have the manufacturing capacity to replicate your invention.
In the absence of patent protection on your invention you have little likelihood of recovering your investment as an individual.
Think of it this way: copyright says that copying something without/in contravention of a license is not legal, and so you can be sued. That allows things like linux to succeed - you can't make a product that uses it without contributing back. Patents are the same thing for inventions - someone doesn't get to copy your work (the act and work of inventing) without your consent.
> I certainly can, because it would be hypocritical to be against Microsoft using IP rights as a bludgeon on Linux, Qualcomm on Apple, Oracle on Google, and then be upset with Huawei on anything but stealing trade secrets.
There is a difference between developing technology and getting into a patent war vs wholesale copying of a product so completely that you actually duplicate the BUGS.
Yeah, Huawei did that and Cisco, rightfully, went after them and won. Of course, it didn't do a lot of good after the fact.
Copying a product to reproduce bugs as well is exactly what WINE is all about. When bugs are part of your interface for others to integrate with, then I don't believe they should be considered off limits to copy. Otherwise an incumbent company could intentionally put in bugs, sue competitors to prevent them from implementing them, and effectively take over an existing standard.
Huawei didn't copy to "interoperate", they literally fabbed the PCB's so that they were electrically identical to the Cisco PCBs (I believe they actually stole the gerbers), installed stolen code, and had both hardware and software bugs that were identical. And then sold the resulting "product" to end customers.
This was so identical that you could type syntactically incorrect commands and get buggy, broken behavior which pinpointed the exact internal release of code which had been stolen as Cisco had already fixed the bugs.
Sorry, that's theft, even if you disagree with IP protection.
That's why I separated it out. The post I replied to made a blanket statement about IP law in general, which I think is currently very flawed and certain actions that Huawei and others have done with respect to patents I have no issues with.
The government deciding to not purchase that equipment for their own use in sensitive networks is one thing. (And this was already in place before this executive order.)
Banning corporations from doing that in their own commercial networks is another thing (and that is what happens now).
And pressuring other countries (either via ambassadors or other venues) and threatening with sanctions when they come to their own conclusions is yet another thing again.
> Banning corporations from doing that in their own commercial networks is another thing
I'd argue that it depends.
Many of the corporations that would run this type of equipment end up transmitting, storing, or using sensitive and/or secret information (ranging from corporate trade secrets/IP to classified information), or could be open to abuse in other meaningful ways (cell towers recording private phone calls from important people, etc). There's no real limit to the potential abuse.
We only have to look at what the US Govt has done already, and that's with a legal system designed to prevent such a thing, as well as needing voluntary cooperation from independent private companies. Change all that to largely nationalized companies and a legal system which doesn't care... and you can see where it can go.
Ideally the network equipment would never see anything but encrypted traffic. There is no reason why a cell tower should be able to get access to the voice data of a call.
Now of course we all know that the crypto at least in GSM was horribly weak and optional, because that is the way the US and France liked it, whereas countries such as Germany wanted strong crypto, fearing surveillance by then-enemy Russia next door.
EDIT: Anyone know how that is going to be in 5G? I would be surprised if we get decent end to end encryption, but did they at least limit the number of network elements that can access the voice data?
If US government wanted us secure, they'd let us buy Type 1- and TEMPEST-certified gear that is strong enough to stop their pentests with minimal side channels, too. That's Defense-only. The stuff they recommend for rest of us are built on things like Linux which consistently has vulnerabilities, some of which they and foreign hackers use.
I'd consider blocking foreign products that might be insecure if they'd:
(a) Let me buy their secure products for same use cases. The WAN encryptors and Inline, Media Encryptors w/ trusted paths come to mind.
(b) Start recommending, sponsering, and evaluating more high-security systems like they did under TCSEC. Especially covering the costs of the platform with open, permissively-licensed code so others have fewer excuses not to build on it.
Your premise only works if all nations are the same, all goals of all nations are the same, and all nations are all peaceful and allied, no nations ever compete, and there are no military threats ever. That isn't true of course. You'll notice I didn't say anything about one nation being good or evil, rather, it's about the actual reality of the situation: the US and China are going to be strategic competitors indefinitely, not pals, not close allies. The same holds true for the US and Russia. Nothing is going to fundamentally change about that, period. These nations are permanent rivals, so long as their stature is what it is.
China has openly touted that their intention is global dominance (in all regards, including military, economic and technology). They haven't been shy about it for a long time. Given their economic and military scale today, you have to take that very seriously.
The US spends anywhere from 100% to 150% more on its military than what China does. That's mostly a difference in salary expenses in the US vs China. In properly adjusted terms, China is already matching or exceeding the US on military spending right now.[1] What will it look like when their economy is another 50% larger? How are the smaller, weaker nations in Asia going to deal with China if they're already annexing territory the size of France in the region? And then, in theory at least, their military is going to get drastically stronger.
A large amount of future global economic expansion will occur in Asia. So when you combine those two points, again, you have to treat the rise of China as a very serious matter for economic and military security if you're a superpower with outsized global interests as in the case of the US. That also goes for countries all over the globe that deal with China locally, and especially in Asia. Two of the best and most prosperous US allies are Japan and South Korea, who are also two of the world's largest economies. The US has an enormous vested interest in their well-being.
It makes no sense - no matter what you believe about the US or China - to pretend that the US should just treat China like they're another random smaller nation of no concern or special consideration. The exact opposite is the case. The US and China are going to compete at most things and it will split the world in half.
Maybe that's our fault for outsourcing all of our semiconductor production to China. We got cheap electronics out of the deal, but we've lost a lot of expertise in manufacturing as a result.
I don't buy into all of this anti-sinitic paranoia, but if suspicion of China-produced semiconductors were reasonable, why wouldn't suspicion of Taiwan-produced semiconductors also be reasonable?
I can't imagine why Taiwan would be suspicious of any of the kingdoms of the Heptarchy, or indeed of any polity that hasn't existed in over a millennium.
If you have a good reason to suspect that state-level attackers could be in your supply chain, that reason doesn't go away just because the semiconductors were actually manufactured in Taiwan. Do we imagine that China's spooks don't have access to Taiwan fabs? Do we imagine that USA's spooks don't? If this is an actual threat to you, you need a lot more assurance than a "Made in Taiwan" label.
China is only about 10% of overall semiconductor production. Mostly the older technologies. A large amount of wafer production is in Taiwan and South Korea.
Note that several plants don't have any capacity listed at all, and therefore get sorted to the bottom of the list.
In terms of total capacity, China has about ⅛ of the world semiconductor capacity, the fifth largest country... behind Taiwan, South Korea, Japan, and the US.
Software is now sufficiently complicated that it isn't really possible to know the motives of the people creating it. When the people are controlled by governments like China, fear of those motives is reasonable.
Note also that I don't trust the motives of Cisco, either, except to try to maximize their bottom line. (I'm not really worried about rouge employees at Cisco.) I think in service of said bottom line, Cisco and other companies will do almost anything. I'm not say all will do anything, just that some will, and when some will, there is a threat from them, too. Just like Cisco not giving a crap about security when it conflicts with them making more money.
This executive order would forbid the government from purchasing and installing Telecom/Networking equipment that would be considered to have a higher than acceptable risk.
Given that China isn't exactly the most friendly nation to the US, and given Huawei is by nature, an extension of the Chinese Government, it's not unreasonable to assume China might at some point in the future (or already is) use Huawei to conduct electronic espionage against other nations.
Just like it wouldn't be unreasonable for China to forbid purchase and use of Cisco equipment within the Chinese government.
(We should also not forget or excuse Chinese IP theft which has enabled Huawei to produce competitive products in the first place...)