This already happens in the US with software and hardware that is essential for national security.
How is that any strange that China wants to do the same?.
The job of the NSA is spying other countries, obviously China does not want other countries controlling their basic infrastructure.
Of course, having the source code means in a couple of years there will be a Chinese company creating the same hardware or software, and with lots of "coincidences" in the code code.
It is not very different to what Americans did with the British.
I have lived and worked in China, I speak Mandarin. There any Chinese commercial companies have to go to meeting with other Chinese companies, so THEY CAN COPY YOU!!
Any commercial company operating in China needs to have 51% Chinese participation. As a western well trained person, if you work there in 49% partnership with a foreign company, they could offer you millions of dollars for making a 100% Chinese company competitor.
The west should start demanding reciprocity to China in lots of ways.
| The west should start demanding reciprocity to China in lots of ways.
Agree. It makes my blood boil that we're handing over the culmination of years of research and development, both academic and corporate, for the sake of a few short term dollars. There will always be some moron happy to the the one to hand over everything in order to make a quick buck.
I am way out of my element as I have no legal training, but how are there no export controls? It is in the US's best interest to not allow this to happen. Do we really want to live in a world where China can copy any western technology at will, but never divulges any of it's own secrets? What a load of crap.
I wouldn't call it a quick buck, it's unregulated market competition.
| It makes my blood boil
You're taking my money and not guaranteeing no backdoors in your software, how does that work for my blood? I'm not saying my data is important or that I'm special, but the fact that my ERP data critical to my business is potentially open to someone across the world or even my own government does not sit right with me. Of course I will clamor for some oversight. I may be dearly mistaken but I can't agree with your comment.
> Any commercial company operating in China needs to have 51% Chinese participation.
This is not true. Wholly foreign owned enterprises have existed in China for many years, and their permissible activities have increased greatly over the last 5 years.
>This is not true. Wholly foreign owned enterprises have existed in China for many years, and their permissible activities have increased greatly over the last 5 years.
The letter of the law is never the actual implementation of the law here. Wholly foreign owned enterprises are tolerated up until there is a Chinese company in competition- then you get raided by the police in the early AM and find yourself on CCTV for “Tricking the Chinese People”. You’ll be allow an exit provided you sell your business for pennies on the dollar to your direct Chinese competitor. Yes, even if you speak, read and write Chinese, yes, even if your Chinese wife negotiated for you, yes even if you have a dozen Chinese lawyers and a contract. China as a system has zero interest in protecting the interest of foreigners- and you will always be such because they have no interest in immigration in any form.
The ONLY interest China has in foreign companies is for capital and as a vehicle to transfer IP. Once they have that- the company will be shown the door. Happens over and over again but Western companies persist in thinking they will be the exception.
I’ve lived in China for over a decade, I love it here, but without exception every foreigner I know here who has attempted to start a business was screwed in the end. Rich Chinese know this and most do everything they can to do business only with foreigners and earn their money overseas.
Totally agree. I think it's sometimes surprising and/or unbelievable to people without experience of China that their history/culture/politics is so exclusive and that people would behave this way. Most of the high speed train network was built on foreign technology and expertise, but contractors I knew working on that project regularly had their apartments broken into (with nothing taken but the laptop) and half of their job was trying to stop their chinese counterparts stealing their IP (anecdotally of course). This kind of activity has been a mainstay of the China miracle the last 30-40 years
What you say is also largely true. However you can in fact have a foreign owned enterprise and operate, at least until you come on the wrong radar.
The original statement, "Any commercial company operating in China needs to have 51% Chinese participation." is entirely not correct. And even with 51% Chinese participation, a foreign partner is likely to be screwed in the end.
"and build so-called back doors into hardware and software"
It would be nice if the US government had some moral right here to claim for US companies this is unacceptable since any backdoor is an exploit waiting to happen. Sadly, the Executive branch in setting NSA policy has basically screwed us all and sacrificed our safety.
I don't get what's so bad about backdoors. With the exception of end-to-end encryption, your chat/communication provider already has the keys. What's so much more hackable about the government having a copy?
When a service provider's cooperation is required, it can:
- Turn away informal requests and say, "come back with a court order"
- Appeal subpoenas it feels are unreasonable
- Return exactly as much data as required by court order (search warrants are supposed to be narrow; overly broad search warrants are vulnerable to defense lawyers)
- Fall on its sword if it feels it has been required to do something extremely unethical and legal channels for objection have been exhausted (Lavabit)
While a service provider cannot legally resist government writ large, it can limit its disclosures to what the judiciary actually requires, rather than what police want. (At least in criminal law, these are actually meaningfully different.)
A service provider that has been backdoored is giving every cop/analyst/whatever far more than they are legally entitled to.
Two reasons - first even if you're okay with the government having a copy (many are not), it's impossible to ensure that only authorized parties will have access to that backdoor.
Having it there in the first place is a security hole, in other words.
Second, having a backdoor in place allows for extralegal shenanigans (which is what everyone is hacked off at the NSA for).
At least as is, they have to get a court order compelling the communication provider to hand over data.
And therein lies one of the big issues. As Apple is discovering, implementing good practice security with end-to-end encryption or similar untrusted-middleman setups is being made illegal.
They also want backdoors for end-to-end encryption. Remember the Clipper Chip? Cypherpunks won that round with Silicon Valley support. But now that we're at cyberwar, all bets are off.
This is really not all that uncommon. Microsoft gives regular access to its Windows source code for auditing to Russia, China and other countries.
Combine this with recent activity on the US's behalf to backdoor services in China, for example giving US Federal agents access to the GMail accounts of Chinese nationals. Projects like this in the United States are not atypical. You'll remember that the surveillance programs selectively revealed by journalists with access to the Snowden documents that they are administered by the 'Foreign Intelligence Surveillance Courts' - and that the United States participation in the Five Eyes partnership with the core of UK, Australia, Canada and New Zealand (now expanded to include others) is a charter to intercept global intelligence and communications - that Germany's BND, an ally of the US's NSA, had called for the boycott of the more recent Windows Operating Systems as its implementation and support for TPM attestation amounted to the US backdoor. We've also learned that the United States CIA created a Twitter-like service under a front corporation, deployed it in Cuba, and used it to attempt to foment a revolution (in 2014). The United States Department of Defense has studied how to propagandize entire countries, in fact entire regions of the world, over Twitter and social media. It's Justice Department funded studies on how to tweak search results and social media banners to influence election outcomes. (Such meddling has been caught in Indian search engines, but attribution is not currently known.)
No one should be surprised after the wealth of information disclosed through the Snowden documents and the constellation of other facts that China has a legitimate worry that software sold to their banks may contain surveillance or covert access capabilities. One might even speculate that these policies are a product of Chinese Intelligence which suggests that Western allies either have plans to do or have in the past done exactly that.
On one hand, I would like to see tech companies in my country (the USA) have access to all international markets, and vice-versa.
On the other hand, I understand why governments like China, USA, etc. would want to protect their local infrastructure and competitive advantages.
I listened to a good interview with Catherine Austin Fitts this morning and one of the topics she talked about was how corporations are becoming more relevant than governments. When I see how corporate (and I include the military industrial complex) interests have usurped control of my government I find it difficult to disagree with her viewpoint. Who knows what will happen in the next few years, but it will be interesting to see how much corporations publicly get in the face of governments who get in the way of their business interests. One example of this would be push back against central banks affecting the value of money, etc.
Well TTIP is intended to give corporations the Power of Profits (the governments can't impede the corporations' profit-making in many ways, such as stricter health regulations or whatever) over the governments of the world, so we're already rapidly heading in that direction.
On the other hand, I understand why governments like China, USA, etc. would want to protect their local infrastructure and competitive advantages.
From a humanistic perspective, I'm no more sympathetic to this arugment than I would be about protectionist measures enforced between neighboring states, provinces, cities, towns, or neighborhoods. The world gets smaller every year and that's a good thing in most respects.
I listened to a good interview with Catherine Austin Fitts this morning and one of the topics she talked about was how corporations are becoming more relevant than governments.
Governments murdered a hundred million of their own citizens in the twentieth century alone. I say let's give the corporations a turn.
(Yes, I'm being somewhat facetious. But like most snark there's a grain or two of reality behind it.)
There's a strong statist undercurrent on HN, which is somewhat hard to understand, as well as a low tolerance for trolling, which isn't. Sometimes telling the truth in an unexpected context is mistaken for trolling.
In general governments aren't exposed to the same criticisms as corporations, or held to the same standards, except when their actions directly impact IT and online rights (DRM, surveillance/security policies, and such.)
In general governments aren't exposed to the same criticisms as corporations, or held to the same standards, except when their actions directly impact IT and online rights (DRM, surveillance/security policies, and such.)
I don't think that's an accurate statement to make about HN. There are some high-karma users who seem to be very pro-government, and there's no doubt some astroturfing going on. But there is also a vocal population of people who want to see governments act in their people's interests and be accountable for their actions. It just so happens that, as an IT-focused community, HN talks about the IT aspects of government a lot more often.
But there is also a vocal population of people who want to see governments act in their people's interests
The problem is, it's becoming increasingly apparent (to me, at least) that this is motivation is not only ill-defined, but inherently self-contradictory. Those people are not going to get what they say they want, because it doesn't exist. Government is the ultimate zero-sum game: anything they give to someone, they have to take from someone else.
Ultimately, the only rational conclusion I've been able to reach is that the best government is the smallest one. Around here, saying so often gets one downmodded.
Ultimately, the only rational conclusion I've been able to reach is that the best government is the smallest one. Around here, saying so often gets one downmodded.
It could be because small government advocacy is often associated with dogmatic irrationality. Maybe there's a way to reword rational small-government arguments to make it more clear they have a rational, rather than dogmatic, basis?
It could also be because there's a path dependence issue; how does one actually get from where we are to where a particular argument wants us to be?
I live in China (on and off for 13 years). I have run tech companies here. First up, rules are less fixed here, so the fact this has been announced doesn't mean it will be encountered/enforced at all outside of very large government contracts (banks here are owned by .gov, foreign banks are excluded despite WTO-join-time assurances to the contrary). Secondly, this is a direct response to the NSA paper revelations about how much success they've had infiltrating Chinese communications networks... big red dots showing points of NSA infrastructure inside the country! Well... pot, kettle, black. Finally, if you are selling physical or software products to China and feel they're somehow unique technically and believed for a second that they wouldn't be reverse engineered by interested parties, then you were already kidding yourself.
Could someone expand a bit on 'adding backdoors'? Article only mentions it at beginning, and it kind of feels like something was lost in translation, perhaps it was 'to check for backdoors'?
It is all about reducing dependency, and backdoors in banks, does not really fit in.
> “In reality, it’s about the core elements of Chinese information technology. We don’t really control these. We’re under the yoke of others. If the others stop services, what do we do?”
I believe "adding backdoors" is exactly what they meant.
In the context of China, I think you can interpret "controllable" as more than just controllable by the companies that operate the systems, but the government as well. And, the backdoors are necessary for that.
The draft antiterrorism law pushes even further, calling for companies to store all data related to Chinese users on servers in China, create methods for monitoring content for terror threats and provide keys to encryption to public security authorities.
Sounds pretty backdoory to me. (Technically the article is talking about a few different laws/policies, but the underlying philosophy appears the be the same: the government wants access to everything.)
Thanks, makes sense, I was confused about banking industry.
new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software
I appreciate that people are upset at the USG and I think the comparison to China helps the argument, to be clear they're asking for a lot more than the USG.
China is way, way, beyond the NSA. They block huge swaths of the internet and blackout televisions. They monitor every chat you send on WeChat, without even the illusion of a warrant or probable cause. And, they're not asking, it's a condition of WeChat's operation. Imagine if you DM'd someone on Facebook or Twitter and the US government stepped in and shut your account down. It's that.
Comparisons are fine, but these are not the backdoors "you were already compelled to insert."
The rules about encryption and backdoors are authoritarian but hardly unexpected from China.
The rest of it doesn't seem so unusual. Microsoft has been sharing source code with governments for over a decade and several other countries (including Western ones) are considering requiring user data to be kept in country.
Yes, this is not at all a surprise. And yes, many nations are pursuing similar initiatives, to defend against Five Eyes snooping.
What varies more is the emphasis (in public, at least) on backdoors. China, Russia and the UK want them. The rest of the EU and the US have been conflicted.
Recall that US TLAs have been pushing for this since strong encryption became widely available in the 80s. And with all the FUD about cyberwar, they'll probably get their wishes granted soon.
Aside from the regulation about building backdoors into hardware - is there any any reason why it would be disappointing to hear that bank software must be essentially open source?
That's why this is a tricky issue. In theory most of these demands are quite reasonable, but the context is that a country known for cloning and hacking is asking for "visibility" into technology developed by others. The potential for cheating is large. And if western companies refuse, they'll be displaced by domestic Chinese companies so China has little to lose either way.
noting that many Chinese companies and local governments had to scramble when Microsoft discontinued its support of Windows XP
This really doesn't make any sense. Microsoft gave ample warning about when it would discontinue supporting XP, and its actually incredible that they did support it all the way to 2014. What exactly do they expect? That MS will support it forever?
I wonder if this will result in more open source code available in China? Open source projects should have no trouble disclosing source code to anyone who asks, including the Chinese government.
How is that any strange that China wants to do the same?. The job of the NSA is spying other countries, obviously China does not want other countries controlling their basic infrastructure.
Of course, having the source code means in a couple of years there will be a Chinese company creating the same hardware or software, and with lots of "coincidences" in the code code.
It is not very different to what Americans did with the British.
I have lived and worked in China, I speak Mandarin. There any Chinese commercial companies have to go to meeting with other Chinese companies, so THEY CAN COPY YOU!!
Any commercial company operating in China needs to have 51% Chinese participation. As a western well trained person, if you work there in 49% partnership with a foreign company, they could offer you millions of dollars for making a 100% Chinese company competitor.
The west should start demanding reciprocity to China in lots of ways.