Maybe it's tinfoil hat time; the more the government says to not use Huawei, offering no proof at all, the more I think they are unable to track and log information like they can on US(ish) phones.
All US phones have components manufactured in China as well as all over the world. It is not a stretch to think the foreign governments couldn't get in the middle and create vulnerabilities or straight up drop attacks on different components they have access to. How is Huawei any different?
Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world. /shrug operations Shotgiant doesn't matter? If the NSA hack revealed that Huawei was injecting spyware it's time to release the details of how they found out.
This argument would hold more weight if the government was saying not to use any non-US phone. But they're specifically targeting Huawei and ZTE. Notice that there's no recommendation to avoid e.g. Samsung phones.
> "
This argument would hold more weight if the government was saying not to use any non-US phone"
There's not even such a thing as a "US phone" though, is there? Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts. Google always outsources its Nexus/Pixel devices to third parties like LG and Motorola. Speaking of Motorola, they are now owned by Chinese manufacturer Lenovo, which has also been in hot water lately over spyware and rootkits in their laptops.
I'm of two minds about the announcement. On the one hand, Huawei and ZTE have both been caught installing backdoors and spyware on their devices in the past[1]. On the other hand, the US three letter agencies have a vested interest in US citizens carrying around easily monitored and tracked devices, and they easily find ways around Constitutional protections against spying within their own borders.
I honestly don't know who to believe in this situation.
"Even phones manufactured by US companies like Apple are made in China with Chinese/Taiwanese sourced parts."
Exactly my thought. US gov't even outsources to private contractors that then subcontract and outsource to China for electronic components including chips that can easily end up in our DOD systems. I wonder if this is more of a money or market thing being pushed by the Existing Oligopoly?
What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".
That's easy. And moreover, its a bigger threat. With a Huawei phone, the Chinese government has control over everything from the processor to the userspace software. With a small piece of silicon in a fab, the threat surface is much smaller; they'd have to sneak it in against Apple's will, past all of Apple's American-loyal QA.
In the software world, we tend to think about security as an absolute, because computer logic is absolute. In the real world, security is probabilities. How can you minimize the chance of breach while minimizing costs.
>What doesn't add up is that, in the real world, you can't protect against every threat model. Its their job to protect the best they can. They can't tell Apple to stop building their phones in China, but they can simply say "Don't buy Huawei".
If the 'threat' was real, that makes as much sense as hardening one door in your house, when you have 4 other doors because "you can't protect against every threat model".
No. It makes as much sense as securing the 4 doors because that's a relatively cost efficient way to implement basic security. But let's avoid strengthening all the walls with a titanium alloy to protect us when the threat brings a bulldozer to get in. That's expensive.
Asking Apple to manufacturer their phones outside of the US is a highly expensive action.
And the pictures of NSA employees opening parcels to modify the hardware before it gets shipped to certain targets immediatly comes to my mind.
That being said if you don’t control the software, modifying manually a handful of devices doesn’t scale. If you modify all of them the chance that you will be spotted is very high. If you control the software and it is encrypted / not readable, you can backdoor all devices of a whole country. So I can see how it is a step up in term of threat level.
If Huawei and ZTE put in back doors, and the CIA/FBI/NSA wants into your phone, then you'd expect they would want you to have a Huawei phone. After all, as oft repeated here, a backdoor is accessible to anybody, no matter who it was put in for.
Not necessarily. If there is a hardware vulnerability specified by the Chinese government, the NSA would not want you to use that phone. They'd rather keep China from having the easy option and then compromise your info another way (that presumably makes it more difficult for China to get your info).
Samsung is South Korean, a US ally and SIGINT partner. Modify the argument to, "the government is saying not to use any phones that are not from the US or its puppet states."
Are Huawei and ZTE the only phone manufacturers from a non-SIGINT partner state? That doesn't seem correct. Hell, https://en.wikipedia.org/wiki/List_of_mobile_phone_makers_by... lists 29 different mobile phone makers in China, 2 of which are Huawei and ZTE, one of which is a subsidiary, leaving 26 independent manufacturers. But the government isn't telling us not to buy e.g. a Xiaomi phone.
How about Xiaomi? Wikipedia says that as of 2017 they're the world's 5th largest smartphone company. I don't know how popular their products are in the US, but I have at least heard of them before (which is more than I can say for ZTE).
My point is that Xiaomi phones are not popular in the US, at all. Xiaomi had zero official distribution in the US up until recently when they started selling directly on amazon. ZTE and Hauwei phones have been sold through official distribution channels for a while. ZTE phones are given away or nearly given away for free to every cricket wireless customer.
I am more aware of Xiaomi than Hauwei. ZTEs were around, but those are garbage phones. I know that Xiaomi makes phones, smart bands and a smart tv. I literally had no idea what Hauwei was making until I looked up right now.
The witnesses only answered the question in front of them. Sen. Cotton only asked about ZTE, Huawei, China Telecom, and China Unicom, so Director Wray responded only about ZTE and Huawei. This is standard practice when testifying in front of an oversight committee.
You're thinking of all of the chaebol/conglomerate companies combined, so Samsung, LG, Hyundae Kia, Posco, Hyundae Heavy Industries, SK Group, CS Group, Lotte, Hanhwa, Hanjin, Kumho Asiana, Doosan, etc., each of which have multiply companies in their portfolios and are serviced by groups of smaller local firms specialized in support for one or a few of the big ships.
But, do they feel above the law? This is certainly a common complaint of South Koreans. These groups are definitely "too big to fail" and they know it. So yes the concentration of power in a few giant firms is remarkable, and not in a good way.
I stand corrected. I shouldn't try to pull statistics from my failing memory anymore. Still big enough to intimidate a government from messing with them.
An important Samsung person was arrested and promptly released. That is not how a government messes with a company. Tax. Regulations. Things that hurt the bottom line constitute 'messing'.
And their argument would hold more weight if they would just point at the vulnerability they're suspecting.
Even if they only had rough suspicions (with rigorous technical underpinnings, just like a security researcher taking their job seriously). The public security community has repeatedly discovered, reported and fixed serious security vulnerabilities without the NSA doing shit all to help out (which is their job) whether they knew about the vulnerability or not, going as far as deliberately pushing back.
The only reason I can see why you'd prefer one argument over the other is if you somehow believe the NSA always has the best interest of the people at heart. But I think we know a little better by now and they might support the people in theory, but there are usually other interests that are bigger and better and more important.
Do you really expect the FBI, CIA, and NSA to point to a specific vulnerability? I would imagine their specific concerns are classified due to national security.
If it was just the NSA saying this I'd be a bit more skeptical. But if the FBI and CIA agree, that seems like sufficient reason to believe that their motives are honest.
Who cares about what overseas intelligence agencies know of them? I would be much more concerned about the agencies that sit close enough to actually be interested in my person. I am exaggerating (McCarthyism is probably not this hard any more and people are much less prone to take communism seriously nowadays) but just for example: if an American gets involved in an anti-communist club in the USA China will hardly care about him in particular but if some of the people in one's phonebook happen to be communists the homeland agencies can actually go after him and ruin his life :-)
Or if the relationship between China and the US becomes more confrontational, China effectively controls a large part of the US infrastructure which becomes a strategic risk. Kind of a nuclear option (no country would ever import anything running on electricity ever again from china if they were to do that).
> ... the more I think they are unable to track and log information like they can on US(ish) phones.
My first thought was "Why? Can't they snoop on us with those phones?" Then I thought that they snoop at the network level so I don't think they need anything on the handset to listen in. Maybe I'm wrong about that.
You'd still want vulnerabilities on the device in order to have access to encrypted messaging. While this type of attack would not be used on all citizens, investigative journalist and activists would certainly be citizens of interest.
// Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world.
Yes, you should. More than one entity has committed a sin does not make that sin a non-sin.
Let's see, if the US is listening in, then there's a small chance they will misinterpret my actions as suspicious, arrest me, and perhaps even lead to my imprisonment. This may include extraordinary rendition, should they make that decision while I am in another country.
If China is listening in, then there's a chance I will be denied a visa to visit China or, should I be given a visa and visit, then they can arrest me, etc.
Upsides in either case? None.
So I would rather have China listening in than the US.
I think you're very much mistaken about the risks involved. For example[0]. I really have a hard time understanding people who think the US is worse than China. China is orders of magnitude worse. Sure, the NSA may spy on your electronic communications but the level of invasive, oppressive surveillance is not even comparable[1]. As far as I know no people are in jail in the US for protesting the government's policies. In China that's not the case[2].
> Sell personal details like credit card numbers or the SSN to a criminal syndicate.
That kind of ticky-tack stuff seems more like the work of organized crime ring than a national government of a state like China. Anyway, that stuff is subject to much more prosaic risks, like your being at the mercy of your dentist's office's online security set-up.
I don't think people need a reminder of that. The US government also isn't a monolith, as J. Edgar Hoover's abuse of power as the head of the FBI reminds us.
I'm not "idealizing" China; I just think that, realistically, credit card fraud is a weird tack for a large world power to take. If we're talking about rogue individuals, OK, but you probably need a local fence, complicating things, and you could make the same argument about just about any entity you interact with. I'd say the risk of a call center employee stealing your SSN to commit fraud is higher than someone in the MSS doing the same.
DDoS the whole infrastructure. They have done that to GitHub before by hijacking traffic to Baidu. With millions of phones in the US under their control it’s fairly easy to overwhelm any website (Mercedes comes to mind in recent news) they don’t like or even cripple the whole national wireless network.
Also even if you are not of direct interest to China, what about your friends and colleagues? They can use you as a tool to get to those that you have direct communication with.
> What can China do to someone a US citizen, living in the US, using a Huawei phone?
What can the US do to someone who's not a citizen, living outside the US, with access to their communications? It's not difficult to find an answer to this. China would do the same to you and you won't be able to fight against it because you're not a citizen of China.
US get extradite people from all around the world quite easily. On the other hand, extraditing a US citizen to another country is very difficult as US is more likely to block such efforts. For this reason it might be safer for US citizens to be listened to by Chinese government instead of US. It's a tradeoff you need to make and it depends on your circumstances of course.
His point wasn't that the US is worse than China, but that he lives in the US, and not China. As bad as china is, they are not likely to abduct him from the US. His own government however can do as they please.
I'm sure some could care less about Constitutional rights for those who are undocumented, but ICE most certainly is targeting activists for immigration reform, aka those protesting government policies.[1]
"First they came for the Socialists, and I did not speak out—
Because I was not a Socialist...."
You may feel that from a human rights perspective China is morally inferior to the US. This has no bearing on whether you're better off being spied on by one or the other. If you're located in the US, the US government has an extreme amount of power over you and China has almost none; it's obviously better to be spied on by China. If you're in China, the logic reverses.
The thing is since I am in the US, the Chinese government has very little power over me compared to the US. Since I am a US citizen, they also have very little interest in me compared to the USA.
Concerns may differ for those in a different position than I am. My industry isn’t a target for espionage.
Not to mention, with the NSA, the primary concern should be transparency and whether what they're doing is legal/allowed by the constitution. With China there are real national security concerns.
We can have discussions and concerns about the NSA while also recognizing foreign nations pose an equal or worse threat. At least with the NSA there is some hope of reigning them in when they overstep.
Dont fool yourself. If you get a Huawei phone and use it with a U.S. carrier with any services by U.S. tech companies that can be back-doored or subpoenaed, then you could potentially have both the U.S. and China spying on you.
It has already been proven in the past that these Chinese phones send considerable amounts of data to Chinese servers.
If you are someone working with a military contractor or the government(with any kind of security clearance) I dont think the U.S. would want you using a Chinese phone for obvious reasons
Also, what are they sending? My natural response to this would be "well of course they do" because presumably most phones come with some software/services from the manufacturer.
What about blackmail? They can use your surfing data (porn, social media) to blackmail you. If you do your banking or shopping on your phone, they will have access to your credit card data, social security #, etc. that can be sold or used for cyber warfare.
You're right, no upsides, but there are huge risks with having the Chinese steal your information.
And because I read "listening in" literally, as intercepting audio, rather than metaphorically as being able to intercept all traffic.
Also, the US has blackmailed people, like the FBI attempt to blackmail Martin Luther King Jr. We know the US gathers the porn habits of people who it considers might be a threat, including of a US person (https://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n... ).
So really it's a matter of balancing the odds. The odds are low that either government will care about me. It feels more likely that my life will be upended by a mistake, like what happened with Brandon Mayfield, and a mistake by the US government is far more likely to affect me than a mistake by the Chinese government.
The hypothetical choice is, would I rather have the US or China listening to my phone, if I had to choose one, and "none of the above" was not an option.
It is not easy to assassinate someone in another continent, and I don't live in China.
There's also the chance that the assassination will fail, and even backfire, where the further investigation might reveal agent identities. I'm just not that worthwhile to possibly waste those resources.
I sometimes feel like the smartest move is to use a product coming from a country ruled by a hostile government. Like, if you're in the US, sign up for Chinese services, but if you're in China sign up for American ones.
(yeah the relationship is more complicated than "hostile" but you get my drift)
I believe his point with 'hostile' is to choose nations where they would be both likely and able to say 'no' should the host nation of an individual request sensitive information on the individual in question.
For instance Switzerland had some of the most secure and private banking in the world. It was actually a criminal act in Switzerland to reveal the name of an account holder - to anybody, including governments. And so if the US were to request information on a possible US account holder, they would be likely to say no. But given the influence of the US on both Switzerland and on the nations it most heavily depends upon, they've proven themselves unable to say no, and ended up passing all sorts of special laws, just to bend over to US requests that infringed their nation laws and more generally their sovereignty.
Another interesting example with Switzerland is Champagne. Champagne, Switzerland has been making a local wine known as Champagne since the 9th century. Many centuries before the champagne of France even existed. In 2004 the EU told them to stop using the name. And again even if they were likely to say no, they would be unable to do so. As another interesting aside Champagne, using the ubiquitous méthode champenoise, was not invented in France. It was created by an Englishman. What a sordid tale that little drink has!
Would Finland be likely to say no? I don't know - I have very little knowledge of the security arrangements between Finland and the US. Would they be able to say no to the US? Not a chance.
Huawei is not that good with phone updates. I don't think they need special access to hack or record Huawei phones, especially if they find the Chinese backdoor in there.
People tend to believe narratives that mirror or support their beliefs.
Blame North Korea for Sony hack? Nah, no way. Blame Russia for election hacking (even though at most they bought some ads on FB and ran some twitterbots) oh yeah, those manipulative Russians.
And what about the facts coming out about voting system intrusion and all the buzz about manipulated voter rolls that could easily have accounted for the number of votes that dictated the outcome of the election in key states?
It was quite a bit more than "some ads on FB and twitterbots" and to downplay the extent of their actions is disingenuous.
Even NPR reports that there was no voting machine fraud perpetrated by Russian actors, only that intelligence agencies say it appears they tried and expect them to try some more.
Interestingly WaPo is going counter tight wing as well as left wing predispositions and calling for national voter id.
What happens with a lot of this stories is something gets carelessly published, a lot of people read it, and then it's retracted and the retraction is seen by far fewer people.
This comment is highly understating the power of social media micro-targeting by dubbing it as buying a few ads on FB and running twitterbots. I would request you to check out the Ted talk by Zeynep Tufekci (https://www.youtube.com/watch?v=iFTWM7HV2UI) to get a sense of how effective social media campaigns can be.
Well that would explain why they were so effective in the Ukaine campaign, right?
Or you're saying Americans are so much more deceived and gullible?
The Kochs and the Soroses pump so much more money into manipulating elections what the Russians did was peanuts. People would hardly be complaining if they had instead been on Team Bernie. But since the candidate who could not possibly lose lost a Sure shot, people want and need a ready made answer, enter twitterbots and FB ads.
Anyway, the agreeing narrative phenomenon is most clearly evident in the Assange issue. When he was exposing America's behavior in Europe and the middle east and it also aligned with left ideology, he was a hero, Swedish accusations be damned. Now that his leaks hurt the left, he's a tool of the Russians, of course.
> The Kochs and the Soroses pump so much more money into manipulating elections what the Russians did was peanuts. People would hardly be complaining if they had instead been on Team Bernie. But since the candidate who could not possibly lose lost a Sure shot, people want and need a ready made answer, enter twitterbots and FB ads.
The Kochs (etc) are Americans manipulating the system with their wealth and probably within the law. I resent them for it, but that’s very different from a foreign government attempting to influence the results of a US election. I don’t pretend to know the actual pervasiveness of Russian influence; I’m only saying that your comparison falls flat.
I have to wonder if you might realize this yourself, but choose to ignore it in order to justify your own agenda.
Also, I would be angry with any outcome that was shown to be the result of election tampering. That goes for any candidate, even if I voted for them myself.
Would anyone even care about the Facebook ad spend and meetings with campaign officials if it were Israelis or Saudis instead of Russians? I think if you do this mental exercise a lot of the "Russiagate" stories start to look weird.
This gets tricky. So does that mean suddenly it's meddling when Saudi Arabia makes political FB ad buys, or Egypt, or Japan, or whomever wants favor from Americans?
Can a Russian, Israeli or Saudi or Mexican citizen in their respective country buy political ads targeting Americans and favoring or disfavoring a particular American candidate for office?
What if they are on vacation in the US?
What if they have jobs in the US, are not citizens, but live here and have an interest in politics?
What if they are here illegally and buy ads favoring or disfavoring a candidate for office?
What if in some cases it was their own money, what if in other cases they were hired by people in their home countries to buy ads?
What if they work in DC and act as foreign agents and pay for lobbying?
> Can a Russian, Israeli or Saudi or Mexican citizen in their respective country buy political ads targeting American and favoring or disfavoring a particular American candidate for office?
Yes, lawfully [1]. This is a complicated area of law, which is why foreigners and foreign governments seeking to properly lobby in America hire proper counsel.
So Twitter found some $100k spent on ads from Russia during the campaign. Are you really suggesting that someone spending $100k could decide the outcome of an election as big as the U.S. one?
It's time to stop this "Russia hacked the Election" non-sense and just accept the fact that Hillary lost in a fair election.
> Are you really suggesting that someone spending $100k could decide the outcome of an election as big as the U.S. one?
You are very conveniently omitting recent disclosures from facebook that over 126 million Americans may have seen Russia based political posts over a two-year period leading to the election.
Source: https://www.reuters.com/article/us-usa-trump-russia-socialme...
This isn't about a particular candidate winning or losing the election. The case would be equally horrifying if Hillary had won the election with the help of a foreign-state-sponsored social media campaign.
And I would implore you to check out the Ted talk I have posted above. It is not about supporting any particular candidate - it simply talks about how powerful these micro-targeted campaigns can be, and we ignore their potential and their effects on democracy at our own peril.
I feel that if some Facebook posts are able to affect the elections to a large degree, we as a people have failed and it doesn't matter what the outcome is since it's just a symptom of a larger problem.
Just like it didn't matter what the exact process by which GW won the contested election. The very fact that the counts were so close means we might as well have tossed a coin.
The last election showed that you only need to target a small amount of people in a few key states. $100k, coupled with some convenient gerrymandering, could easily reach that many people.
All US phones have components manufactured in China as well as all over the world. It is not a stretch to think the foreign governments couldn't get in the middle and create vulnerabilities or straight up drop attacks on different components they have access to. How is Huawei any different?
Are we supposed to take their complaints seriously when Snowden leaks revealed the NSA hacked Huawei servers to find vulnerabilities they themselves could use to spy on people around the world. /shrug operations Shotgiant doesn't matter? If the NSA hack revealed that Huawei was injecting spyware it's time to release the details of how they found out.