In the U.S., military espionage is heroic and economic espionage is a crime. In China, the line is not that clear.
Let me say this: BULLSHIT, a thousand times.
Who says this? Any of the companies who have been lying to their customers? Any of the government agencies which have not explained anything about the NSA activities (not that they would know what is going on)? Any of the officials caught lying, one and again?
The US will not perform economic espionage as long as the US has a technological edge (which is probably not anymore the case in lots of areas).
Which brings us to an important observation: OCDE rules forbidding economic espionage are designed to keep the current technological status quo; any country is well advised to sign them to be accepted to the club, and immediately throw the rules to the garbage bin. Because we can be sure that any country capable of doing economic espionage has been doing it, is doing it, and will continue to do it, no matter the rules, no matter if they get caught, no matter the hypocrital public posturing of their leaders.
Those rules, and the whole "Intellectual Property" apparatus, is there for the suckers to respect them. The US, in particular, has never respected those rules.
One of my coworkers actually expressed this sentiment to me. He's generally a smart guy but I don't know how you get across how damaging this is to basic commerce.
The NSA is destroying the American technical industry piece by piece. How do we approach this existential crisis, when the folks behind the NSA apparently don't give a shit what damage they do to America?
The money is what matters politically. Interestingly in this case, while that's one of the most sickening aspects of US politics these days (the extreme dominance of money), it's also the one we can count on here. Enough damage - which seems to be a matter of time now - and a lot more companies will stand up and 'force' their politicians to dismantle the NSA's programs.
Either that or the military industrial complex has reached a point of scale where it's basically going to end up destroying itself by bleeding out the economy and the tax dollars required to fund such a massive beast.
I'd argue that there's no scenario in which the military industrial complex survives intact going forward, short of WW3. That's particularly fitting timing wise, as America has reached all sorts of crossroads in its path forward (huge generation changing issues on debt, education, standards of living, war, jobs).
edit:
Another thought - it's also going to self-cripple the military by eroding the US technology sector (capital seeds tech companies in other countries instead of the US as a response, so more technology is created outside the US in the future, in a downward spiral, potentially depriving the NSA and military of all sorts of technology and access). The relative US technology lead has been a massive competitive advantage for the military for a century.
Isightful. And the follow-up question is: since the military industrial complex has probably already reached this conclussion, will they force war? I mean, in a more direct way than what we are used to ...
In this light, trusting the USA to responsably handle the nuclear arsenal may prove to be the biggest mistake that the international community has done since WWII.
The nuclear arsenal is for Russia and China and self-defense, it's useless in WW3 unless mutual assured end-of-civilization is desired (or as a one-off response to someone like Iran or Pakistan using a nuke or a small number of them). That arsenal is no more risky in the US hands than in, say, the hands of Russia or China or Britain or France.
The military industrial complex wants money and power, not global annihilation - always remember it's run by people, and they want what most people in power want. It's not a complicated beast, it's mostly about the world's largest slush fund, $700 some odd billion up for grabs every year, and they want all of it and more if they can get it. The military people want to play military, and the industrial people want to play industry, and they leverage each other to that end.
Yes, I think they'll force more wars. Something that big and powerful, in a state of desperation for survival, is scary indeed. I think that's what the play in the 'sandbox' (the middle east, aka where you can launch wars and suffer no domestic enemy retaliation and you can't hardly 'lose' in a classic historical sense) has been largely about, excuses to spend large amounts of money and build & experiment with shiny new war machines. If it had been about economics, oil for example, we'd already control most of the oil in the middle east (we'd have taken Saudi Arabia and Iraq's oil through force). I think that explains Wesley Clark's shocking admission about the Pentagon planning all the wars far in advance:
Exacerbating this, emigration to other countries in an intellectual flight as employment overseas becomes ultimately more lucrative or desirable from a technical standpoint.
Every country that CAN collect data IS collecting data.
If they are manufacturing anything that can be hacked to collect data and they can feasibly get away with it (read: there is no independent oversight), you can bet it is being done.
Germany is no different than France is no different from the US is no different than China etc. etc.
The only difference is they haven't had their Snowdens come out of the woodwork yet.
I can guarantee the US intelligence apparatus is right now trying to figure out how to out a few of these foreign programs so that the US does not look quite so bad in comparison without causing a diplomatic meltdown.
I think it's deluded to expect any country to come even close to what the US is doing except maybe China. The budgets of all are not anywhere high enough to pull such a thing off. The US has moved on a dark and lonely path after 9/11.. Not only in espionage, but also in remote killings, illegal imprisonment and torture. To say others do just the same seems deluded.
Europe outsources a good deal of their defense and intelligence to the US, and for good reason, why spend money on redundant systems when the West is working together.
I can agree with your point that nobody quite reaches the scale of the US.
I mean, I am not suggesting Uganda has huge data warehousing and analysis compounds or anything absurd like that.
But I do suggest that every country is doing what they are capable. And countries like Japan, China, UK, Israel, Germany, Russia etc. are capable of quite a lot.
Is there any possible justification under 'national security' for wiretapping Merkel or the president of Brazil?
Unless people think that Merkel is secretly in cahoots with some kind of extremist group, it's obvious that this kind of spying is done exclusively to get an economical edge when negotiating treaties.
Are you serious? National security != fighting terrorists. From Wikipedia for the lazy.
> National security is the requirement to maintain the survival of the state through the use of economic power, diplomacy, power projection and political power. The concept developed mostly in the United States after World War II. Initially focusing on military might, it now encompasses a broad range of facets, all of which impinge on the non military or economic security of the nation and the values espoused by the national society. Accordingly, in order to possess national security, a nation needs to possess economic security, energy security, environmental security, etc. Security threats involve not only conventional foes such as other nation-states but also non-state actors such as violent non-state actors, narcotic cartels, multinational corporations and non-governmental organisations; some authorities include natural disasters and events causing severe environmental damage in this category.
Since you jogged my memory, here's one person who has said it: Richard Clarke, U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism 1992-2003 - https://news.ycombinator.com/item?id=3769442
> we can be sure that any country capable of doing economic espionage has been doing it, is doing it, and will continue to do it, no matter the rules, no matter if they get caught, no matter the hypocrital public posturing of their leaders.
Why can we be sure of this? Simply from a rudimentary game-theoretic analysis? Isolated incidents of industrial spying aren't enough to show that this activity is as ubiquitous and inevitable as you say it must be.
It is not only from a theoretical standpoint: rules get broken, whenever it seems convenient, there are resources to break them, and there is an advantage to be obtained to break them. From an outside observer, the rules get broken randomly: rules get broken continuosly, sometimes more, sometimes less. Would you deny that?
But the important point is that there is absolutely no consequence of breaking the rules. Will the US be kicked out from the OCDE? Will they be sanctioned? The mere idea is laughable.
The only pressure possible is money: we need to put pressure on the US economy to change its ways.
Is it just me or does this seem to be a tortured argument - the US suggested that huawei might be implementing backdoors in their product out of the box, is not the same thing as the US security agency actively searching for exploits for the product. One is a collaborative effort to sell someone a defective product (could be fraud) the other is a adversarial effort that is a natural part of the security industry cycle.
There is another degree of freedom in that equation, Cisco.
The Chinese networking gear has become shockingly good. performance per dollar and performance per watt they are extremely competitive with Cisco, especially in the higher end. I couldn't talk to gateway routers but their switches also have accurate documentation. Ciscos biggest edge is institutional memory, a bunch of CCxx certifications, and they are assembled in America or owned by an American company or something like that which meant security.
Can any one tell a remotely interesting story as to why Cisco wouldn't aid the NSA? I mean Apple, google, etc did..
>the US suggested that huawei might be implementing backdoors in their product out of the box, is not the same thing as the US security agency actively searching for exploits for the product.
The US has also been adding hardware backdoors by intercepting mail as it travels across US friendly territories. Furthermore, the US backdoored RSA's RNG 'out of the box', and reports suggest it has backdoored other things 'out of the box'.
The argument as I understood it was this, US:
"China valves its 'dominance of cyberspace' over the security of both itself and the community of nations, therefore using hardware produced in China will probably make everyone, including the US, less safe".
It is a good argument in general form and it addresses an important need for security because this sort of gear is used in nuclear power plants, air defense grids, hydroelectric dams, etc (note that Hardware backdoors have covert radios for bridging airgaps). These backdoors, even if not exploited by the Chinese, could fall into arbitrary hands[1] and cause significant economic damage.
EDIT: People are downvoting this comment. As downvoting is your right please continue to do so but feedback is welcome. I care about understanding this issue and I want to know why you disagree with my comment.
There's just an important distinction that you're missing.
If the NSA is intercepting devices and bugging them, then it doesn't really matter which brand you buy - you're being targeted as an individual. Order a Huawei phone and they'll (presumably) try to intercept and compromise it. Country of origin doesn't really matter, because (presumably) the NSA isn't compromising the company producing the device, they're compromising the delivery chain which handles all (most) devices.
The reason to avoid Huawei (according to some US gov't sources, evidently) is that Chinese security services may have compromised the company's structure itself; thus all products they create may have backdoors/trojans already in them.
These two situations aren't even in the same universe.
>the NSA isn't compromising the company producing the device, they're compromising the delivery chain which handles all (most) devices.
We have substantial evidence that the NSA is doing this exactly this, in your words "compromising the company producing the device". For example in the case of RSA being paid to use Dual_EC_DRBG[1] or with the unspecified encryption chips that have been backdoored according to the Snowden documents[2].
>These two situations aren't even in the same universe.
From a policy standpoint it might be the same universe. We ban the use of chemical weapons in all circumstances, despite their effectiveness, because we believe the world is a better place without them.
Given the threat that hardware backdoors, either installed at the factory or during shipping, pose to both security and global trade there is an argument that such actions are off-limits. It was the public position of the US that the US did not do such actions but that China did. It appears that was PR.
2: "(TS//SI//REL TO USA, FVEY) Complete enable for [REDACTED] encryption chips used in Virtual Private Network and Web encryption devices [CCP_00009]" - (U) COMPUTER NETWORK OPERATIONS (U) SIGINT ENABLING http://www.nytimes.com/interactive/2013/09/05/us/documents-r...
Are you aware that the NSA is actively planting exploits into products by intercepting shipments? Your are not buying a Cisco product: you are buying a Cisco + NSA product, with a backdoor. Which is exactly the same as buying a Huawei product with a backdoor.
The NSA is planting exploits. It is not only exploiting existing security holes: it is creating new security holes, by manipulating the hardware. Is is effectively working together with Cisco / any other company (maybe not willingly, but who cares) to manufacture a Cisco/NSA router, with a backdoor easily accessible to the NSA.
According to his comment he is not aware of this, otherwise he would not differentiate between Cisco/NSA and Huawei.
And according to your comment, you do not even understand what I am saying.
The concern with Huawei is that a security apparatus would be inserting backdoors/Trojans into every device. The NASA's targeted attacks of a few hundred (thousand?) devices is entirely unrelated.
Previously the story was "the chinese are inserting backdoors". Afterwards the story was, the NSA is spying everyone. Now the story seems to be that the NSA is spying and planting some backdoors. How many? 1% of devices? 10%? 99%?
Let me clarify two things for you:
- We do not know how many backdoors the chinese are planting. Maybe none, maybe in all devices.
- We do not know how many backdoors the NSA is planting. Maybe just in some devices, maybe in most devices.
In light of this, how are you so sure that "these two situations aren't even in the same universe." Do you have any other knowledge that you would like to share?
yes, and one should be outraged by that. I would not have posted my comment if that was the parallel made in the OP, but by my reading that is not what the article stated.
It's important to note that during the USG vs Huawei discussions there were no actual proofs brought by the USG about the allegations it pressed on Huawei. Huawei even wrote an open letter just two years ago asking for investigation and denying all the allegations http://www.huawei.com/ilink/en/about-huawei/newsroom/press-r...
To my knowledge, no response has been made by USG justifying the allegations it was making when it was openly called by Huawei. Given all of this, I find it ironic the comments here such as "backdoors in Huawei's devices" are taken for granted. Now with the latest leaks exposing hacking by the USG itself the tone of the conversation (including the comments in HN) has not changed. What am I missing?
The only noticeable change seems was the decreased tone of the US media (CNN alikes) who used to shout extremely loud that 'Those Chinese are hacking our systems!'. At the very least frequency of such news got decreased ever since the leaks.
Why do you think the US was so concerned about buying gear from China? They just realized that since they're doing it, China is probably doing it as well.
I've noticed this before. They start sounding the trumpet about some dangers, after they already do them themselves - like when they said that cyber-attacks should be considered acts of war because they can put infrastructures in danger, basically months before they launched Stuxnet against Iran, or when they started warning about cyber-attacks putting banks in danger, and then we found out this year that NSA can access bank accounts and even modify them.
So next time when they warn about some other danger, I think we can assume they've already done it themselves to others. As for the "IP stealing" that they keep accusing China of, it may be true, but NSA probably steals information from other corporations more than anyone, since they have access to everything, and I'm not so sure China does, too. Most of the world's Internet traffic goes through US, and they have access to that, and as we've seen to the private networks of the world's largest service companies, too, like Google, Yahoo and so on. They also have access to most of Europe's data through UK/Sweden cables. China doesn't have any of this, and could only dream of such access.
I guess at this point, its fair to ask all those previous commenters who were telling us: "It just doesn't work like that.. We were in the dept of defense.. you guys don't understand" to comment..
That's a nice but naive sentiment. You can rest assured your hardware is similarly trojaned - whether it is your CPU, your Ethernet controller or your network switch. No, I do not have first hand knowledge about CPU trojaning by the NSA. But given everything else, I'd be surprised if they don't have access to the CPU itself.
What would the point be of intercepting shipments if the job is already done? Are you saying they are doing this work redundantly?
Also we don't know what percentage of shipments are intercepted. If this is the primary means of attack it seems a bit shy of "you can rest assured" that your hardware in particular is affected. (Or at this rate perhaps we can wait for the next revelation to show us. :P)
> What would the point be of intercepting shipments if the job is already done? Are you saying they are doing this work redundantly?
Have you ever seen a government job that wasn't redundant?
But seriously - if you want to make sure that what you are doing works, you have to use redundancies. Many of them, in fact.
> If this is the primary means of attack it seems a bit shy of "you can rest assured" that your hardware in particular is affected. (Or at this rate perhaps we can wait for the next revelation to show us.
I'm sure it is not the primary means of attack. Here's a hypothetical scenario: You work at Cisco or Intel, designing firmware / microcode. The NSA appears at your door with an NSL saying you can't disclose anything, not even to your boss - and a carrot: Get $200K to insert this backdoor into the new x86 / megarouter. And also a stick - if you don't comply, showing your wife all of the correspondence you have with your mistress (which they gleaned from earlier interception) or giving the DEA a recording of you asking your friend to bring some pot over.
You think that's crazy? Ladar Levison, Joseph Nacchio and Edward Snowden indicate that's business as usual. I have no knowledge of anything other than what I read in the guardian/hn etc -- but given all that is public, I'd be surprised if this scenario hasn't played out a few times. Or a few hundred times.
The consistently frustrating thing about all these 'revelations' is that the US government allegedly do it only for national security concerns where as other nations does it for corporate espionage.
Who says this? Any of the companies who have been lying to their customers? Any of the government agencies which have not explained anything about the NSA activities (not that they would know what is going on)? Any of the officials caught lying, one and again?
The US will not perform economic espionage as long as the US has a technological edge (which is probably not anymore the case in lots of areas).
Which brings us to an important observation: OCDE rules forbidding economic espionage are designed to keep the current technological status quo; any country is well advised to sign them to be accepted to the club, and immediately throw the rules to the garbage bin. Because we can be sure that any country capable of doing economic espionage has been doing it, is doing it, and will continue to do it, no matter the rules, no matter if they get caught, no matter the hypocrital public posturing of their leaders.
Those rules, and the whole "Intellectual Property" apparatus, is there for the suckers to respect them. The US, in particular, has never respected those rules.