Re: Trust?
@tom dial - "Stipulating that equipment shipped from the US might be subject to interception and modification, the same certainly is true of similar equipment shipped from non-US addresses. (...) On the other hand, interception and modification by a government agency in the receiving country also would be a possibility, one not under the control of either sender or receiver, and that is not one about which either has a choice."
My own government could simply arrest me and grill me in the police station in order to find out whatever they want to know. They''re also unlikely to engage in economic espionage which will hurt their own economy. Foreign countries such as the US on the other hand can't simply send the police around, nor do they have any problems with engaging in economic espionage (e.g. against Airbus as was discovered in an EU investigation as long ago as the 1990s).
You could say "well, Russia and China could theoretically do the same". Sure, but that's the whole point, US kit is no more trustworthy than Chinese kit. Back doors in Chinese kit may at present be a theoretical possibility, but we know that US kit is being back-doored on a mass scale. If people just continue to stick their heads in the sand over US kit, then they may as well just set their root passwords to "passw0rd" and be done with it.
The solution is to trust no single outside party. That means making everything as open as possible, which provides fewer corners to hid back doors in.