back to article USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

US secretary of state Mike Pompeo has announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).” Pompeo’s announcement names the Communist Party …

  1. croc

    Cleaned from Chinese Intrusions? How about the TLAs of the USA and THEIR intrusions...

    Thank you so Veddy Veddy much Pompous Ahole... Personally I'll take the Chinese.

    1. macjules

      Re: Cleaned from Chinese Intrusions? How about the TLAs of the USA and THEIR intrusions...

      Or, as the late Benny Hill put it, "You stupid iriot"

    2. Anonymous Coward
      FAIL

      Re: Cleaned from Chinese Intrusions? How about the TLAs of the USA and THEIR intrusions...

      Not to mention "Chinese firms are compelled to and regularly share client data with government authorities." Just like American firms.

    3. TheMeerkat

      Re: Cleaned from Chinese Intrusions? How about the TLAs of the USA and THEIR intrusions...

      Well, yes, we see, you hate Trump.

      But one needs to be a complete idiot to think that Chinese Communist Party is a good thing.

      “Trump derangement syndrome” is definitely a psychological condition.

  2. Roger B

    Tencent could be interesting, they have so many fingers in gaming companies form fully owning Riot Games owner of League of Legends to a small share of Epic Games who make Fortnite, to partly owning the Clash of Clans company, they also own 1.6% of Warner Music and 10% of Spotify.

    All this because Trump has business loans with China in the 10's of millions, you'd think someone would look into this pretty closely, he would seem to be leveraging the power of the US government to reduce, delay, better negotiate his loan with the Bank of China, but as all branches of the government seem willing to bend to his will, he has free reign.

    1. Mongrel

      "Tencent could be interesting, they have so many fingers in gaming companies form fully owning Riot Games owner of League of Legends to a small share of Epic Games who make Fortnite, to partly owning the Clash of Clans company, they also own 1.6% of Warner Music and 10% of Spotify."

      Don't forget Discord

      1. Roger B

        And yes, of course Discord who Tencent have invested an undisclosed amount in.

        also, interesting to note that most of the comment here have plenty of upvotes, but 2 downvotes, conspiracy nut in me says someone pro Trump. Doesn't look like anyone actually made a positive post concerning the USA actions against the company though.

    2. Dimmer Bronze badge
      Coffee/keyboard

      Did not down vote but...

      "All this because Trump has business loans with China in the 10's of millions.."

      Please post sources. Something like "Joe Biden bragging about how he threatened to pull $1 billion in loan guarantees from Ukraine if it didn’t immediately fire Prosecutor General Viktor Shokin". I tend to sort of believe it when there is a video of him saying it.

      I like to be informed and there is a lot of BS from both sides out there, and it is on purpose to keep the "Us" or "Them" thing going. Divide, misdirect, half truths and I am not just talking about "Tump vs Biden" thing. Create a crisis if you want to hide something. Create mistrust if you want control. Divide and you shall conquer.

      So I did a test. Wife and I were coming up on our first wedding anniversary. She sleeps on the left, I on the right. I told her that her year was up in a few days and it is my turn for the left side. The closer to the day to change, the more she was upset (must be a big thing for women). On the day of change, I told her that I wanted her to decide what side of the bed she wanted. She thought that I was the greatest.

      Point was, I did not intend to change. I created a problem, just like the politicians, then came up with a solution and was the hero. The point I am trying to make is THEY (us or them again) create the issues for their own gain. When "us or them" talk this method fails. Don't blindly take someones word for it or state it as if it was fact without proving it to yourself first. I get more truthful information from the comment section that I get from the news. Keep it coming guys.

  3. Claverhouse Silver badge
    Devil

    Every last Chinese

    Infamy, Infamy, they've all got it in for me !

    1. Buttons

      Re: Every last Chinese

      What a Carry On!

      1. Danny 2

        Re: Every last Chinese

        "Infamy, infamy, they've all got it in for me" was actually written by Frank Muir and Dennis Norden for the 1950s radio show Take It From Here. Carry On Cleo stole it and never credited them.

        I'm not being pedantic, it seems relevant in the context of intellectual property theft.

        1. CrazyOldCatMan Silver badge

          Re: Every last Chinese

          I'm not being pedantic

          Nowt wrong with a little pedantry..

  4. Joe W Silver badge

    I thought this was more or less known to be the case?

    while at the same time allegedly using the NSA to compromise products from the likes of Cisco

    Yeah, I know, don't want to be sued for slander either...

    1. Julz

      Re: I thought this was more or less known to be the case?

      And don't forget the undersea (and other) wire tapping, the USA has been at it a long while. Don't know why but I'm always amused at the name of USS Halibut. Maybe from too much Tintin as a lad (yes, I know it's haddock...).

      https://en.wikipedia.org/wiki/USS_Halibut_(SSGN-587)

    2. happyBoy
      Pirate

      Re: I thought this was more or less known to be the case?

      In case someone is interested, I highly recommend "Blind Man's Bluff The Untold Story of American Submarine Espionage" for a read on this affair. Pirate, coz - well ships and subs and such with a pinch of skulduggery.

      1. Wellyboot Silver badge
        Thumb Up

        Re: I thought this was more or less known to be the case?

        Very good book! More than a 'pinch' of skulduggery.

    3. The obvious

      Re: don't want to be sued for slander either...

      You won’t be - slander only applies to speech. Libel however...

    4. JCitizen
      Go

      Re: I thought this was more or less known to be the case?

      You guys beat me to it on the sea cable spy mission. As an interesting side note - the mission data indicated the Russians were not as bellicose as the US thought they were; and it resulted in more peace talks with the Russians that resulted in very positive treaty initiatives. So for once, the skulduggery paid off in peace dividends!

  5. Anonymous Coward
    Anonymous Coward

    aggressive intrusions by malign actors

    s/the Chinese Communist Party/Donald Trump/g

    1. Snake Silver badge

      Re: aggressive intrusions by malign actors

      As an Amerikun, I personally see either one of these two possible futures for my country:

      1) this November, they vote The Donald out and things get back to normal

      2) this November, they vote The Donald back into office and they get what they deserve.

      You may note that I now hold these fools fellow Americans in high regards.

      1. Khaptain Silver badge

        Re: aggressive intrusions by malign actors

        Personally I am happy not to be an American as the choice of candidates is a bloody nightmare.

        An orange megalomaniac vs a pensioner with dementia....

        That's not what I would call a bright future whichever way you look at it..

        1. Adrian 4

          Re: aggressive intrusions by malign actors

          We have better choices here in the UK.

          But they still voted for Doris. So what's the point ?

          1. TheMeerkat

            Re: aggressive intrusions by malign actors

            You mean a far left Communist sympathiser who failed A levels?

        2. Snake Silver badge

          Re: 2 choices, megalomaniac vs dementia

          It's not a perfect system but it's the one we have.

          We have only two choices. Those who believe otherwise - I'll write in for [blank]! - are only being idiots, as any vote not specifically given in opposition of the party currently in power automatically goes to said party, thanks to the structure of the Electoral College and historical gerrymandering.

          Therefore we fundamentally have only two useful choices.

          And those who [continue to] vote for proto-authoritarianism, versus a possible bit of dementia, get EXACTLY what they deserve. Note that, to far too many, "freedom" means "I get what I want, everyone else get nothing at all".

        3. Anonymous Coward
          Anonymous Coward

          Re: aggressive intrusions by malign actors

          It's the orange megalomaniac who is the pensioner with dementia.

  6. A random security guy

    Why not clean routers, webcams, 'Smart locks', etc.

    We may want to add all the routers, webcams, other IoT devices which phone home to mother China. Even a smart lock I took apart called home to China. A lock.

    1. tip pc Silver badge

      Re: Why not clean routers, webcams, 'Smart locks', etc.

      Why did you have to take the lock apart to determine it phoned home to China?

      Surely logs on a router would show you that.

      1. A random security guy

        Re: Why not clean routers, webcams, 'Smart locks', etc.

        To get to the firmware, look for cryptographic materials, then execute an MITM to watch the traffic go by.

        This wasn’t just about connecting to a server, which as you rightfully point out, is easy to spot. The devices probably don’t have unique keys and they also use their serial number as the API Identifier.

        So it is a leaky spyware, waiting for other hackers to get all your data and unlock your doors as you can masquerade as another lock easily.

        Exhausted by such crap.

        1. Eclectic Man Silver badge

          Re: Why not clean routers, webcams, 'Smart locks', etc.

          Why shouldn't an electronic lock 'phone home' to China? After all, those of us in Europe with Garmin fitness watches recently found out that the data on our devices is held centrally by Garmin servers (not on our smartphones at all) and we, the users, have access to out own data only by the courtesy and goodwill of Garmin.

          Pompeo's PRC-free Internet is basically about trying to ensure that only USA companies can rip off, sorry value-add, customers by use of their personal data agglomeration.

          1. A random security guy

            Re: Why not clean routers, webcams, 'Smart locks', etc.

            Good point. The only difference I can see is that in the US There is a form of separation between the govt and the private industry. In China, they are the same.

            1. Yet Another Anonymous coward Silver badge

              Re: Why not clean routers, webcams, 'Smart locks', etc.

              In china the politicians owns industry, in the USA industry owns politicians

            2. Anonymous Coward
              Anonymous Coward

              Re: Why not clean routers, webcams, 'Smart locks', etc.

              " can see is that in the US There is a form of separation between the govt and the private industry"

              Ah yes, the US is separated between Trump (the govt) and Trump (private industry). Methinks you haven't been paying attention maybe?

              Or, as the other guy wrote: "in China the politicians own industry, in America industry owns the politicians."

            3. Cynic_999

              Re: Why not clean routers, webcams, 'Smart locks', etc.

              The separation in the USA is not nearly as great as you seem to believe.

        2. happyBoy

          Re: Why not clean routers, webcams, 'Smart locks', etc.

          Could you please share the brand of this lock as about to get one for some tinkering!

        3. Qumefox

          Re: Why not clean routers, webcams, 'Smart locks', etc.

          I don't even bother with that. The only IoT devices I have on my network, half a dozen cheap chinese IP cameras, are physically segregated on their own LAN with no internet connectivity whatsoever because them phoning home is guaranteed. So literally all they are allowed to communicate with is an interface on the zoneminder server which doesn't route packets, and nothing else, because that's all that's on that physical network.

    2. Cynic_999

      Re: Why not clean routers, webcams, 'Smart locks', etc.

      And you think similar devices made in USA don't do the same thing?

  7. sanmigueelbeer
    Coat

    Doh!

    C = Cisco

    L = Linksys

    E = Extreme

    A = Aruba/HPE

    N = Netgear

    Gotta hand it to Trump, he sure knows what he's doing.

    `tis not as if the replaced gear are not Made in China -- oh, wait.

  8. Mike 137 Silver badge

    A hard nut to crack?

    Since practically every piece of IT kit, regardless of where it's designed, is manufactured in China these days the task of "purging" will prove difficult unless it's merely a political token gesture.

    1. Version 1.0 Silver badge
      Meh

      Re: A hard nut to crack?

      So what phone is Trump using these days? I guess he's gone back to an old Nokia so no more posts on Twitter?

      1. A random security guy

        Re: A hard nut to crack?

        Whatever the Russians approve.

  9. xyz Silver badge

    China today...

    Tomorrow the world.. Ah, the good old United Internet of America.

  10. Steve Davies 3 Silver badge

    Missing words

    We will also work with foreign partners to ensure that undersea cables around the world aren’t similarly subject to compromise.

    Should that not be something like

    We will also work with foreign partners to ensure that undersea cables around the world aren’t similarly subject to compromise by anyone other than the NSA

    I guess that bit was [redacted]

  11. Anonymous Coward
    Anonymous Coward

    “Building a Clean fortress around our citizens’ data will ensure all of our nations’ security.”

    Yeah, while at the same time demanding backdoors in security kits ...

  12. Anonymous Coward
    Anonymous Coward

    Maybe call an end to offshoreing jobs too?

    1. Reg Reader 1

      YES! I find it interesting how products from other countries can be an issue for compromise yet there is no call for Corporation to bring jobs back. Weird eh? (ya, I'm Canadian)

  13. DS999 Silver badge
    FAIL

    But at the same time

    He thinks the US government should have a backdoor to the encryption in all smartphone apps. I'm sure the Chinese could never take advantage of that, if it is intended only for the FBI.

    1. Yet Another Anonymous coward Silver badge

      Re: But at the same time

      > if it is intended only for the FBI.

      And the DoD, DHS, ICE, TSA, the secret service, US marshals, federal protection service, and coastguard and every state and county local police.

      If you give each of 10,000 agencies their own unique secure 4 digit access code then you are perfectly secure.

      1. Cynic_999

        Re: But at the same time

        Because China does not have enough money to bribe any Western agency employee ...

        1. seven of five
          Joke

          Re: But at the same time

          Can even pay them in USD, got plenty of them.

        2. Anonymous Coward
          Anonymous Coward

          Re: But at the same time

          >Because China does not have enough money to bribe any Western agency employee ...

          How dare you sir. All 50,000 minimum-wage untrained TSA screeners are totally trustworthy

        3. Nick Ryan Silver badge

          Re: But at the same time

          Money? Apparently a chocolate bar is all it takes.

          1. Anonymous Coward
            Anonymous Coward

            Re: But at the same time

            Quoting a Hitman 2016 cutscene:

            "Money, pfff, not money Mr Falin. Information about all our assets and operatives, like you"

  14. Thomas Steven 1
    Coat

    Clean Path...

    This sounds like part of somebody's jobs list for the weekend has escaped onto a work document. Time to fire the intern!

    1. Gary Stewart

      Re: Clean Path...

      I hear they intend to send somebody to California with a rake, obviously one that is not made in China.

    2. Dvon of Edzore
      Paris Hilton

      Re: Clean Path...

      Or something too technical for the soundbite-obsessed media - BGP hijacking. Why tap a physical cable when you can route data intended for Brussels through China Telecom?

      https://www.ciscozine.com/bgp-route-leak-european-traffic-china/

      1. happyBoy

        Re: Clean Path...

        This is no different from any major node / PoP either being poorly configured or deliberately used for redirecting / copying traffic. Difference in the Physical cable world compared to most other IP based method is almost guaranteed invisibility of any tap being done. BGP et all leave a trail.

  15. Chris G

    While he is worrying about other people's human rights record, perhaps Mr Pompeo could consider addressing the 49 million food insecure homes in the US (that means they are too poor to eat well Mr Pompeo) or the 16.1 million US children living in poverty. Then there are the hundreds of thousands of Americans used for slave labour in privately owned and run American prisons.

    Then of course there are countries like Iraq, Libya Afghanistan etc where thousands of civilians have died in the interest of US politics,......

    1. IGotOut Silver badge

      Shush...

      You'll be mentioning Saudi Arabia next....or even Turkey.

    2. Cynic_999

      And how about human rights for those held indefinitely without trial and regularly tortured in Gitmo etc.?

    3. Anonymous Coward
      Anonymous Coward

      And the human rights of all those poor suckers that died of Covid in the U$A.

  16. james 68

    I seem to recall that Apple's devices are made by foxconn, a known human rights abuser and part state owned/controlled, in China. Curious as to when they'll be banned and wether or not the republican party and Trump could even survive trying to ban them (I envision Washington taking on a striking resemblance to a Romero movie, with the government barricaded in the white house surrounded by black turtleneck wearing zombies).

    1. IGotOut Silver badge

      "and part state owned/controlled, in China. "

      Wrong China.

      1. Yet Another Anonymous coward Silver badge

        Although the HQ is in the right China, the silicon is in the wrong China

      2. james 68

        The majority of Foxconn factories are in mainland China, bankrolled, part controlled and protected against human rights investigation by the PRC. You can bet your ass that all data and designs that flow from the headquarters in Taiwan to the factories in china do so via the PRC.

        Wrong China? Show me how I'm wrong. IF you can.

  17. DrewWyatt

    Clean Apps

    To my sceptical eyes, point 3, Clean Apps, looks like a call for every American (and foreign) company to remove all their apps from the Huawei store, on pain of upsetting the Government.

    It looks like as blocking access to the Google app store didn't stop Huawei selling phones outside China, the plan is to bully everyone they can to pull their apps from the Huawei app store to make the phones less appealing.

    I can see the follow up to this one will be "If you are in the Huawei app store, you won't be allowed to be in Google or Apple app stores. Make a choice between CCP and Freedom!"

    1. Steve Davies 3 Silver badge

      Re: app free stores

      But... while Android allows side-loading then there really isn't much point is there?

  18. Duncan Macdonald
    Happy

    Short lived policy

    If the current US Presidential polls are anything like correct then Trump will lose the 2020 election by a landslide. So in Jan 2021 Trump, his cabinet and most of his policies will be kicked out. (According to the FT, currently 308 to 128 in the Electoral College - see https://ig.ft.com/us-election-2020/ )

    I hope the polls are correct.

    1. Anonymous Coward
      Anonymous Coward

      Re: Short lived policy

      I fear that Trump will do everything in his power (and beyond) to make sure that he, and only he is declared the winner in November. If that means making sure that whole states (espe those with large numbers of electorial college votes) have their entire vote disqualified for some nebulous reason, then I would not put it past him and his 'people' to 'make it so' under threat or hearing 'your're fired' from one of his minions.

      There is a lot of water to flow under a few million bridges before we can be sure that he's not only gone from the White House but (hopefully) straight into an orange jumpsuit and a thence to supermax for the rest of his life.

      1. Yet Another Anonymous coward Silver badge

        Re: Short lived policy

        It's election time, claiming that millions of Mexican rapists are heading for the border isn't going to work again - anyway they have his wall to protect them.

        So the message is: the dems want health care so they're communist, I'm fighting communism.

        In a way we're lucky, most Republicans this far behind would have invaded somewhere

        1. Just An Engineer

          Re: Short lived policy

          Be careful and don't give them any ideas. There are still 90 + days till election day.

        2. Mike Moyle

          Re: Short lived policy

          "In a way we're lucky, most Republicans this far behind would have invaded somewhere"

          They are. Only this time, instead of sending troops to invade some other country, they're sending them to states and cities with Democratic administrations - vis. Portland, Oregon. They escalate mostly-peaceful protests into armed (on their part) conflicts and make sure that there's plenty of nice red meat for the 24-hour news feeds (and their party's base) in the two blocks that get the coverage, while ignoring that -- for the majority of the time in the vast majority of the city -- people go about their business undisturbed by the protesters.

          It's quicker and cheaper than sending troops overseas and there are no embarrassing body bags to fly home afterwards, but you still get the "Amurrican troops defending Freedumb!" effect.

          1. Anonymous Coward
            Anonymous Coward

            Re: Short lived policy

            -Freedump- Freedumb . It is what it is.

        3. Anonymous Coward
          Anonymous Coward

          Re: Short lived policy

          Easy. Covid state of emergency constitution suspended.

      2. Anonymous Coward
        Anonymous Coward

        Re: Short lived policy

        I hope that there will be some sort of thing that prevents the ............. ( I cannot find a bad word worthy to name .........) from fleeing the states after the election.

    2. DS999 Silver badge

      Re: Short lived policy

      Don't hold your breath for Trump getting defeated causing US policy towards China to do a 180. Biden would be more traditional and not negotiate via bluster and twitter, but there are some legitimate issues buried under Trump's psychopathic ravings about "Jina".

  19. chivo243 Silver badge
    Childcatcher

    Still kicking the Chinese

    Just with a different boot than the trade charade boot. Now it's under the bullet proof, national security shoe.

    1. IGotOut Silver badge

      Re: Still kicking the Chinese

      I thought it was because they smoked opium and corrupted white women...am I a bit behind the times?

      1. TheInstigator Bronze badge

        Re: Still kicking the Chinese

        I wish I could corrupt some white women - haven't had any for ages! Alas they're not that stupid

  20. Tomislav

    FTFY

    US secretary of state Mike Pompeo European Data Protection Supervisor announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP) US of A”.

  21. Anonymous Coward
    Anonymous Coward

    Doesn't the US have a huge debt with China?

    What happens when China finally gets really p***ed off with all of this and calls it in?

    I guess that will be solved by "we won't pay up because xxx".

    1. poohbear

      Re: Doesn't the US have a huge debt with China?

      We won't pay because we have more bombs than you.

      1. John Robson Silver badge

        Re: Doesn't the US have a huge debt with China?

        Are you sure - really sure... really, really sure.

        Do you even care how many bombs you have if the "other" party has more than none...

        1. seven of five

          Re: Doesn't the US have a huge debt with China?

          No bomb needed. Just stop shipping shiny iToys and watch the show. China can do (much!) longer without the US than the other way round.

          1. jelabarre59

            Re: Doesn't the US have a huge debt with China?

            No bomb needed. Just stop shipping shiny iToys and watch the show.

            Actually, I'd like that. It would make the obnoxious SJWs go into epileptic fits, and they'd finally shut the fuck up.

            1. Anonymous Coward
              Anonymous Coward

              the obnoxious SJWs

              So Trump is a SJW ??

          2. Anonymous Coward
            Anonymous Coward

            Re: Doesn't the US have a huge debt with China?

            as someone that has been boycotting made in china for 30 years, all I can say is you don't know Poo.

      2. Phones Sheridan Silver badge

        Re: Doesn't the US have a huge debt with China?

        Reminds me of a a joke I read somewhere. USA and China go to war, the Americans lose 1,000 troops, China loses 50,000. Shortly after they go to war again; and again the USA loses 1,000 troops and China loses 50,000. This happens again and again and again many times. Finally President USA rings up President China, “Look at your death toll it’s 50 times ours”, “That’s not a problem” says president China, “we can keep fighting till you run out of troops”.

    2. EvilDrSmith Silver badge

      Re: Doesn't the US have a huge debt with China?

      The US defaults.

      Everyone around the world sniggers at the US, then realises how integrated their economies are to the US's, and that collapsing the US economy would be bad for them too, and so carries on lending the US money (at a marginally higher interest rate).

      The US now has a much lower debt, since it's effectively renegade on what it owed to China.

      China now has no 'money owed by USA' in it's accounts, so looks to be less wealthy.

      China's actions are seen to be political so countries all round the world start questioning how beholden they are to China (since unlike the USA, they are not 'too big to failure' and if they are forced to default, it will actually hurt them).

      So China loses wealth and influence, and the US carries on largely as it did before.

      Hence it seems very unlikely China is going to call in the US debt to China any time in the foreseeable future.

      1. TheInstigator Bronze badge

        Re: Doesn't the US have a huge debt with China?

        Countries will go to war before this happens

  22. Enger

    1) Given much of the world's silicon comes from the Asian rim (outside of stringent oversight), how do we stop the silicon from being modified? It IS possible to strip-down and examine silicon with microscopes and miniature probes, but that is very time consuming. And if only a sub-set of silicon foundry output is "modified", repeated spot-checking of silicon with microscopes and probes could be very very labor intensive (and expensive).

    2) While no one is delighted with the prospect of having Chinese (or Russian or any) security service crawling up our ass, given the revelations of Snowden and others, foreign intelligence services would need so share space with the NSA (and 5-eyes partners), which are already way way up our ass, monitoring every aspect of our lives. (On the bright side: no need to submit to a colonoscopy any more - your doctor can order a set of pictures from the NSA.)

    1. Julz
      Black Helicopters

      Back in the day when I had something to do with performance testing the silicone in ICL mainframes, there where 'additions' to the logic that I was told, in no uncertain terms (sackable offense), not to look at. This was not the license logic, which was also another not quite so no go area, but extra logic that did who knows what (I followed the advice not to look) but ran all of the time, was network aware and used up a small but measurable amount of a CPU (which is why I found it in the first place). I would suggest that you should assume that all current silicone is similarly compromised.

      1. Spanners Silver badge
        Alert

        @Julz

        ...assume that all current silicone is similarly compromised.

        Now that is more worrying! Are you insinuating that all our plastic surgeons are agents of the CCP?

        1. Anonymous Coward
          Anonymous Coward

          Re: @Julz

          Are you insinuating that all our plastic surgeons are agents of the CCP?

          Does this mean that the infamous term 'Bulgarian airbags' should in fact be 'Chinese airbags'? Curious minds need to know...

        2. Munchausen's proxy
          Pint

          Re: @Julz

          Judging by results proudly displayed on social media, some of them seem to be agents of Zeta Reticuli.

          1. jelabarre59

            Re: @Julz

            Judging by results proudly displayed on social media, some of them seem to be agents of Zeta Reticuli.

            I think the term you're looking for is "Zettai Ryouiki".

      2. tekHedd

        I've heard similar stories from engineers going back to the days of mainframes and core memory. MiB's show up (or call or contact a manager) and say "you will use *this* algorithm in this piece of core system code," and then disappear again. Not second-hand stories either... once you hear enough of them you stop questioning whether it's happening and just assume everything is backdoored.

        Some of the bigger players talk a good privacy game, but nobody says "no" to The Man.

      3. Julz

        The ever present danger of spell checkers combined with dislexia ;(

    2. A random security guy

      The best attacks are simple: bias the TRNG. ECC private keys are just random numbers with a test.

  23. Branko

    That's just a begining. Soon they are about to introduce something like this in EU:

    https://www.reddit.com/r/linux/comments/hzxc5m/proposed_eu_regulation_could_put_an_end_to_custom/

    This is just about preparing the terrain for incoming unrests that are to come with USD crash.

    They have to be able to run the country as an open prison.

  24. Pascal Monett Silver badge
    Big Brother

    "pervasive state surveillance, represent a threat to human rights"

    Yes indeed.

    You hear that, NSA ?

    This is all just so much bull. Hey Pompeo, you know what ? Every single other country out there can have Huawei equipment. You wanna be secure ? Cut off all international calls. And shut down all routers that allow Internet connection from abroad. And don't forget to make your lovely little wall, but make it around the entire country. And close the ports, those foreign boats could be bringing in lethal viruses. And shut down international airports, they bring foreign terrorists.

    Just wall yourselves in and you'll be nice and safe. Safe to go mad, it seems.

    1. Anonymous Coward
      Anonymous Coward

      Is this all taking the US back in time?

      It was very isolationist before WWII, which caused it a lot of damage.

    2. Anonymous Coward
      Anonymous Coward

      Re: "pervasive state surveillance, represent a threat to human rights"

      We know where this leads, at least those of us who have read Image Comics' "Undiscovered Country" do... so far, at least. It starts with an external team running a recon mission 'over the wall' *into* the USA, which has isolated itself completely for years. High-jinx ensue.

  25. Anonymous Coward
    Anonymous Coward

    USA "Clean" network.

    Censorship and control that China could only dream of.

  26. G2
    Black Helicopters

    R.I.P. Synology

    Synology is most likely also targeted by this because you are forced to agree to their EULA before being able to use their NAS devices... and that EULA says, among other things:

    --- Section 7. Audit. Synology will have the right to audit your compliance with the terms of this EULA. You agree to grant Synology a right to access to your facilities, equipment, books, records and documents and to otherwise reasonably cooperate with Synology in order to facilitate any such audit by Synology or its agent authorized by Synology.---

    yep... that includes EVERYTHING, including data that is not even stored on a Synology NAS and highly classified data that's stored on other devices.

    They are able to use their product firmware (which is an "agent authorized by Synology" in this case) as a data exfiltration tool.

    --- Section 15. Termination. Without prejudice to any other rights, Synology may terminate this EULA if you do not abide by the terms and conditions contained herein. In such event, you must cease use of the Software and destroy all copies of the Software and all of its component parts. ---

    surprise: your data that's stored on the NAS is a "component part" of that NAS. They can terminate the functions of the NAS if you block the "audits" conducted by their firmware and your data is "terminated" too.

    1. Hubert Cumberdale Silver badge

      Re: R.I.P. Synology

      Wow. I haven't had a Synology product for years, but they would've been my go-to for a NAS, because I've found them to be great in the past. But I think if I need a NAS in future, I might just be using a stripped-down Linux box instead...

    2. Graham 32

      Re: R.I.P. Synology

      Synology are Taiwanese. (ROC not PRC)

      1. G2

        Re: R.I.P. Synology

        quote:

        Synology are Taiwanese. (ROC not PRC)

        /quote

        but that still doesn't explain why they have such a wide-reaching section 7 in their EULA. They designed it so that any government body (or contractor) that handles sensitive (HIPAA) or even classified data (e.g. the various US Senate commisions, if not even those 3-letter-agencies) have already agreed in writing to a contract that basically says they can access and send overseas whatever data they want, whenever they want.

        1. Yet Another Anonymous coward Silver badge

          Re: R.I.P. Synology

          The EULA on my software says that if I show up at your house you have to bake me chocolate muffins and let me pet your dog - doesn't mean it's enforceable

        2. Wellyboot Silver badge

          Re: R.I.P. Synology

          Because everyone in the business uses similar boilerplate, has anyone ever seen Synology actually do a customer audit?

          I've long been of the opinion they're quite hot on security patching (due to being ROC based) and are unlikely to incorporate sneaky stuff that others (with state level funding) will find eventually. Plus they're on a very short list of consumer kit makers that are still providing updates to decade old boxes.

        3. Graham 32

          Re: R.I.P. Synology

          but that still doesn't explain ...

          But that doesn't explain why you chose this story to make the comment. Easy mistake to make. They are Chinese (I assume syno is meant to be like sino) just not the same Chinese.

    3. Anonymous Coward
      Anonymous Coward

      Re: R.I.P. Synology

      Good luck trying to enforce that on a consumer within the EU.

      1. G2

        Re: R.I.P. Synology

        Unfortunately, in Europe companies are not consumers and are not protected by consumer protection laws at all. Only some natural persons can be considered "consumers", but not all.

        https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02011L0083-20180701

        quote: For the purpose of this Directive, the following definitions shall apply:

        (1) ‘consumer’ means any natural person who, in contracts covered by this Directive, is acting for purposes which are outside his trade, business, craft or profession; /quote

        This is why you can still see warranties of only 1 month or 90 days or so for some brand new products - those are never sold to consumers, only to other companies.

        e.g. Allied Telesis: the default warranty for all their rackable switches sold in Europe is only 90 days. If you want longer warranty or even firmware updates then you must pay a subscription (NetCover) and renew that anually. If the subscription lapses then so does the warranty and you are not allowed to renew an expired subscription. Out of warranty devices are generally not allowed to receive firmware updates - unless it's a really bad bug with eye-bleeding CVE ratings and they already have developed some sort of a fix.

  27. Cuddles

    Ha!

    "Google... are already reasonably vigilant about what lands in their app stores."

    I needed a good laugh today.

    1. Chris G

      Re: Ha!

      Considering the number of articles in these pages in recent times, reporting on criticism of Google for not exercising enough vigilance on the Play Store content, I assumed the author of the piece had his tongue firmly in his cheek as he wrote.

  28. Anonymous Coward
    Anonymous Coward

    Pompeo

    Like his boss Donny, thick as a short plank

    1. Anonymous Coward
      Anonymous Coward

      Re: Pompeo

      Makes pigshit look like water.

  29. Anonymous Coward
    Anonymous Coward

    US apps are clean - ha ha ha

    Data gathering apps, full of misinformation and lies:

    Facebook - US

    Google - US

    Instagram - US

    Microsoft - US

    Amazon - US

    No-one should be fooled that US products are secure, private or safe.

    1. Anonymous Coward
      Anonymous Coward

      Re: US apps are clean - ha ha ha

      I know that.

      You know that.

      J. Random Luser, on the other hand ....

    2. Anonymous Coward
      Anonymous Coward

      Re: US apps are clean - ha ha ha

      Those may have started in the US, but are absolutely international corporations that have moved elsewhere to avoid laws they don't like. Like many big companies do.

      Please tell me, what app makers do you trust?

      Personally I have 0 trust in any apps.

  30. Potemkine! Silver badge

    Protectionism 2.0

    I'm not sure it's a good news for US companies. Expect China to develop all the hardware to get rid of US pieces, CPU included. First the US companies will lost the chinese market, then the chinese HW will compete against US one worldwide with aggressive prices. Looking at the smartphone market is a good example of what could happen in any other IT related market.

  31. Anonymous Coward
    Anonymous Coward

    Its the

    sheer hypocrisy that takes my breath away. How do they manage to keep a straight face?

    Cheers… Ishy

    1. Robert Grant

      Re: Its the

      It's not exactly hypocrisy, just (rightly or wrongly) protecting US interests. Who'd say "Nation A declared war on nation B! How hypocritical not to declare war on themselves as well"?

      1. Anonymous Coward
        Anonymous Coward

        Re: Its the

        It is hypocrisy. Protecting U$ interests has always been.

  32. steviebuk Silver badge

    Get your own house in order also

    The amount of issues with security with American made devices and software is just as bad. Although was quite some years ago now, I reported to Twitter about their account issues. Upon attempting to rest your password it would frequently push you to the http version of said site. I was ignored. Wasn't until a security researcher contacted them with the same info after having found my video of it, that they bother to acknowledge it. To him, they still ignored me.

  33. Fruit and Nutcase Silver badge
    Joke

    Data Cleanse?

    Perhaps the local "Chinese Laundry" can help

  34. Version 1.0 Silver badge
    Joke

    No more Chinese, it's OK.

    I'm sticking with Sushi, Aloo Gobi and an occasional Veggie Biryani in future.

  35. and I

    Failure to compete

    This just looks like using 'national security' as a means of bashing the competition because they cannot be seen to fail to compete. If Huawei has all of these links to the government why have they never published any of them... oh national security? Now TikTok is for it because teenagers upset the presidents rally... national security? Now every other tech company from China?

    I just wonder are they protecting the tech industry from competition because they are afraid a socialist country was doing better or some tech companies lobbied hard enough or is their own spy system afraid of losing an inside view into Europes networks? I'm not sure which it is but the 'if we showed you the evidence we'd have to shoot you' line is a bit thin on this.

    Look out any European company that starts to make headwinds in the tech infrastructure field!

    1. Bruce Ordway

      Re: Failure to compete

      I'm reminded of China deciding to go on their own back in the days of CDMA.

      https://www.informationweek.com/china-seeks-to-develop-its-own-high-tech-standards/d/d-id/1025306

      At the time I kind of liked the sound of them switching over to the market economy, building their own stuff, competing, opening up in general and getting more like the west.

      Unfortunately (if you can believe the news) instead of building a lot of their own, they stole a lot along the way. Intellectual property, licensing.. pfff?

      So I wouldn't be surprised if you are correct, that these latest developments really have more to do with business and getting even, rather than with security?

      1. Nick Ryan Silver badge

        Re: Failure to compete

        Yep. For the last couple of decades or longer it has been obvious to anyone with half a brain the sending all the production for high technology devices to anywhere, China in this case, will mean that the locals will gain knowledge and experience of this. Call this corporate espionage or a necessity to be able to even vaguely sensibly support the production, it happens - and there's no reason that it can't be both. This has been common knowledge but for such a long time that it's still amazing that there's suprise expressed about it.

        Also, guess what? The average Chinese person is just as smart as the average Westerner. They aren't knuckle dragging rice paddy botherers as they are often portrayed in Western media. Their scientists and engineers are just as bright as the West's. In some ways, given the dumbing down of education in some countries, they are likely to be more highty educated. What they may lack is decades of experience, however that comes with time. So when Chinese, or other non-Western, based organisations start patenting what will be considered vital technology and using the West's proctionism against itself, don't be surprised.

        As for Chinese organisations answering to their government? No real difference to other countries, but when we see others doing this it's considered bad and undemocratic.

    2. IGotOut Silver badge

      Re: Failure to compete

      "Look out any European company that starts to make headwinds in the tech infrastructure field!"

      Just look at the steel tarrifs. They UK mainly exported EXPENSIVE high grade steel to the US. They still couldn't comptete, despite lower wages , lower energy costs, lower land costs...so lets hit them with tarrifs to push prices even higher.

  36. Cynic_999

    From where is the greatest danger?

    As an ordinary person, I am far more at risk from the actions of my own government than those of a foreign government. So if I have to have personal data spied on, I'd prefer it to be China (which is unlikely to use it against me as an individual) than my own government (who are a lot more likely to use it against me).

    "Your phone reported that it was at location X at 11:45 and location Y at 12:28. Your car reported that it was at the same locations at the same times, and that only the driver's seat was reporting being occupied. CCTV at 12:30 shows that it was you who was carrying the phone. Speeding ticket enclosed."

  37. Cynic_999

    Human Rights

    "China’s values, which today include pervasive state surveillance, represent a threat to human rights."

    Does China have greater surveillance of its citizens than the USA? I very much doubt that it does overall. Far more Chinese citizens live in extremely rural areas where there is no CCTV, just for starters. And a far lower percentage of the population has formal employment, bank accounts, cars, shop using cards and many other areas in which the state can keep constant records of what they are doing.

    If the UK state wants to know your whereabouts on a particular time & date a decade ago, it is likely to be reasonably easy for it to find out. Debit or credit card spend before and after the time in question, the cell tower that logged your phone at that time, ANPR records. Etc. etc. For a peasant farmer in China, not so much.

    1. Anonymous Coward
      Anonymous Coward

      Re: Human Rights

      "Does China have greater surveillance of its citizens than the USA"

      As said in multiple stories on the Reg, yes, by a million paper cuts. Starts off with all phones are required to have (for lack of a better word) Big brother apps, they monitor everything you type. And people get locked up for anything that offends the big brother.

      In the US, you can say anything you want. I think UK peeps have similar rights. It is "not" a global thing. We are privileged (this includes most people that can read this)

    2. doublelayer Silver badge

      Re: Human Rights

      "Does China have greater surveillance of its citizens than the USA? I very much doubt that it does overall."

      You may think this, but that is incorrect. China really cares about surveillance, and they have it in spades. They have software to track communications over phone or internet. Software to monitor movements using vehicles, and increasingly pervasive camera surveillance with some of the best facial recognition technology. But these only cover the cities, right? Wrong. They cover a lot of the area, and they link people based on any metrics they need. When they decided to repress a group that was annoying them, they rapidly expanded their surveillance to cover the Xinjiang province and areas near it in other provinces. But you had another point to make:

      "Far more Chinese citizens live in extremely rural areas where there is no CCTV, just for starters."

      Nope. Those areas are indeed poor, without many of the nice conveniences for life which also make surveillance easier. Want to know what they still have? They have cameras. There's another reason for this. China has had a long history of trying to keep tabs on their population. Going back to the 1950s, it was critical to know who was doing what. Back then, cameras weren't really an option, but a strict hierarchy of power and responsibility was. China built that. Now, they can use technology to support it, but they still have that hierarchy. Part of that is responsibility to watch people for certain activities and know things about them. It's inefficient, but it works.

      Countries like ours are dangerously willing to surveil us. They have powers that we need to curtail. They have been taking advantage of anything they can think of to increase their capacity. But we can still do things that China has prevented. A lot of the reason for that is that our countries don't use their surveillance powers against us very often. China is better at it because they use it all the time, while our countries may have the capability but by leaving it unused they don't have as much ongoing data.

      Our governments may be interested in ideas like a social credit score, automatic checkpoints requiring constant confirmation of a person's identity and status, or elimination of encryption, but it is China that has already successfully implemented them.

  38. Paul Hovnanian Silver badge

    This should be fun

    After ripping out all the Chinese bits of my networking and comms gear, I went to search for replacements. It turns out that even my string and tin cans are Chinese.

  39. Ashentaine

    Nothing will probably come of this

    If Trump loses the election, all these anti-China policies will either be swept out with him or buried under legislation to the point of being stalled indefinitely.

    If Trump wins the election, he'll say that he miraculously convinced China to "play nice" a month later and that they'll be allowed to continue as normal.

    Unless there's an actual timeline set for putting any of this plan into action, then odds are it's just the typical jingoistic pandering that happens at the tail end of every American election cycle, except this time it's focused on a specific country instead of the nebulous "foreigners taking our jobs".

  40. Claptrap314 Silver badge

    Too little, too late?

    If someone says that you are their enemy, believe them.

    The Chinese have been pushing an aggressive anti-American rhetoric for decades. I was alarmed by what they were saying in the late 80s. Given that the Chinese lack the concept of human rights as we have it in the West, their party congresses have often stated that it is the duty of every citizen to aid in the "struggle". Every citizen.

    But supply line vulnerability is near-total. The size of the blobs in firmware make it intractable to figure out everything that is happening at a low level

    None of the above suggests that the US government is not aggressively engaging in its own espionage. It has been since president Wilson left office, at least. As it must. Which is completely irrelevant to the decisions it should make regarding the behaviors of the Chinese government.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too little, too late?

      Guitanimo, federal agents in Portland, an out of control police state, millions without health cover, legalised bribary in government.... As the least free, and least democratic country in the western world, the USA can hardly bang on about human rights.

      1. Claptrap314 Silver badge

        Re: Too little, too late?

        You really want to compare the US and China on human rights. Okay... How many are at Gitmo? How many are in Xinjang? How does one end up in Gitmo? How does one avoid the abuses in Xinjang? Does the US assign your wife a husband if you go to Gitmo? Do we perform live donor organ transplants?

        I do not consider the US record on human rights to be that great--according to our ever-escalating standards. But the concept of individual rights does not even exist in China.

        1. Anonymous Coward
          Anonymous Coward

          Re: Too little, too late?

          I wasn't comparing, I said the USA isn't one to talk. "Our human rights are crap, but yours are worse" is hardly a good moral standpoint. The hypocrisy is still real.

          And in case you're unsure, I agree with you that they are far far worse than us.

    2. martinusher Silver badge

      Re: Too little, too late?

      >The size of the blobs in firmware make it intractable to figure out everything that is happening at a low level

      Its straightforward enough. You just observe the action at the interfaces. We've got a huge intelligence establishment that's more than adequately resourced that can monitor traffic -- actually it does already do that so let's get it to do something userful for a change (and while they're about it they should be able to pinpoint Spam and malware sources).

      You can always tell people who don't know what they're talknig about because they resort to mystification.

      1. Claptrap314 Silver badge

        Re: Too little, too late?

        And how do you detect the code that has a car perform differently when its being tested than when it's on the road? Even something as trivial as that is no mean feat to track down. There can be (and generally will be) any number of guards to limit when the "bad" code activates. Assume the attackers are smart, not stupid.

  41. Adrian 4

    News ?

    Is US banning $chinese_thing still a newsworthy event ?

  42. Anonymous Coward
    Anonymous Coward

    The things they should "clean" first:

    Clean Water - And it's not just flint.

    Clean air / environment IRIP EPA)

    Oh, and congratulations, Trump administration. You've got me sympathetic to China.

  43. Androgynous Cow Herd

    I'm glad we are protected for the Communist party...

    Now, can someone please save us from the Republican Party?

  44. martinusher Silver badge

    Administration officials are just living in the past

    The current US administration is particualrly dysfunctional, its living in a sort of 1950s dream world (a bit like large chunks of the UK who still think its 1940). As a result they're unable to craft any coherent policies, they just fall back on Cold War rhetoric and methods and hope that this will somehow Make America Great Again. They're doomed to fail.

    The problem can be illustrated by their continual tilting at Huawei. Back in the 1950s the unchallenged leader in communications research and associated fields like semiconductors was Bell Labs. They, along with their manufacturing arm, Western Electric, pretty much set the standard for global communications. Today this legacy is very much a museum piece (literally in the case of Bell Labs), having been sliced, diced and generally chewed up in the search for stored value to be monetized. We don't need this type of national R&D effort, think the money people, we can more efficiently get the equipment made overseas and focus entirely on selling service. This mindset unwittingly handed the Bell Labs crown to whoever was prepared to put the legwork into aquiring it, and it could be said that Huawei is the logical successor to Bell Labs if their reach and workforce is anything to go by. They produce an ever widening range of quality products, products that make America's best look antiquated and overpriced, and they're still gathering momentum. Trying to stop this by rebuilding the Iron Curtain just won't work -- we'll wall ourselves in, not the Chinese out. We have to recognize that we've gone off on a road to nowhere and be prepared to invest the time and resources to Build Back Better (to borrow what appears to be the Democrat's campaign slogan). We have to recognize that we've screwed up and start fixing it.

    The UK's in the same boat. Past glories don't cut much ice in the today's world. It might have been fashionable to smirk at the Germans' focus on "old economy manufacturing" but I fear they're getting the last laugh. So find something you're good at and focus (but not --PLEASE -- 'fintech'!).

  45. John_3_16
    Mushroom

    Russia still okay?

    Guess my Kaspersky AV is still safe. For now... What a putz.. Him & all his puppets. It is not other governments we need fear. The one right here could only be helped by being burnt to the ground & built completely new. Oh, wait. God has this planned in the End Times...

  46. aqk
    Facepalm

    CLEAN FOR GENE (old 1960s concept)

    "Clean Path" - that has not been explained

    It's quite simple- The interweb is a series of pipes and tubes, all interconnected. You just have to make sure that no saltwater leaks into, or Chinese frogmen tamper with one of our undersea tubes.

    Myself? Thank goodness I bought a cheap Xiaomi Redme Pro-9 from AliExpress! None of that nasty Chinese stuff for me!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like