X

Connect (X)

Search Results for: backdoors

Ajit Pai: Why the FCC Calls Huawei, ZTE, National Security Threats

By Don Bishop, executive editor, associate publisher, AGL Magazine

FCC Chairman Ajit Pai on the June 30 Lou Dobbs Tonight Fox Business program.

When the FCC announced its decision on June 30 to make final its designation of Huawei and ZTE as national security threats, information the agency released did not include a separate comment from its chairman, Ajit Pai. However, Pai appeared on the Fox Business channel’s program, Lou Dobbs Tonight, that night, and elaborated upon the FCC’s decision.

“Unlike in Communist China, we have the rule of law in this country,” Pai said. “In November 2019, the FCC proposed to ban the use of FCC funding being used by telecom carriers here in the United States on problematic equipment or services coming from carriers like Huawei and ZTE.  We initially proposed to designate Huawei and ZTE as national security threats, but we allowed everyone to make their case.”

In the proceeding, the chairman said, the FCC heard from the executive branch, Congress, other stakeholders, Huawei and ZTE. He said the overwhelming weight of the evidence suggested that Huawei and ZTE would be national security threats, which is why the FCC moved forward with a firm designation to that effect. Thus, as of July 1, U.S. telecom carriers are not allowed to use Universal Service Fund monies on equipment or services from the two companies.

Pai said that the FCC is looking at the overall security of U.S. communications networks. He said that during 2019, the agency began discussions whether to extend the prohibition to include telecom network use of equipment or services even if the FCC does not fund them. He said the FCC has been working with Congress on so-called rip-and-replace legislation to finance the removal of problematic equipment. In the chairman’s view, the bottom line is that no matter what company it is, no matter what country that company is located in, if it is compromising the security of the United States’ communications networks, it is not allowable.

“What we found was that these two companies, Huawei and ZTE, had ties to the Chinese Communist Party and ties to the Chinese military apparatus — the People’s Liberation Army,” Pai said. “In addition, they are obligated under Chinese law: If they get a request from the Chinese secret police intelligence services, they must comply with it, and they are prohibited from disclosing the fact of that request to any of their customers.”

Especially with small rural telecom carriers, Pai said, it is not a risk the FCC believes is worth taking — a risk that he said could allow installation of backdoors, infection of the network with malware and the theft of intellectual property. He said the risks are not worth taking in the United States or elsewhere in the world.

“Based on my personal conversations with some of my foreign counterparts, we have gotten a good response from many of our allies throughout the world,” Paid said. “I talked with folks from South America, Europe and Asia. Those conversations are starting to have traction. Recently, Singapore, for example, took a step with one of its major carriers to limit Huawei’s installation of 5G equipment. The Indian government banned 59 Chinese-based mobile apps, including companies like Tik Tok, from their networks altogether.”

There is a growing recognition around the world, Paid said, that the Chinese Communist Party presents a unique threat to communications networks. “Here in the United States, we are sending a signal that we are not going to tolerate that threat any longer,” he said.

 

 

Huawei, ZTE Sell at a Loss to Facilitate China’s Data Collection

By Don Bishop, executive editor, associate publisher, AGL Magazine

OBrien

The Chinese Communist Party is collecting your most intimate data — your words, your actions, your purchases, your whereabouts, your health records, your social media posts, your texts, and mapping your network of friends, family and acquaintances, Robert O’Brien, the national security advisor, said in a speech delivered in Phoenix on June 24 at the Arizona Commerce Authority. He said the CCP accomplishes this goal, in part, by subsidizing hardware, software, telecommunications, and even genetics companies.

“As a result, corporations such as Huawei and ZTE undercut competitors on price and install their equipment around the globe at a loss,” O’Brien said. “This has the side effect of putting out of business American manufacturers of telecom hardware and has made it very difficult for Nokia and Ericsson.  Why do they do it? Because it is not telecom hardware or software profits the CCP is after, it is your data. They use ‘backdoors’ built into the products to obtain that data.”

When the Chinese Communist Party cannot buy your data, O’Brien said, it steals it. He said that in 2014, the CCP hacked Anthem insurance, collecting sensitive information on 80 million Americans. In 2015, the CCP hacked the Office of Personnel Management, which holds security clearance information, acquiring sensitive data on 20 million Americans who work for the federal government. In 2017, it hacked Equifax, obtaining the names, birthdates, social security numbers, and credit scores of 145 million Americans, O’Brien said.

In 2019, the CCP hacked the customer database of Marriott, gathering information on 383 million guests, including their passport numbers, according to the national security advisor.  And, in 2016, he said, a Chinese company even bought the dating app Grindr to harvest its data, including the HIV status of users, before the U.S. government forced a divestiture on national security grounds.  “These are just a few of the instances we know about,” he said.

Other speeches delivered by FBI Director Christopher Wray and U.S. Attorney General William Barr in June and July have described what they characterized as threats by China of retaliation against U.S. companies. A fourth planned speech on the theme is yet to come from U.S. Secretary of State Mike Pompeo.

A spokesperson for the Chinese Foreign Ministry, Hua Chunying, contradicted O’Brien during a July 17 press conference.

“On the issue of Huawei, the United States has not a single piece of evidence that Huawei poses a threat to its national security,” Hua said. “Huawei is a Chinese company, more advanced than its U.S. peers in 5G sector, and that’s where the United States believes it has got wrong. The United States cannot tolerate anything better than it, so it has abused its state power to oppress Huawei on trumped-up charges. This is economic bullying, a blatant rejection of the market economy principles that the United States has always prided itself on. The world sees this very clearly.”

U.S. Visa Ban on Chinese Tech Employees Affects Huawei

By Don Bishop, executive editor, associate publisher, AGL Magazine

The U.S. Department of State has imposed visa restrictions on certain employees of Chinese technology companies that it said provide material support to regimes engaging in human rights abuses globally. Companies affected by the action taken on earlier this month include Huawei, described by U.S. Secretary of State Mike Pompeo as an arm of the Chinese Communist Party’s surveillance state that censors political dissidents and enables mass internment camps in Xinjiang and the indentured servitude of its population shipped all over China. He said that certain Huawei employees provide material support to the Chinese Communist Party regime that commits human rights abuses.

“The United States has long been a beacon of hope for the world’s most oppressed peoples and a voice for those who have been silenced,” Pompeo said in a news release. “We have been especially vocal about the Chinese Communist Party’s human rights abuses, which rank among the worst in the world.”

Pompeo cited his authority under the Immigration and Nationality Act, which says that an alien is not admissible to the United States if the secretary of state has reason to believe the alien’s entry would have potentially serious adverse foreign policy consequences for the United States.

“Telecommunications companies around the world should consider themselves on notice: If they are doing business with Huawei, they are doing business with human rights abusers,” Pompeo said.

During a press conference conducted at the State Department the day before, Pompeo said that President Donald Trump had signed the Hong Kong Autonomy Act and announced a series of actions through a presidential executive order.

“As he said in May, if China treats Hong Kong as one country in a single system, so must we,” Pompeo said. “General Secretary Xi Jinping made a choice to violate the Chinese Communist Party’s promises to Hong Kong that were made in a UN-registered treaty. He didn’t have to do that. He made that choice. We have to deal with China as it is, not as we wish it to be. “

The secretary of state said that other nations are arriving at the same conclusion. He gave as examples Australia and Canada, which have suspended their extradition treaties with Hong Kong.

Pompeo announced that he is leaving on July 20 for visits to the United Kingdom and Denmark. “I am sure that the Chinese Communist Party and its threat to free peoples around the world will be high on top of that agenda,” he said. “We certainly will take time to discuss the UK’s commendable decision to ban Huawei gear from its 5G networks and phase out the equipment from its existing networks. The UK joins the United States and now many other democracies in becoming clean countries: nations free of untrusted 5G vendors. In the same way, many major telecom companies like Telefonica, Telecom Italia and NTT have become clean carriers.”

During a Chinese Foreign Ministry press conference on July 16, a reporter for Beijing Daily, the official newspaper of the Chinese Communist Party’s Beijing Municipal Committee, asked ministry spokesperson Hua Chunying to comment about what Pompeo said about democracies becoming “clean countries” by excluding Huawei and other untrusted vendors.

“American companies Cisco and Apple admitted years ago that there are security loopholes and backdoors in their equipment,” Hua said. “U.S. intelligence has long been running indiscriminate, illegal surveillance programs on foreign governments, businesses and individuals including those of its allies. Even American citizens don’t have any secrets. These are open facts.”

However, she said, Huawei has been providing services in more than 170 countries, and no country has presented any evidence showing security threats or backdoors in Huawei products. She gave as example Huawei funding and other support of a cyber security testing center in the United Kingdom, opening itself to testing by UK experts and being willing to sign no-backdoor agreements with all countries.

“Can any other business in any other country do this?” she asked. “Will Apple or Cisco offer to do the same, setting up a security center, opening itself to testing and standing ready to sign no-backdoor agreements? Can any U.S. company match Huawei on such transparency? It makes one laugh to hear Pompeo to accuse Huawei of being not clean.”

Although the United States boasts of its strong democracy, freedoms and values, Hua said, now it will not allow a foreign private company to live and prosper. “Huawei is a successful private company,” she said. “Its only fault in the eyes of the United States is that it’s a Chinese company, right? Driven by strong ideological bias, the United States went so far as to employ national resources, abuse national security and use democracy and values as a cover to align its minions to smear, attack and repress the Chinese company. This is the very opposite of being clean. They are playing real dirty tricks.”

About the United States imposing visa restrictions on Chinese technology company employees because, Pompeo said, the companies provide material support to regimes engaging in human rights abuses globally, Hua said the United States is actually the world’s number one human rights abuser. She said the U.S. human rights allegation on Xinjiang-related issues is the “lie of the century.”

“The United States should feel ashamed of having a senior official who tells such monstrous lies on this issue,” Hua said. “If Mr. Pompeo has the sincerity, he is welcome to visit Xinjiang, talk with the people living there and also get a grasp on how people in Xinjiang feel about him.”

People Making Bad Choices About Your Privacy

By Ernest Worthman, Executive Editor, AWT magazine, Senior Member, IEEE

“William Barr is an idiot.” Not my words, but I wholeheartedly agree the view recently expressed about our attorney general. However, I am glad that others see just how dangerous the leaders of this country are at this time.

The person who called him this was Max Eddy, a senior security analyst at infosec.exchange. He sees the danger in Barr’s ridiculous insistence that backdoors be added to encrypted communication systems, consequences be damned.

He is not alone. Barr’s lack of understanding of critical security in communications systems is in line with a handful of Republican senators and past heads of government security agencies; former FBI Director James Comey; the current Director, Christopher Wray; and former Attorney General Loretta Lynch, have all beaten the drum about wanting back doors to undermine end-to-end encryption.

I have written about backdoors often, even penned a paper on it. So, I will not go into that here. What I will go into is the latest related track of attacks on end-to-end encryption.

Three of today’s most dangerous congresspersons, all Republicans, of course, Lindsey Graham, Tom Cotton and Marsha Blackburn, (I’m surprised Mitch McConnel is not in on this) who say encryption is hindering U.S. law enforcement from catching criminals and terrorists – OMG, they want vendors to install a backdoor that can be used to circumvent end-to-end encryption!

The idiotic statements coming out of the Senate only show just how ignorant they are about so many things, security being only one of them. They are so worried about not having Russia-like control over the masses that they have lost touch with reality.

This started back, in earnest, when the flap between the FBI and Apple emerged over Apple’s refusal to unlock the phone of the terrorist who was involved in the 2015 mass shooting in San Bernardino, California. Syed Farook and Tashfeen Malik, his wife, shot up a regional center during a holiday party.

The FBI later found Farook’s iPhone and wanted to search it for information on the terrorist attack. That led to the FBI demanding that Apple unlock the device because the agency said it could not do it on its own.

Apple stood its ground and said they could not unlock the phone. Whether they could or could not is immaterial. For the record, I was in favor of accommodating the FBI’s request. However, that was then, this is now.

In retrospect, with the communistic mentality of the present administration, I am glad it went that way, then. Eventually, an Israeli company was given the task to compromise the terrorist’s iPhone and they were able to retrieve the data.

What kills me is that the government will not let this go. Most intelligent people should understand that such data, if critical to a criminal investigation, should be accessible. Just like camera video and audio. However, using Gestapo-like tactics to weaken such encryption used by Apple, Facebook, and others is not the right way to do it.  And with a backdoor that anybody can access with the right code.

That is why such end-to-end encryption is designed the way it is – to protect the consumer from anyone, including the government. If properly implemented even the provider of the hardware, or app, has no way to access the user information inside. The only one to be able to access the data is the owner.

This was set up this way for a reason. Does it make law enforcements job a bit more challenging? Of course, it does. It should not be easy for anyone, including law enforcement, to retrieve personal data. That is the purpose of end-to-end encryption.

It is a bit of a double-edged sword, however. There is certainly legitimacy in having law enforcement being able to acquire data that is used in illegal activities. But again, if you give the government an inch and they take a mile – especially the present government.

Hardly surprising, given the vehemence of this government to erode personal rights, some in Congress are trying to pass legislation to circumvent the privacy laws – again. And, as to be expected it is the Republicans – again.

This particular gang of three has introduced what they call the Lawful Access to Encrypted Data Act. The bill is being spun as a way to bolster national security interests by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior (and the rest of us, but they do not differentiate between us and the bad actors nor define the conditions that determine this).

Gotcha! This is a carte-blanch act that says once law enforcement has obtained the “necessary court authorizations” it requires tech companies to aid in obtaining such data – from anyone and any platform. Hmmm… I thought this is already the way it is. You want something, get a warrant. It has been that way for decades.

The same bill also gives the U.S. Attorney General the power to force U.S. technology companies into complying with the court order. For instance, the AG can demand the product provider supply a timeline of when access to the encrypted data will be available to federal investigators. Seems like Barr is determined to become the power Czar of this administration.

On the downside, the obvious cost would be user privacy. That cost is too high. We are already inundated with privacy breaches because there is no real legislation in place to protect us from, even the “good guys,” such as the FAAMG rat pack (Facebook, Apple, Amazon, Microsoft, and Google). In fact, it was just discovered that TikTok has been secretly spying on millions of iPhone users.

In order to give the government what it wants, it will open the floodgates to exactly the bad actors such encryption is intended to thwart – including our own government. We cannot assume that law enforcement will always act in the best interest of society. Administrations and laws will change, however, and what is protected today may be fair game tomorrow.

As well, even if, by the furthest stretch of one’s imagination, our government acts honorably, other governments do not. What is accessible by our government is, most certainly, accessible by other governments. They all have the same technology.

We also cannot assume that this bill and other actions will offer protections limiting access to the personal information of innocent individuals – something we know all too well from the National Security Agency’s massive spying operations in the past. Through both negligence and design, the NSA accessed much more information than it was supposed to have collected, including that of the U.S. citizens the agency is prohibited from spying on.

It is best said by Will Cathcart, of WhatsApp with this quote, “At a time when cyber threats from criminals, hackers and nation-states are on the rise, our nation’s leaders should not be calling on companies to weaken the encryption that allows us all to communicate privately and securely.”

Furthermore, the Electronic Privacy Information Center notes that these three republican musketeers are trying to weaken systems that are secure enough to keep government and law enforcement from using unauthorized access. Alan Butler, EPIC interim executive director, makes the point that one cannot have a backdoor accessible to government and law enforcement, exclusively. “That is not how encryption works,” he said. Well, duh! My point exactly with government ignorance around such topics.

In the end, the saddest thing is that even if all of this happens and now law enforcement can have access to any and all data in the name of security, there is little proof that such data will, all of a sudden, make us safer and stop bad actors. Crypto expert Klaus Schmeh did some back-of-the-napkin research and concluded that breaking encryption is not likely to yield better results for law enforcement.

So, it is time again to be afraid… very, very afraid.

The China Hawk Effect on the Semiconductor Biz

By Ernest Worthman, Executive Editor, AWT magazine, Senior Member, IEEE

Ern’s Perspective

Worthman

I have been involved in semiconductor industry for a number of years, now. I have many contacts there and do regular checkups with them on the health and welfare of the industry.

It is no secret that the last couple of years have not been particularly good for this industry. And, the Trump Administration’s spat with China is not helping. We will look at that a bit further on in this missive.

The industry is complex, and competition is stiff. This led to a freefall in Dynamic RAM and NAND memory pricing that started in late 2018 due to an oversupply of components. That, in turn, led to nearly a 13 percent decline in revenue.

There was a somewhat promising, rosier picture for 2020 but COVID-19 has put the kibosh on that. And, considering we are heading for a recession, there is a great void of unknowns once we pass the pandemic. All that has caused the industry to take a 15 percent hit for Q1. The chart gives an overview of the numbers and it is not particularly promising.

From a theoretical perspective, and wishful thinking among the players, there is a fairly wide window of opportunity available. However, nobody is placing bets on when or how fast the recovery will occur once all is said and done. And, sources are reticent to make anything other than vague predictions about what to expect.

The window of opportunity focuses, largely, on emerging technologies. A “what’s what” of platforms includes the Internet of Anything/Everything (IoX), autonomous vehicles, 5G, smart devices, artificial intelligence (AI), machine intelligence (MI) and several other emerging and expanding platforms (such as multi-gate semiconductors) that could jump-start the industry. That depends on several existing conditions improving and when that will occur to the point of some semblance of normalcy.

However, there is worry here in the United States about this government’s actions, going forward, with China. Many of this country’s semiconductor manufacturers are heavily invested with fabrication in China. And, this government’s position has them concerned. As well, a significant percentage of sales from the same goes to China.

There is a real set of serious challenges facing the United States from this pro-isolationist, in general, and anti-Chinese, in particular, position the United States is taking. A report by Boston Consulting Group (BCG) does a very good job of identifying the choke points and their implications on the U.S. semiconductor industry. And, the report is neutral, not trying to spin anything. The following are some observations from the report.

First, if the friction between China and the United States continues unabated, U.S. semiconductor companies’ business status in China will be compromised, risking the estimated $49 billion of revenue (22 percent of its total revenue) that the U.S. semiconductor industry derives from Chinese device manufacturers.

“Continuation of the bilateral conflict could jeopardize U.S. semiconductor companies’ ability to conduct business in China on an equal footing with their competitors, both Chinese and from other regions,” the report said. “The magnitude of the revenue at risk threatens the scale that the U.S. industry needs to sustain its virtuous circle of innovation and global leadership.”

In the worst case, the semiconductor trade war will lead to a decoupling of the U.S. and Chinese tech industries, which would apply to other technologies used in the semiconductor value chain, such as design tools and manufacturing equipment, damaging another area of U.S. leadership, according to the report.

This will be devastating for the United States and it will, likely, slip behind some other countries in cutting-edge technologies since a significant percentage of semiconductor earnings are reinvested in R&D. Loss of income translates directly into less money for R&D.

As well, the shift from purchasing U.S. semiconductor products will send Chinese money to U.S. competitors. That will make the competition even stiffer for U.S. suppliers around the globe because other countries will have more choices. That will also put pressure on prices.

For example, if 5G chip development accelerates in places like Korea, India, Vietnam and others with Chinese investments, the market will have many more, often less expensive, choices other than Qualcomm.

Chinese suppliers would capture approximately half of the revenue forgone by the U.S. industry, enabling China to increase its global market share to around 7 percent and raise its semiconductor design self-sufficiency from 14 percent to 25 percent. The other half of the revenue lost by U.S. semiconductor companies would flow to alternative suppliers from Europe or Asia,” according to the report.

If total decoupling were to occur, the results would be much more damaging. For example, China would also ban U.S. software and devices such as smartphones, P.C.s and data-center equipment, resulting in a significant decline in U.S. semiconductor revenue.

“We estimate that, in the medium to long term, the global share of U.S. semiconductor companies would drop from 48 percent to 30 percent. The United States would also lose its long-standing global leadership position in the industry,” according to the report.

There is, of course, the specter that some U.S technologies are so advanced that if China were to lose access to them, Chinese PCs, servers, and other ICT infrastructure devices might no longer be as competitive in international markets. The same for Chinese smartphones and other consumer electronics products, particularly in high-income economies. However, that would put Chinese technology in place of U.S. technology in China, which is a huge market. That, in turn, would generate revenue for Chinse R&D, both in China and elsewhere.

According to the report, unless the restrictions on U.S. semiconductor sales to China will do more damage to U.S. semiconductor companies than to China, resulting in U.S. dependence on foreign semiconductor suppliers.

“Similarly, a dramatically scaled-down U.S. semiconductor industry that no longer functioned as a global leader would not be able to fund the level of R&D investment required to fulfill needs for advanced semiconductors for critical defense and national security capabilities,” according to the report.

In the end, continuation down this path will have devastating effects on the U.S. semiconductor segment. How much and how devastating is unknown. And, couple that with the current and near-future economic downturn and the result could be an unrecoverable scenario for U.S. semiconductor players. That will not only hurt them but a wide array of segments from national security to consumer devices. It will also affect a wide array of both existing and emerging technologies.

The report implies some dire consequences for the semiconductor sector if the China hawks have their way. It goes as far as saying if the worst scenario comes to pass, the U.S. semiconductor segment will suffer irreparable damage to the point it may never recover.

Without a doubt it is in trouble. My main worry is that this administration will not understand the ramifications of pursuing the anti-China vector and thinking the results of decoupling can be made up with alternative vendors. That scenario will not come to pass.

The United States and China need to come up with a win-win strategy. The blame game, whether it is COVID-19 or fear of software backdoors, is not helping either side to move forward. On the backside of all of this, let us hope our government will undergo some changes that will remove the vindictiveness and ignorance we are currently witnessing.