Sunday, March 23, 2014

NSA spying on China has nasty implications for the world

It's been reported that the NSA has put a lot of effort into monitoring (a.k.a. 'spying on') not just the Chinese government, but private Chinese firms - including Huawei and ZTE, among the world's largest communications technology suppliers.  It rivals US companies in the supply of Internet switching devices, etc.  In the past, US authorities have claimed that both companies are or will be a "national security threat" if their hardware is incorporated into Western networks - something that's been raised in Britain as well.  In October 2012 CBS's "60 Minutes" broadcast an in-depth investigation into Huawei's activities.

Der Spiegel reports:

According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network, the Americans were able to read a large share of the email sent by company workers beginning in January 2009, including messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang.

"We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products." The agency also states concern that "Huawei's widespread infrastructure will provide the PRC (People's Republic of China) with SIGINT capabilities." SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.

. . .

The agency notes that understanding how the firm operates will pay dividends in the future. In the past, the network infrastructure business has been dominated by Western firms, but the Chinese are working to make American and Western firms "less relevant". That Chinese push is beginning to open up technology standards that were long determined by US companies, and China is controlling an increasing amount of the flow of information on the net.

In a statement, Huawei spokesman Bill Plummer criticized the spying measures. "If it is true, the irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us," he said.

There's more at the link.

Huawei's complaint is entirely justified, of course.  The NSA is doing to Huawei what it's long alleged Huawei is doing to others.  The USA will never again be able to legitimately complain about the threat to national security posed by Huawei or any other Chinese company.  The response is entirely predictable.  "Pot, meet kettle.  Kettle, pot."

However, that's not the biggest implication of this revelation.  We've already noted how US technology companies are losing billions of dollars in foreign orders due to fears that NSA monitoring technology has been incorporated into their products in the form of so-called 'backdoors', which would allow US surveillance of traffic passing through the equipment.  Many of those who no longer trust US equipment have been turning to Huawei, ZTE and other Chinese companies to supply alternatives.  However, if the NSA is now able to monitor traffic on those devices as easily as it can US equipment, where does that leave the world's communications providers?  They're caught between a rock and a hard place.

They're going to be looking for solutions, which are likely to involve tougher defenses against snooping (e.g. strong encryption, the mandatory use of landline - probably fiber-optic - networks as opposed to wireless communications for all sensitive information, and so on).  Those precautions will make all communications more complex and expensive, but also greatly complicate the ability of the USA to monitor communications that are legitimate espionage targets - foreign weapons development, for example.  Effectively, the NSA may have created far more problems for itself in the future than it's solved in the past.  One wonders if anyone at the NSA ever read the Law of Unintended Consequences?  It appears not . . .

The sooner this rogue agency is disbanded altogether, its unconstitutional elements purged, and its valid functions transferred to a more law-abiding agency, the better for the USA - and the whole world.



Merlin said...

And this is one of the best arguments for open source. Even if an individual can't understand the source code, by it being available, others will have looked at it, and can publish whether or not it contains anything to be concerned about.

Rolf said...

One possible side-benefit: more nations deciding they need to be serious about developing their own home-grown tech talent, at all levels, so they can design and create their own stuff from scratch. While in one sense this is very inefficient because of duplication of effort, it ALSO means a vastly more robust basic tech infrastructure, because it's distributed throughout the developed world. That, combine with open-source standards on basic protocol and interfaces could potentially do a lot of good in the long run, because it addresses a bunch of education, technology, employment, and trade issues is a way that nobody is currently predicting.

Short term, it's gonna suck like an open chest wound.