Beijing security know-how rules irk suppliers
Chinese government rules due to come into force on Saturday would oblige security vendors to disclose encryption information.
The regulations mean that suppers of six categories of products - including smart cards, firewall and routers - will need to submit trade secrets to a government panel in order to receive a license to sell to government departments.
EU officials have described the move as both protectionist and commercially risky. One concern is that security know-how supplied to the government panel might be disclosed to local firms.
Handing over encryption information is "something companies cannot and will not do," said president of the European Union Chamber of Commerce Jorg Wuttke, The Wall Street Journal reports. US authorities are also opposed to Chinese demands, AP adds.
Details of the scheme are a little murky. It's unclear whether EU and US would be obliged to simply disclose encryption techniques, such as AES, which are publicly documented, or cryptographic keys, which must be kept secret.
Source code review of security products is carried out under security certification schemes run by CESG in the UK, for example, and by itself is certainly no bad thing. In the past Chinese authorities have asked for malware samples before allowing anti-virus vendors to sell technology into the country, a move into much murkier areas of security ethics. ®
RE: Place your bets
I would love to say I'd bet ten years pay against your tonail clippings no-one is that utterly retarded but unfortuately my faith in the general intelligence of my fellow man died around the time Apple computers became trendy.
Please keep to the right
There is no assumption that only US products can be safe that I can see. RSA's name is bandied about, but probably only because they developed the most famous implementation of elliptical (public) key encryption.
As stated in the article, if they want to know the implementation (to see if there are any backdoors), no worries at all - the techniques are publically documented. That would merely be a code review that standards are met and no hanky-panky is taking place.
If, instead, the Chinese govt wants the private (trade secret) *keys* for every product, THEN its just to make sure they can review the contents of everything encrypted in China. THEN it is a matter for concern. The fact that they leave it that ambigous is not promising for good intentions...
A few years back Washington kicked up a massive fuss when they found out that their purchasing department had signed a contract to buy hndreds of Lenovo PCS and laptops.
A Lenovo computer basially a rebranded IBM computer. It's made in the same factories, it's service engineers are the same service engineers, and a lot of the work done on them is done in a plant in Monterey. But Lenovo is bankrolled from China.
Washingotn blew a gasket and there were all these fears about secret bugging devices and attack code. It was all total bull, but it really upset the Chinese government which reveled that it had just placed a massive order for Dell PCs for its own government departments without nearly so many hoops to jump through and without all of the claimand conspiracy and counter claim.
Now, China is just doing what Washington has been doing for several decades. It's brining in rules to ensure that wireless devices and encrypted software aren't sending out data that they aren't supposed to be.
This is nothing new. In fact many countries go even further.
For example, the British government routinely demands the code for software produced for its military systems (It's often a contractual requirement before you can even get started writting it). This isn't encryption, it's the whole show. Drivers, APIs, every single line of code.
It's one of the things that was holding up the F22 program. The British government refused to comit to purchasing it until it could see the code for the weapons and radar systems to ensure that the CIA or somebody else hadn't put a disabling code in to it that could shut it down remotely. That's actual US military secrets that they were demanding.