Translation: how should we generalize the Huawei rule so that we don't
specifically and illegally pick on the Chinese?
The short answer is: you shouldn't. The FCC is poorly equipped to
operate in the national security space and I think changing it's
footing to adequately operate in that space would likely impair its
core mission. Let security agencies decide when an import should be
banned and let them ban it independent of the FCC's activity.
more-over, aren’t there lots of other folk making gear (even inside the US!!!) which
are made up of components/software/etc which MAY be influenced/etc by foreign actors?
This proposal and the previous version of this conversation/regulation seem designed
to just be flame-bait in the political space. They can’t really have merit because
who says John Chambers wasn’t paid by the Elboniese Ministry of Magics to
insert ‘bad things’ in all Cisco devices built during his tenure?
(clearly I’m making up the ‘john could have inserted code’, but
take that example for any employee at any of the potential vendors
or their suppliers)
Also, I wonder:
“can not use VENDOR in your network…”
does that mean: “only in the USA” or “Anywhere”…
the pedantic (there just aren’t these folk in networking, I am assured) out there could say:
“Ok, not in the USA… so the ring around entry points is all VENDOR… done!”
more-over, aren't there lots of other folk making gear (even inside the US!!!)
which are made up of components/software/etc which MAY be influenced/etc by foreign
Obligatory 37 second explanation: Components, American Components, Russian Components, All Made In Taiwan - YouTube
Here's what I'm thinking:
I'm thinking it costs less than five cents per unit to add a radio
receiver to any mass-produced VLSI or SoC chip whose sole purpose is
to blow an internal fuse on receipt of the right cryptographic
waveform. Pirate the mandatory voltage in line for a bad but usable
antenna. The fuse could do anything. Disable the chip. Switch to the
alternate firmware. Anything.
I'm thinking the FCC would assign itself the mission of protecting us
from such a threat and the authority to do so by speculatively banning
electronics which can't prove they don't contain such a circuit. Which
is practically impossible. And applies to all electronics. Everything.
Or worse, I'm thinking the FCC would assign itself the mission but
only enough authority to make itself a nuisance to legitimate vendors
while leaving massive holes in the attack surface.
This is a bad idea. This is one of the things we have intelligence
agencies for: to catch companies and nations who sneak clandestine
contaminants into their exports so that we can confront or if need be
embargo those imports in a comprehensive way. Contaminated electronics
is just the latest twist in a long shadow war where the FCC's amateur
interference would not be helpful.
I'm also thinking this would make a great plot for a science fiction /
spy novel. Any writers out there?