Re Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Seth David Schoen <schoen () loyalty org>
> Date: June 23, 2017 at 3:47:55 PM EDT
> To: dave () farber net
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters
>
> Dave Farber writes:
>
> > http://www.reuters.com/article/us-usa-russia-tech-idUSKBN19E0XB
>
> This article takes a super-skeptical view toward Russian fears that U.S.
> products might have backdoors and the consequence that Russians see it
> as important to be able to confirm that they don't.  It even ends up
> suggesting that disclosing source code is bad for security (albeit
> mainly in contexts where the disclosure is made to governments and not
> to the public -- which might sometimes be true).
>
> Would we take such a negative view of U.S. concerns that Russian or
> Chinese products might have backdoors and that we need mechanisms to
> confirm that they don't?  Why, I've just last month read press coverage
> criticizing the U.S. government for continuing to use Russian antivirus,
> because obviously the Russian government will use these antivirus
> tools to attack us.
>
> http://abcnews.go.com/Politics/classified-senate-briefing-expands-include-russian-cyber-firm/story?id=47619783
>
> http://www.ibtimes.co.uk/kaspersky-willing-give-us-anti-virus-source-code-disprove-russia-spying-claims-1623328
>
> Why is it obvious that Russians need to prove that they're not subverting
> technology to attack us, but bizarre to think that we need to prove that
> we're not subverting technology to attack the Russians?
>
> In a lecture earlier this week, I mentioned how I've heard from both
> Cisco and Huawei employees that their ability to sell to customers in each
> other's countries is harmed by fears that each vendor's local government
> has caused backdoors to be built into the products.  (Leaks have confirmed
> that the U.S. government has at least backdoored technology products
> by intercepting physical shipments to foreign customers -- which those
> foreign customers are right to want to protect themselves against.)
>
> I thought the natural answer was that in an era where governments view
> "cyber" so aggressively as a domain and means of state power, everyone's
> concerns for supply-chain security are legitimate.  That's true
> whether the customers are Chinese, Russian, American, Brazilian, Indian,
> or anyone else.  All technology vendors have a shared problem (that
> they can potentially try to collaborate on solving) of how they can
> make trustworthy products for customers abroad -- and show that they've
> done so.
>
> -- 
> Seth David Schoen <schoen () loyalty org>      |  No haiku patents
>     http://www.loyalty.org/~schoen/        |  means I've no incentive to
>  8F08B027A5DB06ECF993B4660FD4F0CD2B11D2F9  |        -- Don Marti



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170623164128:5296A45A-5854-11E7-9E4A-F57292126073
Powered by Listbox: http://www.listbox.com