Interesting People mailing list archives
Re Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters
From: "Dave Farber" <farber () gmail com>
Date: Fri, 23 Jun 2017 16:41:19 -0400
Begin forwarded message:
From: Seth David Schoen <schoen () loyalty org> Date: June 23, 2017 at 3:47:55 PM EDT To: dave () farber net Cc: ip <ip () listbox com> Subject: Re: [IP] Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters Dave Farber writes:http://www.reuters.com/article/us-usa-russia-tech-idUSKBN19E0XBThis article takes a super-skeptical view toward Russian fears that U.S. products might have backdoors and the consequence that Russians see it as important to be able to confirm that they don't. It even ends up suggesting that disclosing source code is bad for security (albeit mainly in contexts where the disclosure is made to governments and not to the public -- which might sometimes be true). Would we take such a negative view of U.S. concerns that Russian or Chinese products might have backdoors and that we need mechanisms to confirm that they don't? Why, I've just last month read press coverage criticizing the U.S. government for continuing to use Russian antivirus, because obviously the Russian government will use these antivirus tools to attack us. http://abcnews.go.com/Politics/classified-senate-briefing-expands-include-russian-cyber-firm/story?id=47619783 http://www.ibtimes.co.uk/kaspersky-willing-give-us-anti-virus-source-code-disprove-russia-spying-claims-1623328 Why is it obvious that Russians need to prove that they're not subverting technology to attack us, but bizarre to think that we need to prove that we're not subverting technology to attack the Russians? In a lecture earlier this week, I mentioned how I've heard from both Cisco and Huawei employees that their ability to sell to customers in each other's countries is harmed by fears that each vendor's local government has caused backdoors to be built into the products. (Leaks have confirmed that the U.S. government has at least backdoored technology products by intercepting physical shipments to foreign customers -- which those foreign customers are right to want to protect themselves against.) I thought the natural answer was that in an era where governments view "cyber" so aggressively as a domain and means of state power, everyone's concerns for supply-chain security are legitimate. That's true whether the customers are Chinese, Russian, American, Brazilian, Indian, or anyone else. All technology vendors have a shared problem (that they can potentially try to collaborate on solving) of how they can make trustworthy products for customers abroad -- and show that they've done so. -- Seth David Schoen <schoen () loyalty org> | No haiku patents http://www.loyalty.org/~schoen/ | means I've no incentive to 8F08B027A5DB06ECF993B4660FD4F0CD2B11D2F9 | -- Don Marti
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170623164128:5296A45A-5854-11E7-9E4A-F57292126073 Powered by Listbox: http://www.listbox.com
Current thread:
- Re Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters Dave Farber (Jun 23)