Original source: https://www.fcc.gov/document/fcc-bans-authorizations-devices...
This covers Dahua, which I believe is the supplier that underlies cheap security cams like Amcrest, which have been a common choice for people who want local-only non-cloud cams for a long time.
Here's the inside story of how the ban was years in the making and all the effort it took. From someone in the government at the time the process started: https://twitter.com/JoshuaSteinman/status/159637064508835020...
That took long enough! Glad we're finally looking out for national security interests, even if it was partially incentivized by economic protectionist ideas - it's naive to think China hasn't done the same to other foreign tech companies.
I have an online Chinese security camera system outside my house. I'd be happy to replace it if usgov wants to subsidize that. The SSH Honeypot on the network with it remains untouched for now.
Reminder of how this started... when Huawei and ZTE decided that because they weren't American companies, they didnt need to answer questions from Congress, and even outright lied about the structure of their companies to conceal CPC/government involvement:
https://stacks.stanford.edu/file/druid:rm226yb7473/Huawei-ZT...
Whe you consider China's restrictions against US companies, these things are a drop in a bucket.
Can anyone familiar with the topic ELI5 this? Does this mean you can't use (buy? (sell?)) ZTE or Huawei modems in the US going forward? Or is this just a restriction re US govt related entities?
I love these cams, but also put them on a totally isolated network. Guess I'll pick another one up just in case they get tough to find soon.
Shouldn’t it ban these companies from having US offices too?
And, while they are at it, can TikTok be added to the list as well.
Finally
"National security" has been increasingly been used over the last 5 years as a justification for measures that are actually much more broadly geopolitical in nature.
A private individual using a Huawei phone or router isn't a national security threat to the US.
However, in a broader sense, the US government sees the technological development of China as a threat to American strategic dominance, and has been taking ever more drastic measures to try to hobble the Chinese tech sector. The campaign against Huawei, which began a few years ago, was the opening shot. Blacklisting various Chinese semiconductor companies (which does not only prevent American companies from doing business with them, but which also threatens companies around the world with secondary sanctions if they do business with the targeted companies) was a further escalation. This was also justified as a "national security" measure, with the claim that these companies do business with the Chinese military (these claims were not publicly backed up by evidence, of course). Biden dramatically escalated the "tech war" recently with even broader sanctions against much of the Chinese high-tech sector.
The "national security" justification has become so broad that virtually any business with China is now being construed as a national security threat. Americans should consider if they really want to turn their relationship with the world's largest economy into one that is purely hostile.
It's not beyond the realm of possibility that in the event of a real war between China and the US that our Chinese-made smartphones and drone toys would suddenly not be trustworthy. The NATO IC's (and SV) software wizardry (like super clever driver weaknesses snuck into mainline linux) always gets trumped by a little this and that added to hardware (an extra component on the pcb or worse, a tiny corner of a chip image).
To what extent do the industrial designers of consumer hardware take into account the threat of a last second modification of the design to suit the needs of the manufacturer? To what extent would such modifications be detectable by...anyone, ever? And what would it look like? The software version would be a bad network driver that examines all traffic for a specific triggering pattern that would take over the machine at first as uninvasively as possible, starting by modifying the kernel and the boot image (to stay activated). Establish contact with attacker and examine the user and their accounts. Some users are more valuable than others, having privileged positions in large companies, control or knowledge about important infrastructure, and so on. Or they may be celebrities or other people of note. Or they may be friends of those people. It would be useful to undermine everyone at once, but using a stochastic process that minimizes a torrent of data. Oh and it's probably better for china to maintain at least some of their C&C outside of China to make it less obvious who the actor is, and to maintain connectivity for longer. Ideally the adversary C&C would exist within the target country. In the USA you'd want a confusing relationship that is plausibly legitimate, and turn it into a free speech issue, slowing down the legal system, and so working to China's benefit. While the justice system tries to do it's job, you use the data you gather to build a very accurate and detailed picture of the nation's capabilities, all with names and leverage attached. Over a short period of time, say a few days, what havoc could such an entity do to our nation, if it could send messages as anyone to anyone and be undetectable as illegitimate?
And we worry about DDOS botnets!
(Note: if we had on-shore manufacturing it wouldn't solve the fundamental issue which is that humans can mass manufacture invisible machines that can't be inspected. These machines are so small they cannot be perceived, not even with the most powerful magnifying instruments[0].)
Of course, all of this could be way off base. An equally valid (if more cynical) reason for sanctions like this is that regulatory capture and campaign generosity is finally paying off for someone.
0 - https://en.wikipedia.org/wiki/Electron_microscope And the preparation methods required destroy the object under test, such as a chip image.
Still can't actually show any actual security issues though right?
Every article I’ve ever read that cites “national security concerns” never, ever explicitly goes into the exact, computational mechanism in which it is a security concern. It’s always something like “Chinese company under Chinese government, therefore bad”. Never anything concrete or substantive from a software engineer POV, such as what exactly is phoned-home, or what actual subversions are happening currently, only hypotheticals.
Top dogs hate competition. Simple as that. I fucking hate how the US pushed them out of Europe due security concerns when we fuckin know for a fact the US is the worst offender when it comes to spying and sabotaging the competition.
What it is called when the US sells weapons to European countries that are connected to the US network, share data and can only be activated by US officials?
Should their customers retaliate?
"we can do it, you can't"
https://www.thedrive.com/the-war-zone/23052/foreign-f-35-use...
Is this an executive measure? Does the executive have authority to do such a thing, based on vague and nebulous claims of threat to national security? Were these companies providing sevices/supplying goods in the US market subject to necessary US regulatory approvals? On which grounds can such approvals be rescinded without evidence that will stand in courts?
Moreover this is infact a restriction on US citizens/ firms from buying these goods? Does it not impinge on their rights to fair choice?
Why are the stakes so high? Well, research "integrated communications and sensing" to find out. IEEE is pushing this paradigm shift. The radio hardware isn't just being used for communications between active devices anymore. It'll be useable for passive and biometric sensing applications, including but not limited to passive localization and identification of people without phones. Next generation wireless standards are being explicitly designed to facilitate this.
That said, for some reason I doubt that hardware deployed in the 5 eyes nations won't also be used for surveillance purposes, just that the institutions controlling the systems will be different.