[LINK] What's Behind the Huawei Fracas

Wed Mar 28 17:56:35 AEDT 2012

Where I become sceptical, Roger, is not "can a device collect data?" but 
"can it phone home without detection?"

Consider - to snoop on the NBN the Ethernet-over-fibre kit needs to 
accomplish the following without detection by the operator:

1. Extract the data from the Ethernet frames,
2. Decide what's interesting and what's not, and
3. Send interesting stuff back to China.

(3), I presume, means it somehow needs to find a TCP/IP path to use. 
That is, get to a router and send packets from that router to some place 
that will get the data home.

It would, on the other hand, be relatively straightforward to watch a 
box for anomolous traffic.

Regarding your question: "what, in practical terms, is NBNCo installing 
in the way of intermediating devices?", as I understand it, none. That 
is: NBN Co is not providing IP layer services (with the exception of its 
capacity to handle multicast - others can explain this better).

While you were right that the NBN could have been designed as a 
censorship enabler, it has not been so designed. The temptation to 
provide Layer 3 services was resisted.

RC

On 28/03/12 2:04 PM, Roger Clarke wrote:
> The reporting on Huawei's exclusion from the NBNCo contracts has
> unfortunately been facile.
>
> Even the business-writers and the ABC suckered for the proposition,
> attributed to ASIO, that this was all about "cyberattacks coming out
> of China".
>
> The suggestion that Huawei is involved in those activities is a straw
> man.  It enables the company, through an ex-Australian Cabinet
> Minister, to defend, probably quite honestly, that they don't do that
> kind of thing.
>
> The real issue is whether Huawei technology brings with it embedded insecurity.
>
> This is an opportunity to get back on the agenda the much broader set
> of issues that NBNCo must be forced to deal with, in public.
>
>
> 1.  Compromised Devices on the Backbone
>
> Serious concerns were expressed back in 2005 about features being
> built into backbone routers to facilitate surveillance and censorship.
>
> No-one had any doubt that Huawei was building such capabilities in to
> satisfy the Chinese government.
>
> Accusations were levelled at Cisco, and especially at Juniper.  They
> were under pressure from the Chinese government to comply if they
> wanted to keep getting business there.  And they were doubtless under
> pressure from the NSA and the US Administration as well.
>
> Cherry S. (2005)  'The Net Effect'  IEEE Spectrum 'Special Report on
> China's Tech Revolution' (June 2005) 38-44, at
> http://spectrum.ieee.org/computing/networks/the-net-effect/0
>
> That included this quote:  "The concern I have is that this is laying
> the foundation for a much more intrusive and censorship-friendly
> Internet infrastructure for all countries," says Roger Clarke, a
> consultant in Canberra, Australia, affiliated with the Australian
> National University. "The features that China wants installed in
> intermediating devices and software will gradually find their way
> into all of the suppliers' products, if only because it's cheaper
> that way."
>
> The probability of Huawei backbone devices being compromised is very
> high, and with Cisco and Juniper the probability is a bit lower.
>
> A bigger difference is the strategic significance of intermediating
> devices being compromised.  The polite thing to say is that the US is
> an ally of Australia (although of course the cynic would say that
> Australia is an acolyte of the US), and the US is seriously concerned
> about China's emergence as a super-power.  Whereas China is only a
> (currently very important) trading partner.
>
>
> 2.  NBN's Role
>
> The NBN is a Layer 2.5 service, i.e. the IP Layer is provided by
> other organisations, not NBNCo.
>
> So what, in practical terms, is NBNCo installing in the way of
> intermediating devices?  And to what extent does NBNCo's choice of
> technology providers determine whether, what and whose surveillance
> and censorship capabilities are built into the infrastructure?
>
> IANATE (I am not a telecomms engineer), so my expression of these
> points is necessarily imprecise.  However, it seems to me that, even
> if NBNCo isn't technically deciding on the routers and proxy-servers,
> the choices that they're making will limit the choices available to
> other organisations when *they* make *their* decisions about routers
> and proxy-servers.
>
> It's a very good move to ban Huawei from NBNCo's infrastructure,
> because that reduces the risk of compromise of Australian
> infrastucture and traffic by either Huawei or some client of Huawei
> (e.g. the Chinese government).
>
> But, as a country, we remain exposed to the US companies that we're
> likely to use instead, and to the clients of those US companies (e.g.
> the NSA).
>
>
> 3.  NBNCo's Irresponsible Stance re Public Policy Issues
>
> I wrote back in 2009 that:
> http://www.rogerclarke.com/II/BBF-091211.html
> "The Chinese government is building censorship into its backbone
> routers, to deliver the Great Chinese Firewall.  We need to make sure
> that the emergent NBN design doesn't facilitate censorship through
> our own form of Rabbit-Proof Fence".
>
> I further argued that:
> http://www.rogerclarke.com/II/NBN-PC-0912.html
> "The NBN could be designed to embody, or to facilitate, the
> surveillance of content. Ways in which this could be done include the
> accommodation of the function in the NBN architecture and the NBN
> infrastructure, the provision of space on NBN Co.'s premises for
> specialist equipment, enabling the connection of extraneous devices
> to the network, enabling the inclusion of extraneous software in its
> own devices, and the permission of access to its premises by
> organisations that conduct surveillance.
> "It is crucial to the public trustworthiness of the national
> infrastucture that it not be prostituted to the wishes of either
> marketing corporations or national security extremists.
> ...
> "The NBN holds great promise. It also harbours considerable potential
> threats to privacy. There is to date no sign that NBN Co. is engaging
> with the issues. It needs to do so."
>
> NBNCo continues to avoid discussion of a range of critical policy
> matters, and has been allowed to get away with it.  That bodes very
> ill for our future freedoms.
>
>