Silvaire wrote:
any companies in the US and elsewhere get many attempts at industrial espionage every day from China, using a large state paid work force. It costs a great deal of money in IT to (mostly) keep them out.
So do many companies in Europe and elsewhere from US. That’s what I meant by “for the US it might be a new feeling, for us in Europe it’s just another one …”. Prism, Project Sauron, etc. have not only been targeting terrorists but also follows clear economic interests. US companies might not copy the latest fashion collection or consumer device – but when it is about real competitive advantage in key technology areas, the threat for companies from China is not bigger than the threat from the US.
The discussion on 5G backbone technology has been and still is a very telling one: The US government tries to heavily influence European governments to ban Huawei from any participation or at least make them to fully disclose their software to prove there is no government backdoor. They never demanded the obvious, that for every potential provider the same rules should apply and each of them has to create the same transparency – why not?
Peter wrote:
I could post the server log for any server I have access to (several) to show it is jam packed with hacking attempts which are nearly all from China.
Do you really think, Chinese government is so stupid, that they use identifiable Chinese IP dresses for serious hacking attempts? If so, we should not be scared…
What we all see in our server logs is, that China has about 10 times the number of computer science graduates each year that the US have – and there is a high correlation between hacking attempts and CS graduates…
Re Huawei… it is impossible to be sure there are no back doors, in a box containing say 1M lines of code.
One could devise a process involving source code review, escrow, and checking the compiled executable is identical to the executable in the box in question. But who will check 1M lines of source code? Nobody can usefully, because it is easy to hide back doors, because you only need to let in something via a side effect. To implement a back door, you don’t need to test for a username like “chinese_hacker” 
It is impossible to even check for simple stuff like a remote shutdown. And anyway Huawei are not handing over any sourcecode.
FWIW, the UK GCHQ looked into this and said that back doors are not an issue, because Huawei boxes are so bug-ridden they don’t need them to be exploitable. This comes as no surprise to anyone who has played around with Chinese IT gear. I have used a lot of Draytek stuff (“high end” by Chinese standards) and whole chunks of the functionality just don’t work. They use mostly Linux as the base so that’s ok but the rest of the code is a hack. Funnily enough the old Draytek boxes which used their own OS run much better than their new stuff which is Linux based, but the new stuff is less buggy functionally. It seems obvious that the European cellular companies, who must have found all this, just threw their arms up in the air and installed the stuff because it works well enough in the narrow scope of usage, is cheapest, and the others (Ericsson, Nokia, etc) have bugs too, of course.
So when buying critical infrastructure, you need to buy it from a country which is not realistically ever likely to be your enemy – in a cold war or in a hot war. For Europe for example, and assuming the 1939-45 scenario does not occur again, the US obviously meets that requirement. But China obviously does not.
What technology would the US Government seek to steal from European companies and contractors, in the way the Chinese Government systematically (and intensely) seeks to steal technology from the US and elsewhere?
Peter wrote:
So when buying critical infrastructure, you need to buy it from a country which is not realistically ever likely to be your enemy – in a cold war or in a hot war. For Europe for example, and assuming the 1939-45 scenario does not occur again, the US obviously meets that requirement.
Countries have interests not allies. What a country needs to do is supply its own defense infrastructure, not buy it from elsewhere and not steal it. Spin-off applications for that technology will eventually support the economy that pays for it assuming the national government can be prevented from spending the money on inappropriate nonsense. The internet comes to mind, and GPS among a zillion other examples. This is one of relatively few legitimate roles for government, in my view.
Peter wrote:
Re Huawei… it is impossible to be sure there are no back doors, in a box containing say 1M lines of code.
Agree – same is true for Cisco, Nokia, etc. It’s about setting the same standards of scrutiny for every provider, because …
Peter wrote:
So when buying critical infrastructure, you need to buy it from a country which is not realistically ever likely to be your enemy
.. else you can only trust your own (and perhaps EU) industry. US gov. has demonstrated so often in the recent past that they are only interested in their own benefit that they for sure not qualify for “not realistically ever our enemy”.
Silvaire wrote:
What technology would the US Government seek to steal from European companies and contractors,
Gas turbine technology from Siemens, Automotive Electronics from Bosch, Weapon technology from Kraus Maffei and Heckler&Koch , …
So many things…
China also abuses software licensing as I understand it. DJI used quite a number of linux libraries that as part of their use require the source code to be made available. You can imagine where that went.
I’d rather also be in a country / world where Winnie the pooh is not banned.
I’ll let others judge the validity of your assertion that the US government steals technology from European companies for themselves. My judgement is clear.
I have some familiarity with the gas turbine business. It is international and the original design work is increasingly done by consultant companies.
Weapon technology from Kraus Maffei and Heckler&Koch
The US would steal technology from H&K, seriously?
Off_Field wrote:
DJI used quite a number of linux libraries that as part of their use require the source code to be made available. You can imagine where that went.
Don’t get me started on DJI. Pure rip-off of US tech (developed by a now defunct company here in CA) with data feed straight back to the CCP. Use of their drones is now rightfully either prohibited or severely restricted in government settings and / or in any setting where critical infrastructure data are being gathered. Hard to control, unfortunately.
Of course the EU and primarily Germany close their eyes, see here (in German) from Der Spiegel today.
Silvaire wrote:
I’ll let others judge the validity of your assertion that the US government steals technology from European companies for themselves. My judgement is clear.
I agree this is unlikely. What is much more likely is that the US government steals information that is used in business negotiations.
Every country’s comms intercept service does that. Every
