SoylentNews is people
SoylentNews
Lenovo: Companies working in China may have to install local backdoors
Does Lenovo put backdoors in if the Chinese government asks? "If they want backdoors globally? We don't provide them. If they want a backdoor in China, let's just say that every multinational in China does the same thing."
"We comply with local laws. If the local laws say we don't put in backdoors, we don't put in backdoors. And we don't just comply with the laws, we follow the ethics and the spirit of the laws."
And then, with a final flourish, the answer. "Likewise, if there are countries that want to have access, and there are more countries than just China, you provide what they're asking."
See also: Lenovo CEO: 'We're not a Chinese company, we're a global company'
This discussion has been archived.
No new comments can be posted.
Lenovo: Companies Working in China May Have to Install Local Backdoors
|
Log In/Create an Account
| Top
| 26 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
The notion of a "record" is an obsolete remnant of the days of the 80-column
card.
-- Dennis M. Ritchie
(Score: 3, Insightful) by Anonymous Coward on Thursday September 20 2018, @08:57AM (11 children)
Well, doh! Color me surprised!
Capitalism is an optimization process: if more money can be made with backdoors than without (think: total market loss in $wherever) then backdoors it is. And if it's the other way around then no backdoors. And if the powers don't care, then weigh customer loss through remaining backdoors against cost of removing backdoors just for that single market (plus the cost of maintaining, debugging, supporting two different versions). It's dead simple, conceptually, really.
Not moral, not ethical, but money-makingly simple. A company's reason for being is not to spread freedom in the world. Not even if that would be very convenient because it's a powerful company. Expecting any different would be naive, bordering on foolish.
Capitalism optimizes price, and anything that does not have a price (naturally or through government intervention) is invisible to it. If you want backdoor-free software, put a monetary penalty on found backdoors (and make it stick). If you want good software, make it expensive to produce not-good software. If you want companies to support freedom, ........ but hey, who am I kidding, no government ever supported freedom, unless it was the freedom to be fleeced of your oil :-(
(Score: 1, Touché) by Anonymous Coward on Thursday September 20 2018, @09:06AM
I also kindly request you young whippersnappers to vacate the carefully manicured greens in front of my personal residence, most expediently, not to say with all due haste, and treading carefully on the way out, lest you cause insufferable creasage to the splendid foliage.
(Score: 3, Touché) by Runaway1956 on Thursday September 20 2018, @09:16AM (4 children)
That is stated quite well. Lenovo plainly told the world that it has no ethics, aside from profit.
(Score: 2) by c0lo on Thursday September 20 2018, @09:32AM (3 children)
+1 sincere.
A pity they don't produce LibreBoot-able ThinkPads.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @10:46AM (2 children)
They certainly would, if there was more money in that than in not doing it.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @05:36PM (1 child)
(Score: 1, Insightful) by Anonymous Coward on Thursday September 20 2018, @06:38PM
Insufficient demand, higher price for parts, and probably discouragement on the part of governments that want backdoors into all popular equipment.
(Score: 3, Insightful) by Anonymous Coward on Thursday September 20 2018, @09:30AM
But... but... you mean free market doesn't guarantee individual freedom?
Like, if a powerful corporation has more to gain from abusing the users of their products/services, they'll do it and to hell with individual freedoms? (FB, Apple, Google and the lot, I'm looking at you too)
That's unpossible! The American-born multinationals used US to push the 'free-market is democracy and freedom' doctrine worldwide, in many cases at the muzzle of a gun. They wouldn't lie for a fistful of money, would they?
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @11:24AM (2 children)
> If you want good software, make it expensive to produce not-good software.
You won't be able to afford any software if that happens. How is that better?
(Score: 3, Informative) by Arik on Thursday September 20 2018, @03:22PM
In a sane market (we had one of those decades ago) the hardware manufacturers are happy to fund the development of the bits of software needed to adapt the general system to their hardware. Otherwise few would buy it. Primarily that would be drivers and any necessary compiler extras. Once that's done, the entire library of code becomes available to that machine - all at no (additional) charge to the customer.
That's WAY better, in every way, than what we see today.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday September 21 2018, @01:41AM
Linus could quadruple the price and I'll STILL buy it.
(Score: 3, Informative) by Spamalope on Thursday September 20 2018, @01:58PM
And they comply with local law. So... does China local law require that export computers have backdoors for China? This can be secret law, just like the US secret courts. Hmm...
(Score: 4, Insightful) by MostCynical on Thursday September 20 2018, @09:30AM (5 children)
no need to have any tricksy warrant canaries, just come out and tell the world you have shafted your customers (in line with applicable local laws)
By extension, there must be back doors in devices they sell in the UK, USA, and most other
westerncountries as well."I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Interesting) by c0lo on Thursday September 20 2018, @09:40AM (4 children)
Doesn't make sense to maintain different/separate backdoors for different countries.
Look, nothing stops me go in China and buy locally a computer backdoored for China. If I bring it back home, ASIO may have troubles in accessing that computer and may start chicaning Lenovo on the issue.
It's more likely Lenovo will maintain a single line of hardware, with all the backdoors for every govt at once. Not only they'll be instantly compliant with the request of any govt, but it's also cheaper for them.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by MostCynical on Thursday September 20 2018, @10:02AM (2 children)
Are there any countries like this?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by c0lo on Thursday September 20 2018, @11:26AM (1 child)
The ones in which the population don't use computers, i suppose.
You are bound to find some, there'd be among those the population is more familiar with operating an AKM than a computer.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @07:09PM
Yeah, those are the countries where when the leaders are asked about backdoors on computers, their reply is "Computer? What is this?"
(Score: 1, Interesting) by Anonymous Coward on Thursday September 20 2018, @10:12AM
Just like Intel maintains a single line of hardware and each chipset capable of running Management Engine. Unless you are the NSA and have the killswitch...
(Score: 3, Interesting) by Phoenix666 on Thursday September 20 2018, @11:04AM
I have had sticker shock when looking at their systems in the past, but with these kinds of statements coming out of Lenovo I guess I'll have to bite the bullet.
I suppose we should thank their CEO for giving it to us straight.
Washington DC delenda est.
(Score: 2) by DannyB on Thursday September 20 2018, @02:03PM (3 children)
Develop a mentality that computers are a temporary thing. Nothing permanent. Every instance disposable.
Keep permanent files in some sort of append-only storage servers. Maybe running ZFS with a file server protocol that versions everything and is append-only. No actual deletion takes place. Only in the current version of the filesystem does the file appear to be deleted or overwritten. Then such a server must be regularly backed up to portable offline storage -- ideally read only once written. (Not necessarily present day technology. This is speculative about how to practice paranoid computing.)
Cheap disposable laptops. (eg chromebooks?) The web browser is your only tool. All apps in "the cloud" even if your own private cloud. Again, that server accesses files on some type of versioned append-only file server.
All these servers, eg cloud servers, web server, database server, etc could be containers. (eg docker or similar) Disposable. No persistent state within the container. Persistent state is only on that append-only file server -- which itself is a containerized process running against a filesystem, like maybe ZFS.
Now at some level you have to trust the OS and hardware. As for the hardware, maybe you don't trust it for certain parts of the system. Eg, your disposable cheap laptops. After all, nothing is ever permanently stored on that device. Making it disposable.
Maybe you don't trust the hardware running your append-only file server. But that box would not be internet connected. So how would a remote spy command the management engine to start spying? The boxes that are internet connected, and maybe remotely exploitable can only append information to the file sever.
Other thoughts?
I suppose start looking harder at using non-Intel processors. ARM. New open source chips.
In the long term, imagine a scenario like this. Suppose the processor were an FPGA. You "flashed" it with a processor design, and then loaded software compiled for that processor. Open source groups could develop new instruction sets and matching compilers. As long as these came out at some reasonable rate it would be more difficult to maintain binary exploits against a single architecture. Even if new processor instruction sets (and their compiler back ends) were changed not primarily to improve performance, but to deliberately be binary incompatible with all existing compiled binaries.
Now I suppose the source code and/or the compilers become the target of exploitation.
It's always something.
What doesn't kill me makes me weaker for next time.
(Score: 2) by takyon on Thursday September 20 2018, @02:42PM (1 child)
Google Fuchsia may have more paranoid privacy features [soylentnews.org] than ChromeOS, although it is still Google so you get things like this:
Maybe it can be easily modified to regain such anti-tracking features. In the meantime, everything on Fuchsia will be sandboxed cloud stuff.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by DannyB on Thursday September 20 2018, @05:11PM
Chromebooks are only one possible element of what I was describing.
But if you can put your own stuff into the cloud (Linode, Digital Ocean, etc) for a few bucks a month, then you could use just a browser. With VNC via the web browser. Log in to the chromebook as guest. At this point what does Google know about you?
* that someone initialized a chromebook
* someone used it as guest
* someone went to a certain domain name and IP address using SSL
Now I suppose the browser could then spy via screen shots, key logging, etc. But at this point we're talking a whole different level of spying than tracking you to put better ads in front of your eyeballs.
If you're worried about TLAs and APTs then you are wanting something very different. Unusual hardware. Probably no Intel / AMD management engines. Something like Qubes, etc.
What doesn't kill me makes me weaker for next time.
(Score: 0) by Anonymous Coward on Friday September 21 2018, @08:07AM
Everything we do is on a VM in a protected environment. The local machine doesn't even have email. No net access. Can't save files. Can only open a VM.
Good luck.
(Score: 2) by All Your Lawn Are Belong To Us on Thursday September 20 2018, @02:20PM
1) The ethics of a company are only those which are circumscribed upon them by external forces. [Nothing says any company MUST do business in China. If a company really wants to have their own spirit/morals/ethics they can say and then market that they won't do business with China, just like we have in the past to other regimes.]
2) Greed corrupts.
3) Germans love David Hasselhoff.
This sig for rent.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @03:39PM
The Clipper chip comes to find; the continuing "debate" over mandated encryption backdoors is a more recent example. I think the the efforts put toward Free hardware will be the long-term outcome. The ethical foundation of Free Software (vs Open Source) lends itself to addressing these problems before they become unmanageable. I believe we are moving toward a future where the only devices that you can trust will be the ones you print yourselves- 3D hardware printers using specifications developed under Free licensing running Free Software. Everything else will be compromised devices, running "managed" experiences designed to addict and extract marginal revenues from you by whatever company made the device.
(Score: 2) by All Your Lawn Are Belong To Us on Thursday September 20 2018, @05:22PM
Then don't use products of multinationals. Note to self.... if ever traveling to China, first develop your own computer from the ground up, just for what you intend it for, and bring that with. (then promptly be tagged as a spy when their spyware won't work on you and their backdoors don't give them access....)
This sig for rent.