2015 or…1993?

I saw this article on both Mashable and the BBC  about China imposing new IT guidelines

The Chinese government has asked issued new guidelines that would require hi tech suppliers to insert backdoors, monitor ports and adopt Chinese encryption algorithms initially for the Chinese financial markets, but later more broadly across the Chinese market.

From a Chinese perspective this makes perfect sense, they have already noted that being reliant on foreign technology represents a strategic risk. Let’s face it, the Edward Snowden revelations haven’t really painted the US as a hands-off, laissez faire kind of player. Indeed the US has previous, as they say in all the best gangster movies. If you’re old enough to remember 1993, then the NSA’s vaunted ‘Clipper’ architecture would bring a smile.

In 1993 the NSA proposed a chipset designed primarily for voice communications. It had built-in backdoors to allow the NSA to listen in. Announced in 1993, by 1996 the project was defunct. The technology was based around the telecoms companies engaging in ‘key escrow’ to hold copies of the encryption keys with an escrow agent for use by NSA. How strange that confidence in a government agency using privileged access to a resource wasn’t high.

Roll-forward 20 years and …well, plus ca change?

This time its the Chinese government calling the shots. We see already that Chinese company Huawei is blocked from certain contracts, and in the UK BT, who use Huawei networking equipment have elaborate procedures to try and assert no backdoor exists already. Here’s the link to the government’s response to intelligence and security committee report on this.

I wonder where this will go. Will China modify the guidelines? Will we see product lines diverge? One line suitable for the Chinese market, complete with Sino-compliant features, the other suitable for the world outside China. Or will the features designed to protect the Chinese market themselves becomes vulnerabilities – a ready made hackers framework?