On Fri, Jun 18, 2021 at 10:56 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
more-over, aren't there lots of other folk making gear (even inside the US!!!) which are made up of components/software/etc which MAY be influenced/etc by foreign actors?
This proposal and the previous version of this conversation/regulation seem designed to just be flame-bait in the political space. They can't really have merit because who says John Chambers wasn't paid by the Elboniese Ministry of Magics to insert 'bad things' in all Cisco devices built during his tenure?
Hi Chris, Here's what I'm thinking: I'm thinking it costs less than five cents per unit to add a radio receiver to any mass-produced VLSI or SoC chip whose sole purpose is to blow an internal fuse on receipt of the right cryptographic waveform. Pirate the mandatory voltage in line for a bad but usable antenna. The fuse could do anything. Disable the chip. Switch to the alternate firmware. Anything. I'm thinking the FCC would assign itself the mission of protecting us from such a threat and the authority to do so by speculatively banning electronics which can't prove they don't contain such a circuit. Which is practically impossible. And applies to all electronics. Everything. Or worse, I'm thinking the FCC would assign itself the mission but only enough authority to make itself a nuisance to legitimate vendors while leaving massive holes in the attack surface. This is a bad idea. This is one of the things we have intelligence agencies for: to catch companies and nations who sneak clandestine contaminants into their exports so that we can confront or if need be embargo those imports in a comprehensive way. Contaminated electronics is just the latest twist in a long shadow war where the FCC's amateur interference would not be helpful. I'm also thinking this would make a great plot for a science fiction / spy novel. Any writers out there? Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/