[Cryptography] GHCQ Penetration of Belgacom

Thu Dec 18 16:18:44 EST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/18/2014 11:03 AM, Ray Dillinger wrote:

> I would fully support a UN treaty whose signers agree to charge
> at least a 100% tariff on all imports of chips, routers, switches,
> and computers.

That won't solve the problem.  It costs well over a billion
dollars to set up a modern chip fabrication line.  That by
itself is at least 0.25% of the annual GDP of Belgium, or at 
least 1% of the annual GDP of (say) New Zealand.  And chips
aren't the whole story.
  a) Suppose they collect the tariff and put it in the treasury.
   Then the users would just be getting foreign chips at a higher
   price.
  b) Suppose they actually spent the money to build their own
   fab line.  That would be a tremendously wasteful drain on
   the economy.

Free-and-fair trade is generally a good thing.  When trade is
disrupted by tariffs -- OR BY LACK OF TRUST -- everybody suffers.

========

A hypothesis to consider:  Perhaps other economic forces could 
be brought to bear.  The perception (whether entirely true or
not) that Cisco's revenue is suffering from post-Snowden
distrust might be enough to change behavior.  On the other
hand, if you're in Belgium, buying tech from China instead 
of the US doesn't seem like an improvement.  Commercial 
advantage would accrue to the first vendor who could offer 
products with a warranty, certified free of back doors.

I'm not sure exactly how it would work, but one could imagine
independent certification laboratories, perhaps like UL.com
or kaspersky.com.  The labs could test a random sample of the 
company's products.  Certification by labs in two different
countries would make life harder for the nation-state bad
actors.  On the other hand we should keep in mind that there
are huge trans-national enterprises such as Goldman Sachs 
and ExxonMobil that think nothing of subverting multiple
governments at the same time.

Here's another hypothesis to consider:  Maybe the NSA should
pay attention to what Frank Rowlett said:
   "In the long run it is more important to secure one's own 
    communications than to exploit those of the enemy."

That is, imagine what would happen if NSA put more resources
into fixing stuff than into breaking stuff.

Here's a third hypothesis:  At some point the various players 
could get together and decide not to attack each other.  Before
you cue the "impossible" music
  https://www.youtube.com/watch?v=RfHnzYEHAow#t=13s
remember that treaties /sometimes/ help a little bit.
  ++ The Vienna Convention on Diplomatic Relations sorta works.
  ++ The chemical weapons treaty sorta worked in Syria.
  ++ The nuclear nonproliferation treaty sorta worked in Libya.
  -- Although not so much in Pakistan, North Korea, et cetera.
  -- et cetera.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVJNEs/O9SFghczXtAQKgVBAAtYWmkX6xCWr3t9k901TbfZydAH3UvaOI
Kt0kCXSWcIEp4g+yXcD8wjaujzSaCkCiqFJ3CM1EBvul5QQ806t7ktoGhwR4ylXl
hqa19tPYfI36FVSjzcH5VAV6J5CTtV/Ru44U49x+OAOw+TphV/10rj3TziYmIKhA
+VStb8I2/nHBrAEPv2+ncaoElP5A0/jpewfI47aI/65Ur6z0+h+q6Xc77wLU3EnK
tGwpijIMZUYqKw7XryYfBQAYH196U0uQlAz1k1Zqni9FLhR7EIwSxlbpqONLd3su
r5xqx53/IqSFaV0XNxjMopT2h9Jp/EqAGhpEGTDOCfYZy4wNCtIpt3HuHxM2/XlV
446THAlDW0Nv3AepzX3kgbzMkLMiT/X+lq/wFOjN27ZBdNzw2+gDjGb3Htv6uYnq
kUuL7808poBh8GJyDBGhLtPRcU+w7qTwrB2fx1E7qBTLQvbKLbBa292iKqTM3wHv
vqfGHqHRlnRinBPlD0WCJ/VAZmJ67QU0pILPE5e5rHgYXonKqKdsu5X/CvUSasef
hkc1D6kwr6hOVUyPBHg4Em47ifOptstlQDBBQVHxGGNnnxxwPqPkqG3J9s0GAcEe
3uDN9RQ7kD6sBKC6mn0kUHUzd2iyswZNu1FYE9+YjXwXAR+GrWfQHkfkp+b//l3q
84LcSnbH4BM=
=nxku
-----END PGP SIGNATURE-----