The ban always seemed weird to me. Not even a shred of a technical argument made it into public discourse when this was an issue. Governments just said "trust us" without giving any examples. This thread is the first time I read a hint at why that decision was made. Still, I don't know how much of this was a political stunt vs. grounded in reality. Maybe I am too jaded/cynical?
When it comes to government, it's hard to be too cynical. But in this particular case, it definitely was not a political stunt. There are a number of reasons for the limited disclosure - including NDA's signed by the governments and labs with the vendors in order to gain access to their intellectual property at a level sufficient to conduct the depth of analysis required.
I mean, it obviously did make it to the public because that WP article was written in 2019, and I remember hearing some of those details (that it wasn't so much "the code has backdoors" as "the code is so shit, it doesn't even matter if there's a backdoor in there deliberately") back then.
By the time any highly-technical topic makes it to the mainstream discourse, the details tend to get stripped out simply because none of the 70 year olds watching CNN or Fox appreciate the difference and none of the anchors or panelists know what they're talking about either.
Government secrecy when it comes to vulnerably research for foreign produced hardware is entirely understandable. I don’t need to know. You don’t want your adversaries to know how much you figured out.
The US does pentesting with Cisco hardware and doesn't publish the results? Sure. And again, I don't need to see that. The NSA doesn't need to publish all of the vulnerabilities it finds, this is its whole purpose (likewise with similar orgs doing similar things)
The US bans the sale and install of Cisco hardware? (of course not but from the context not clear)
Governments provided with source code from MNCs like Huawei will be under strict NDA - providing source is very unusual for obvious reasons (poor security being one - assuming they know it’s bad, sharing it opens a huge threat vector). They are almost certainly unable to share any specific vulnerabilities.
Government has a mandate. That's how it can function. They have evidence, why reveal it to the public (and thus china)? I grew out of my Ron Paul phase at 15.
You trust China over your own government? Move then.
Whoa there, kiddo! I deeply, deeply resent being called 15! The tone of your comment is just wild.
I am old enough to have seen several instances where organizations had internal reasons for their decisions and chose to argue something completely different in their outward communication. Given that an exclusion of Huawei had the obvious side effect of protecting domestic markets, this leaves quite some room for doubt around this specific instance. You say it yourself that governments have mandates.
It isn't a question of trusting China more, it is about the determination of whether China or a different government is the bigger threat. If my communication gets me in trouble it is much more likely to be with my local government than the Chinese. That and the Chinese equipment probably being cheaper and better casts a lot of doubt on whether conclusions from 5-Eyes countries are in my interests.
From that perspective it makes a big difference whether the Chinese have mostly secure back-doors or their software is just generally insecure.
Due to way the Chinese government operates in other countries, if you happen to be ethnically Chinese living in the West, the Chinese government is still probably more of a threat to you than Western governments.
It is difficult to assess - we could say similar things about the US network set up for extraordinary renditions. It is unclear whether the US or Chinese network is "worse". Although what worse means is very debatable, it raises questions of size, activity, goals and targets. We're comparing one clandestine thing to another and we don't have good data on either.
