Let me postulate that knowledge actually is power. That would mean that intellectual property is a strategic asset: the asymmetry between its pile of intellectual property and other nations’ piles can be converted to potential military force and dominance.
If any of that is approximately true, the strategic value of intellectual property increases as the differential increases – in other words, a nation wants to be the only one with machine guns, while everyone else is using bows and spears. Military history supports that observation, since we see many instances where a smaller high-tech force has prevailed against more massive opponents – consider as an example, the Zulu wars, in which a small number of badly-led British troops wiped out the effective military of the Zulu nation thanks to Martini-Henry rifles, which had a (for the time) unprecedented fire rate and accuracy. Put differently, the reason that military secrets are some of the most short-lived, is because:
- They are important
- They are highly desirable
- They make a huge difference
- They are expensive to develop
- They are easier to steal than develop
- Most nations will pay exorbitant costs for them because they know the above points are true
To take advantage of some stolen intellectual property, a nation needs the infrastructure to back up the theft. We see this, today, in military jet engine manufacture: most nations building fighter jet aircraft avoid trying to develop military jet engines from scratch and prefer to buy, license, or steal the technology. But a nation that is too far behind the tech curve can’t simply steal the plans for a high tech fly by wire stealth jet and go build one. We saw some of that when the USSR attempted to build its own “space shuttle” heavily-influenced by NASA technology, and it turned out that their entire technology base was too low to pull it off. Think about it: to make a space shuttle you need to be able to make carbon/carbon woven wing-edges (to name one component) and, if you can’t, it’s “game over” because your shuttle will never re-enter the atmosphere in one piece.
So, for example, China’s domestic jet engine production is estimated to be “20 years behind global leaders.” Add ten years for R&D and testing and that means that China can hope to fly military jets that are as good as the US was flying in the 1980s, against the latest stuff we are trying to flying today. Is the strategic edge that intellectual property gives sufficient to serve as a warning to China that it cannot possibly challenge US hegemony? Actually, yes, probably. That’s at least partly due to the fact that military technology is far trickier than civilian technology; the cutting edge is where the decisive action happens. Civilian jet engines can be less efficient, cheaper, and easier and still be commercially viable. But that doesn’t apply in a battlefield environment where a single high-tech weapon may soak up dozens of comparable low-tech challengers. For example, during the entire Gulf War II, only one US M-1 Abrams tank was lost, and that was to a lucky insurgent with an RPG to managed to start a fire. The tank was refitted and back in action in a few months. Meanwhile, at the “battle” of 73 Easting, [wik] Iraq lost 160 tanks and 180 armored personnel carriers in one engagement that inflicted the loss of one US Bradley fighting vehicle – and Bradleys are widely considered to weak. The engagement was a demonstration of the value of differential intellectual property, coupled to a logistical chain and production capacity.
This is why the US complains so bitterly about “Chinese spies.” Policy-makers at high levels are well aware that, in order to get better pricing, many US corporations have traded intellectual property to China, and that China has (quite rationally) encouraged that by saying, in effect, “if you want access to our slave-labor priced labor pool, you’ll ‘partner’ with us on intellectual property. Or you can take your business elsewhere and we’ll learn it from there, anyway.” Both the leaders of the US and China understand the fleeting nature of intellectual property advantage and they are both acting in accord with that understanding. This is simply a historical fact/trend: when the US was a young nation, its industrial revolution was based on stolen English, French and Scottish technology: Jacquard looms from France wove the cotton, Bessemer steel process converted the iron, and Steam engines provided the power. In those days, the differential between cutting edge and trailing edge was not so big, and the US was able to steal enough technology that it was able to raise the entire industrial level of its production capacity – from there, size of population and capitalism took over. There’s a good book, which I recommend, called Smuggler Nation [wc] which outlines how the young US government actively recruited industrial engineers from more advanced nations, to come live here.
This is all why I laugh bitterly when US politicians scream about Huawei. It’s basically “sauce for the goose.”
There is an added dimension to the Huawei scenario – actually, there are several. Let me mention one then dispense with it: racism. The European powers, since the Opium Wars, have wanted to treat China as a vassal state and that has not changed. And you get Department of State Director of Policy Planning Kiron Skinner saying gems like this: [think]
It’s the first time that we will have a great power competitor that is not Caucasian.
Surely, that impressed the Chinese with hot new desire to respect our intellectual property. There’s good old-fashioned American racism, but there’s also US espionage strategy. By now, you ought to have noticed that the US National Security Agency has backdoored all the computers. Intel processors since 2012 carry a separate CPU that has bypass access to even the “trusted computing module” on the rest of the chip. You ought to have noticed that the FBI and other government agencies have mandated backdoors in Facebook, Twitter, Gmail, iCloud, etc. ostensibly to fight terrorism but, you know, it’s also useful for settling political scores. The US is inappropriately freaking out about Huawei because they are afraid that Huawei might do to them what they have done to the rest of the world. In other words, the Huawei crisis is that China is attempting to play on the same playing-field that the US has unilaterally declared as “ours” since the 1980s. The US freak-out is the result of high-level realization that eventually, outsourcing cheap production of components to China was going to result in China learning how to make iPhones and Facebook. [WeChat has about the same daily active user population as Facebook] It’s as if the British woke up one day and realized that maybe outsourcing the manufacture of their Martini-Henry rifles to Zululand was a bad idea. The British were not that foolish; what screwed them was the Mauser brothers perfecting a better faster and more accurate rifle – the magazine-fed bolt action – and exporting it to the Boers. The US is going “wait a minute, that thing we taught you to do, you should not be doing that!”
What most Americans don’t realize [I remember when it happened] is that Huawei is an American joint effort company. Perhaps you remember 3Com – a company that made gigantic amounts of money back in the day selling network interface cards for PCs. 3Com also dabbled in small routers and switches and stuff like that. But they could not compete with Cisco and Belkin and some of the other companies that came around and ate their lunch. It was simple bad management: 3Com bet their business that Intel would not wise up and offer a physical network adapter on motherboards, and include processor support for networking – then *poof* there goes 3Com’s main line of business. [Intel appears to have also added backdoors for the US government into that networking, so it was acceptable for export] 3Com made a desperate bid for survival by opening the Chinese market for networking products – and established Huawei as a joint effort between 3Com and the Chinese government. 3Com also did some other non-brilliant maneuvers, namely merging with US Robotics (the predominant seller of modems) [remember modems?] and along with that came Palm, an early innovator in “personal digital assistants.” 3Com’s non-brilliant marketing team also spent nearly $1m to buy the rights to rename San Francisco’s Candlestick Park to ‘3Com Hellscape Park’ or something like that. In the middle of all that corporate falling apart, 3Com decided to exit the switch and router business and focus on small business integrated devices – i.e.: low-end units that do a bunch of stuff badly at a price-point where profit-margins are virtually nonexistent. Huawei was the vehicle for doing that transition: make the stuff in China, sell to the Chinese/Indian/”non-caucasian” as Kiron Skinner would say, market.
So 3Com’s code-base became the core software loadout for Huawei’s first generation products, and it’s a safe bet that NSA code went along in the mix. Or, if it didn’t, perhaps that’s why the US is so upset about Huawei, now. I can’t for the life of me decide if the US is upset because:
- Huawei removed the NSA’s backdoors
- Huawei added Chinese government backdoors
- Huawei has a dual stack of backdoors and is less reliable because of it
- Huawei had the temerity to innovate, instead of just churning US technology, and managed to make some inexpensive 5G gear which is cheaper/more adequate [we do not say “better” when it comes to telephony software, it’s all “less worse”] than comparable offerings from AT&T and Verizon, which turn out to be incapable of producing products, only of reselling other products from other places.
My guess is the latter: the fear is that Huawei’s stuff is going to be the final nail in the coffin that was American telephonic superiority. Nokia was the first nail, the death of Motorola the second, the absurdity of the Amazon cell phone the third, and Google’s Android is the rest. Android is OK for now because it’s a comfortable host for NSA’s backdoors (on the server side) and everyone else’s (on the device side). [Not that Apple is any better, they’re just prettier!] *
3Com is still around, by the way – its shattered remains now belong to Hewlett-Packard, another company consisting of shattered remains, just stumbling around in the marketplace waiting for someone to hammer that last coffin-nail into it.
As the US screams about Huawei, more rational nations around the world have mostly shrugged and pointed to the numerous egregious backdoors in Cisco’s gear, “where do you think that came from?” they ask. The problem that other nations face is that their 5G gear is going to be full of backdoors from someone and they don’t really care, except that the US wants to be damn sure that it’s US backdoors and not Chinese backdoors.
Back around 2012 I started doing talks about cyberwar and how it was bullshit, and then realized that the US doesn’t care if it’s bullshit or not: they’re simply treating the internet as a colonial property and are keeping other nations out of getting control in a substantive way, because it might matter someday. I.e.: they can’t have China positioned to do what they want to be able to do, because that might interfere with their ability to do whatever they want whenever they want. Here’s a simple algorithm for figuring out US policy: If the US is saying “${other country} is preparing nasty thing!” it’s because the US has already prepared to do that nasty thing and they are pissed off that ${other country} is edging in on their turf. So, when the US says “Russia is cheating on the ballistic missile treaty!” it means “we’re cheating on the ballistic missile treaty and we’re super pissed off that Russia appears to be doing the same thing that we’ve been doing for years!”
All of this leaves me in the odd spot of feeling vaguely supportive of Huawei, since it is a crack in US hegemony although that crack is about to be patched over at great expense and waste of effort. Meanwhile, the US is locked in a battle between the national security state and capitalist companies that will make any short-term move that props their stock price up, regardless of whether it’s a strategic disaster. This has played itself out since post-WWII. I remember when the US was worried that exporting jet engine turbine technology to South Korea (in order to access cheaper labor) was going to be a problem. It hasn’t been, because the US has kept South Korea pretty well under its thumb; if they dare to compete with Apple, they can argue about it in court, but they can be fined (“taxed”) for intellectual property if need be. The problem only gets painful when technology is exported to a country that can’t be controlled. Like China. If you step back and look at it from a distance, the problem is pretty obvious: the US wants to not only have military hegemony over the planet, its system of capitalism only works if it can control global markets, most specifically oil and intellectual property. That’s why you see rather bizarre things like the US strong-arming New Zealand into arresting Kim Dotcom for aiding and abetting the sale of hollywood’s finest crap. Hey! That’s not allowed! Only youtube (an American company) can steal hollywood’s finest crap! Send in the SWAT TEAM! [ars] SWAT teams for copyright infringement? On the floor, socialists!
US capitalists make their decisions based on what makes short-term sense (like having China manufacture iPhones, or Huawei spinning off from dying 3Com) and then the government has to try to make sense of it all, and keep the wheels from falling off the pram. Sadly, the US government is simply not competent at dealing with that sort of thing – witness Trump’s “trade war” which has accomplished nothing except to impoverish some US farmers who were on the edge of financial ruin, and to vastly enrich “trans-shipment” companies in Hong Kong, Malaysia, and otherwhere. Those are the companies that buy goods without the US’ tariffs, mark them up, and sell them to the US bypassing the tariff. The end result is that the tariff raises prices 5% or so for the end consumer. If they’re not rich, too bad.
This morning, I stumbled across a little tidbit related to the ongoing F-35 disaster, which provided some focus for me. Recall that, in order for the F-35 program to be “affordable” by NATO, the US decided to amortize the cost of the program across all NATO members by forcing them to buy F-35s, In return, it doled out pork to NATO allies’ military-industrial complexes: a part is made here, a component there, etc. If you recall, Turkey got the contract for servicing F-35 engines for all European NATO allies. [stderr] In principle that means that Britain will pay a humongous tax for their F-35s, if they want them to ‘work’ for any more than a couple of flights. From the perspective of intellectual property being a strategic asset, this was a move that may have made sense for capitalists, but otherwise it’s absurdly short-sighted. It’s so short-sighted, in fact, that it completely dwarfs the Huawei situation in terms of short-sightedness. [wt]
President Trump and his Turkish counterpart this week agreed to form a study group examining the compatibility of the F-35 fighter jet with the Russian-made S-400 missile system, according to media reports, with Mr. Trump overriding objections from advisers in the Pentagon and State Department.
For months the administration has warned Turkey that going ahead with its planned purchase of Russia’s S400 would likely kill the potential for Ankara to also buy F-35s. The fear inside the White House and Defense Department has been that the F-35’s security could be compromised by operating in conjunction with the S400.
So, Trump is telling Turkey “hey, it’s OK if you start designing compatibility interfaces between F-35 onboard systems and hardpoints, and Russian missile systems. How are they going to do that? Well, the first thing they are going to do is ask the Russians. In order to make it work, they’ll need Russian specs and US software. Bear in mind that the infamous leak of F-35 CAD plans was through Turkey in the first place.** [vice] The development model for the F-35 required that detailed component specifications be shared with all the NATO countries’ respective pork-holders, so it was inevitable that someone, somewhere, would leak them. From a standpoint of China, it may as well have been an open R&D process that they were invited to sit in on.
The idea is nuts, because it’d mean giving the Russians the specs to write control software for the F-35’s weapons system computer. Then, what? Presumably the Russians would go, “Here! Here’s some code you can run that will make those missiles work most super excellently! (wink)(wink)” In the meantime, does that mean exposing all of the F-35’s computer internal interfaces to the Russians? “Oh, hey, we’ll just use amazon mechanical turk to translate all the code comments into Russian for you!” Whoever cooked this up doesn’t appear to understand how fly-by-wire works, how weapons systems work, how the F-35 program works, or … oh, wait, we’re talking about a guy who thinks “nuclear triad” is a lapdance move.
But Mr. Trump seems to be keeping more of an open mind. Middle East Eye reported Friday that the president agreed to a proposal from Turkish President Tayyip Erdogan to form a joint task force examining whether there are, in fact, inevitable security vulnerabilities associated with using the two systems.
As long as the backdoors are compatible and don’t crash eachother, the whole thing should work. But, basically, it amounts to buying a weapons system with two built-in “veto switches” that can disable it: a Russian one and an American one. How are the Turks going to audit their missiles and validate that the software doesn’t have a “miss, if you’re firing at a plane squawking a certain transponder code”? And I assume that the F-35 has a general “phone home for permission before shooting anyone” code. The US would be crazy to allow stealth aircraft out of its tight control without some fallbacks. We’ll know if the Turkish F-35 fleet suddenly face-plants on takeoff. What puzzles me is how foolish the Turkish are, not to see that coming. The US has a history of selling countries advanced aircraft and then refusing to sell them parts; “Oh, you wanted to actually use that F-15? Uh, no.”
This is the essence of poor strategy, and the US and Russia are both playing against the culture that wrote the book on strategy.
* My suspicion is that the network device backdoor market was no longer interesting the NSA, since starting around 2000, they were busy working with Intel to add secret coprocessors onto their general purpose CPUs. No need to worry about networking, anymore! Although, the Intel EtherExpress card has a lot of real estate and would be a great place for a backdoor circa 1997. At NFR we were using them for packet capture and got a lot of technical details from Intel about the capabilities of that card and there was some hinky-looking stuff in there. Lots of “wake the CPU on recept of packet” and “don’t wake the CPU on reciept of packet, just process it locally” stuff. Probably an early version of what later became IME.
** A guy I know in the INFOSEC world (Kevin Z) was involved in the damage containment and forensics for the first F-35 CAD leak, which he told me happened in Turkey. I believe him.
Dunc says
Well, we weren’t foolish enough to outsource the production of key military technologies, but we were foolish enough to off-shore a lot of the industrial base (particularly in textiles) that paid for it all…
I believe this is a fairly consistent pattern in any empire that manages to stick around long enough – the cost disparities between the centre and the periphery eventually make it very economically attractive to move production from the former to the latter, which then reverses the flow of money that kept the empire going, and the whole thing falls apart.
Yeah, that’s been one of my heuristics for a long time. It’s very reliable.
Patrick Slattery says
> the first F-35 CAD leak
I thought the theft of the plans from Lockheed via the RSA hack was first, no?
Marcus Ranum says
Patrick Slattery@#2:
I thought the theft of the plans from Lockheed via the RSA hack was first, no?
That was the second or maybe the third. The RSA hack may have actually been Chinese. The Turkey hack was possibly, too. You can do research for 10 minutes and make a list of Turkish companies that might have the information. It’s that easy.
For all intents and purposes they could have posted the stuff on pastebin. Their security has been horrible.
Pierce R. Butler says
Got any recommendations for not-too-technical summaries of electronic backdoor development?
Pierce R. Butler says
… when the US was a young nation, its industrial revolution was based on stolen English, French and Scottish technology…
Not to mention such exciting pranks as the young Thomas Jefferson smuggling legally-protected grape cultivars out of what we now call Italy.
Jazzlet says
One of the things you noticed if you were the sort of person that read the copyright information in books way back when was how many published in the UK were ‘Not For Sale in the USA’. This may simply have been that the publishing rights for the USA were sold seperately (probably the correct reason), but I was told that it was because the USA just stole copyrighted things. I must have been told that by my older brothers in the late sixties or early seventies and while by then it may not have been true of things like books, it was certainly assumed to be true for many other things.
LykeX says
So, the money-grubbing sociopaths have become so greedy, they’re undermining the genocidal fascists. Fascinating!
bryanfeir says
And, of course, the theft of intellectual property happens internally, too. Witness film production setting up in Hollywood to make it difficult for Edison to enforce ownership claims.
cvoinescu says
Jazzlet @ #6:
It was true of books, too. Charles Dickens was pretty miffed about it. (Initially. Later, it turned out so many Americans had read cheap bootleg copies of his work, he was super-famous, and he made a killing in speaking fees.)
invivoMark says
I am reminded of a story from the space race days. Despite the cliche of US technological supremacy, USSR rockets were actually superior to US rockets, largely due to advanced metallurgy that our engineers weren’t aware of.
The differential was supposedly so great that when plans for a Soviet rocket were stolen and presented to NASA engineers, the engineers were convinced that the plans had to be fake, because there’s no way that rocket would actually fly without melting something critical! There is a reason old Soviet rockets are still in use today.
The assumption of US technological and intellectual superiority has been around a long time. But if it’s not being used to bury other countries under rubble, no one in Congress cares. We actually ARE the superior force in the biological sciences, but Congress is never excited about funding it.
Jazzlet says
cvoinescu @#9
Yes it had been true, but when I say the late sixties or early seventies I mean the 1960s not the 1860s, I am not that old!
cvoinescu says
Jazzlet @ #11:
If it was the 1960s, I think you are likely correct: both reasons apply. The US did not adopt the Berne Convention until 1988 (effective 1989), more than 100 years after it was first signed. Before 1989, they required registration of copyright (it was not automatic as it is now).
dangerousbeans says
“The problem that other nations face is that their 5G gear is going to be full of backdoors from someone and they don’t really care”
Yep, I’m an Australian citizen with a Huawei phone. I know the US and Aus governments are working together to spy on me, do I really care if the Chinese are too? They at least can’t tell the local Gestapo to kick down my door
Marcus Ranum says
dangerousbeans@:
Maybe the feds are angry that they’ll have to use Blackberries into the 21st century. [blackberry was US gov’t preferred because the data went to Canada which made it game for the NSA, back in the days when the NSA pretended not to do domestic spying]
They’re probably less worried about your data being monitored than that the Chinese could then crash the phone network if it wanted to stop communications, should Australia have its own Tienamen Sq moment or something.
Control freaks gotta control, and freak out if they can’t.
Owlmirror says
Is there any reason to think that AMD might be less vulnerable, or is it just backdoors everywhere?
Marcus Ranum says
Owlmirror@#15:
Is there any reason to think that AMD might be less vulnerable, or is it just backdoors everywhere?
It’s backdoors everywhere. Maybe Huawei hasn’t got NSA backdoors but it probably does have backdoors.
I have a vague fantasy that the reason software has gotten so unreliable is because all the backdoors crash eachother. It’s Core Wars with a vengeance!
John Morales says
Well, thread well in, shouldn’t be too disruptive, so I’ll note that the concept of ‘theft’ kinda weakens when the victim loses nothing whatsoever from that purported theft. What they had before, they have after.
Me, I call it ‘copying’.
(Akin to the teleportation issue)
jrkrideau says
Marcus,
Do you know if the Russians are designing their own chips or even if they have the capacity to do so?
BTW, I noticed a couple of months ago that the majority of Russians do not use the standard Western browers. Somewhere around 60 or 70 percent use a Russian browser called Yandex.
Though China does not have the ability to build fighter engines, Russia does and as a matter of self-defence might become China’s supplier of engines and eventransfer the know- how to China.
Marcus Ranum says
jrkrideau@#18:
Do you know if the Russians are designing their own chips or even if they have the capacity to do so?
I don’t think they are; the US has such a lead that it’s not even funny, and I suspect that there are patents protecting most of Intel’s processes – it’s pretty thoroughly locked up, in other words. The Russians (we know) use Windows PCs for certain things – presumably they are isolating those pretty carefully for the secret stuff.
The US NSA used to have a small chip fabrication facility operated by Fairchild near their HQ, where all their cryptographic processors were produced. I believe it may be shut down, now, it being far from the state of the art. But NSA has always been concerned with processor subversion; I can’t imagine why. (Concerns with subversion and supply chain subversion go back to the 1970s at least – Dr Roger Schell’s seminal paper on subversion was the public starting-point of that discussion)
BTW, I noticed a couple of months ago that the majority of Russians do not use the standard Western browers. Somewhere around 60 or 70 percent use a Russian browser called Yandex.
I wonder why. And China has its own version of Facebook, and messenger and Ebay. They’re not stupid. A few years ago Iran was floating the idea of developing an operating environment for the arab world, but it appears to have been too expensive (and they probably realized the whole program was going to be penetrated from the get-go)
Though China does not have the ability to build fighter engines, Russia does and as a matter of self-defence might become China’s supplier of engines and eventransfer the know- how to China.
Almost certainly. I believe China does have some domestic jet engine production, but they aren’t making the highly performing stuff necessary for military applications.
It’s really interesting, to me, what makes a “military jet engine” versus a civilian one – mostly maintenance and efficiency. If you want an idea of the kind of edge-engineering that goes into the military stuff, it’s mind-blowing. And then there’s the J58: https://youtu.be/F3ao5SCedIk
I wonder if the US could still build a J58 …
Marcus Ranum says
John Morales@#17:
I’ll note that the concept of ‘theft’ kinda weakens when the victim loses nothing whatsoever from that purported theft. What they had before, they have after.
I’ve encountered that line of reasoning a lot, and I find it problematic. Here’s the thing: if someone ‘copies’ an idea, so that they can build their own version of an extremely expensive jet engine, instead of buying one (for example) then the manufacturer of the jet engine does lose revenue, because they didn’t get to sell a jet engine, and a jet engine now exists. If someone stole plans for a jet engine and did nothing with them, then it would not have an impact, but as soon as they do something or use that knowledge they are saving R&D costs which the developer of the intellectual property had to pay, and is expecting to amortize out of future sales.