« Great dilbert today | Main | I can finally make a Convoy reference in context, woot »
May 19, 2006
Isolationist technology policy?
So, I read this link today which talks about the US .gov saying no to lenovo made thinkpads. What do you all think of this?
On the surface some Senators are making a fuss about sensative material being stored on laptops made outside the US. I wonder if these same Senators know that:
- all laptops are pretty much assembled outside the US
- how comlpex a laptop system really is, so "securing" one is pretty much unreasonable even if it was 100% made in the USA
- how many "hands" touch the laptop before it gets to a .gov employee
Depending on where they buy it from, how much OEM software is installed and how many people, if they wanted, could have dropped a backdoor enabled network driver or something of the like in there it seems like this attitude is silly and, more likely, further damages the US's current administrations lack of regard for 'fairness' in international policies, economic in this case.
If it's just that they're worried about driver/hardware based backdoors since they strip them down to bare OS's before they deploy...I still think the Lenovo supply chain is probably so similair to others that it's a wash.
I'm guessing this whole deal is more of:
- move to gain some leverage over foreign countries whose tech sector would be hurt by this policy ( china particularly )
- a superficial effort to keep tech investments "in the USA". ( I wonder if the good Senator(s) know where their kids ipods and new black macbooks where built ;) )
Personally, I'm surprised that Lenovo didn't build some kind of clause into their buyout of the thinkpad brand that was tied to .gov acceptance. I'm guessing the US government is a big buyer of thinkpads, thanks to their reputation as one of the most sturdy consumer windows laptops available.
Posted by bucjos at May 19, 2006 12:43 PM
Comments
If the laptop is truly being used inside of a secure network, not even backdoors would matter. I did not read the full article for details on the network, but it would have made more sense for them to be worried about non-secure networks.
Unless I am just not up-to-date on network security terminology...
Posted by: babada at May 19, 2006 05:27 PM
Good point Adam, the worse backdoor kinda thing that could be in there is a "dial home" mechanism and I'd think that the "secure" networks could get all over that in a heartbeat.
That is assuming they can even get to the outside internet. We've all seen MI:1, we know what secure is and obviously Tom Cruise has been too busy being crazy to break in, so whats the concern?
Posted by: Joebuck at May 19, 2006 05:36 PM
You're assuming that any phone-home thing would go over the network. There could be a keylogger that stored it up and then transmitted it when it got a certain signal (sorta like rfid, but smarter. Like mifare but less complex). Anyways, like you said everything's assembled outside the US, so I don't think the risk really matters on that though.
Posted by: Jeremy at May 19, 2006 07:34 PM
So some part of me wants to go work for .gov and explain stuff to senators before they sound like giant tools.
Hey are you comming to WA?
Posted by: Kruck at May 20, 2006 05:45 PM
The network security thing is the main argument in the whole debate and no knowledgable person seems to be able to get out public remarks about it. Just senators spouting off FUD.
Any sort of back door would have to lie in hardware because the State Dept most certainly has their own software images. As it was pointed out above, the worst case scenario is a "phone home" which would definitely be picked up by the network security monitors. I think the greater threat here is info leaked by the users and not the machines themselves.
Posted by: jeff at May 22, 2006 08:47 AM