US bans approval of new technology from China's Huawei and ZTE for 'national security

[wittaj]

Sure, here are some examples of Dahua USA marketing for law enforcement use:

View attachment 146680
View attachment 146682

View attachment 146681

Dahua is now going out to delete these references but again it's very clear and unsurprising that Dahua, like any other large commercial video surveillance provider would intend their products to be used by law enforcement, government entities, etc.

Again, it is simply marketing and adjusting to the changing business climate. When the laws change, so does the marketing approach. Just because they were marketing to law enforcement in the past doesn't mean they were wrong then and doesn't mean changing their marketing now to not include public safety and law enforcement doesn't make them liars - they changed their marketing approach and targeted market based on new legislation...They even told you in their reply to you they are not marketing NDAA agencies.

Cigarettes used to be marketed and endorsed by doctors. The Flintstones were in cigarette ads as were other cartoons. NASCAR was sponsored by a cigarette brand. Cigarettes used to be on commercials on TV. Then the laws changed and they had to change their marketing approach... Lots of industries have to change their marketing approach based on changing laws.

 

[john-ipvm]

The process will actually be VERY easy - see below (time for you to actually read the report and order)

we believe that most applicants will rely on boilerplate language, that once incorporated for a single certification, will be of negligible cost for an applicant to include in future applications

That language is if and only if the Commission approves the plan. Here's more detail from the report, which I've highlighted key sections:

Based on this record, which highlights the lack of oversight that Hytera, Hikvision, and
Dahua have over the marketing, distribution, and sales of their respective equipment in the United States,
we are not confident that, absent additional prescriptive measures and Commission oversight, Hytera,
Hikvision, and Dahua “telecommunications equipment” or “video surveillance equipment” will not be
marketed and sold for those purposes that are prohibited under section 889(f)(3)(B) of the 2019 NDAA.
Accordingly, we will require that, before the Commission will permit an equipment authorization of any
“telecommunications equipment” or “video surveillance equipment” produced by Hytera, Hikvision, or
Dahua (or their subsidiaries or affiliates), these entities must each seek and obtain Commission approval
for its respective plan that will ensure that such equipment will not be marketed or sold “[f]or the purpose
of public safety, security of government facilities, physical security surveillance of critical infrastructure,
and other national security purposes.” Any such plan must demonstrate that effective measures are in
place that will ensure that equipment distributors, equipment dealers, or others in the supply and
distribution chains associated with marketing or sale of such equipment are aware of this restriction and
do not market or sell such equipment to entities for the purposes mentioned above. Such a plan must
include well-articulated and appropriate measures at the distributor and dealer levels to ensure that the
entity does not market or sell for prohibited purposes. Before any Hytera, Hikvision, or Dahua
“telecommunication equipment” or “video surveillance equipment” will be authorized for market or sale,
the applicant seeking approval of any “covered” equipment produced by any of these entities (or their
subsidiaries or affiliates) must submit a specific plan associated with the equipment, which will be
reviewed by the full Commission and only approved if the measures that are and will be taken are
sufficient to prevent the marketing and sale of such equipment for purposes prohibited under section
889(f)(3)(B) of the 2019 NDAA. [emphasis added]

 

[fenderman]

That language is if and only if the Commission approves the plan. Here's more detail from the report, which I've highlighted key sections:

They will need a one time approval for a general "plan" they will NOT need approval of every single device they want to sell. You are making this seem like a daunting task when in fact it is very easy. IPVM failed in its mission to protect its subscribers and screw over small business and individuals. IPVM unfortunately has refused to delete its article that falsely claims that dahua lies and also falsely implies that "public safety" includes businesses. You know better now that I have corrected your error. What I find most amusing is your pompous attitude when I explained what "public safety" meant then I proved you wrong by way of the FCC report and order that you failed to read. IPVM further refuses to update its members who pay 199 a year or more for membership on the FCC's own definition of "public safety". Hopefully they can find it here. From page 85 of the Nov, 25 report and order.

210. With respect to “public safety,” we find that this includes services provided by State or local government entities, or services by non-governmental agencies authorized by a governmental entity if their primary mission is the provision of services, that protect the safety of life, health, and property, including but not limited to police, fire, and emergency medical services.523 For purposes of implementing the Secure Networks Act and the Secure Equipment Act, we interpret public safety broadly to encompass the services provided by Federal law enforcement and professional security services, where the primary mission is the provision of services, that protect the safety of life, health, and property. We believe that this best fulfills Congress’ intent with respect to the scope of public safety as that term is used in section 889(f)(3) in connection with “covered” Hytera, Hikvision, and Dahua equipment and the other terms in that section.

 

[john-ipvm]

They will need a one time approval for a general "plan" they will NOT need approval of every single device they want to sell

Agreed, nowhere do I claim they need to have a "plan" approved for every single device. The issue remains, contrary to your yelling and name-calling, the FCC has prohibited new authorizations of any Dahua product. This prohibition will continue until and unless the "full Commission" reviews and approves the plan.

You describe the process to get the plan approved as "very easy" and "simple". Each reader can make their own determination of how "easy" or "simple" that is (but given that it includes various restrictions in marketing, distribution, sales, etc. and the review of the "full Commission" most would agree that it is complicated and significant and not some form of auto-approved paper filing).

Ultimately, we will all see if / when / and under what terms the FCC allows any new Dahua (or other covered product) to be authorized.

 

[wittaj]

Regardless of what happens moving forward with NEW cameras, any existing camera is available and will continue to be available to those not needing to comply with NDAA compliance...and nobody that is set on ruining Dahua and Hikvision rep is mentioning that key part of the story... if you were truly independent then why are you not mentioning that and why was IPVM leading the cause in this effort to get them "banned"?

Most will find that the current offerings are more than sufficient for their needs and certainly better than comparable priced cloud-based stuff....

 

[fenderman]

Agreed, nowhere do I claim they need to have a "plan" approved for every single device. The issue remains, contrary to your yelling and name-calling, the FCC has prohibited new authorizations of any Dahua product. This prohibition will continue until and unless the "full Commission" reviews and approves the plan.

You describe the process to get the plan approved as "very easy" and "simple". Each reader can make their own determination of how "easy" or "simple" that is (but given that it includes various restrictions in marketing, distribution, sales, etc. and the review of the "full Commission" most would agree that it is complicated and significant and not some form of auto-approved paper filing).

Ultimately, we will all see if / when / and under what terms the FCC allows any new Dahua (or other covered product) to be authorized.

Again you lie. They are not prohibiting authorizations. They are simply requiring a more through approval process that will only look at whether they market or sell to LE. That is it. Stop pretending its a complex approval process to placate your membership or to scare folks into thinking they will not be able to purchase dahua/hik.
Unfortunately because you and ipvm lied, and continue to lie you cannot be trusted and are full of shit. You owe it to your membership to disclose the truth.

210. With respect to “public safety,” we find that this includes services provided by State or local government entities, or services by non-governmental agencies authorized by a governmental entity if their primary mission is the provision of services, that protect the safety of life, health, and property, including but not limited to police, fire, and emergency medical services.523 For purposes of implementing the Secure Networks Act and the Secure Equipment Act, we interpret public safety broadly to encompass the services provided by Federal law enforcement and professional security services, where the primary mission is the provision of services, that protect the safety of life, health, and property. We believe that this best fulfills Congress’ intent with respect to the scope of public safety as that term is used in section 889(f)(3) in connection with “covered” Hytera, Hikvision, and Dahua equipment and the other terms in that section.

 

[fenderman]

The full commission could refuse to approve the plan and dahua goes in on an order to show cause and its resolved in a month. The Report is not rocket science. I suggest you actually read it. The report as I quoted explains that its INTENTION is to make this approval process easy and boilerplate. You know, the same report you failed to read and thus improperly defined "public safety" and used this incorrect definition as a premise for your false story on dahua?

222. Certification rules and procedures. We find that our revision of section 2.911 requiring that applicants for equipment authorizations in the certification process attest that their equipment is not “covered” equipment on the Covered List while also indicating whether they are any entity identified on the Covered List, coupled with procedures for revocation for false statements or representations made in the application for certification, is a reasonable and cost-effective method to ensure that “covered” equipment is not certified. Because the attestation requirement is general, rather than a specific provision that directly relates to the equipment identified on the current Covered List, we believe that most applicants will rely on boilerplate language, that once incorporated for a single certification, will be of negligible cost for an applicant to include in future applications. We expect that our procedures for revocation for false statements or misrepresentations will deter most applicants from false attestations because of the cost that revocation would impose on an applicant. Moreover, we note that the attestation requirement that we are adopting is more cost effective than an alternative approach, such as a verification process whereby a third party would confirm that equipment being certified is not on the Covered List; that type of third party verification would be substantially more costly to applicants and would likely slow innovation. We believe that the costs we are imposing are reasonable in light of the national security goals.

 

[fenderman]

We dont need readers to agree. I have already shown that your two decades of expertise is garbage - you were wrong on a basic definition of "public safety". Over the next few months you will see that you are wrong again. "Expert" John at ipvm wrong about a basic definition.

 

[fenderman]

Dahua is simply complying with the NEW FCC rules and IPVM is falsely calling them liars.

 

[john-ipvm]

Again you lie. They are not prohibiting authorizations. They are simply requiring a more through approval process that will only look at whether they market or sell to LE.

You saying LE and "law enforcement" is simply factually false as the prohibited uses are far broader than simply "law enforcement". You've been adamant about being exact on points and you should hold yourself to the same standards.

Fenderman, the FCC itself said directly that they are prohibiting authorizations, to quote:

Prohibits authorization of telecommunications equipment and video
surveillance equipment produced by Hytera, Hikvision, and Dahua (and their
respective subsidiaries or affiliates)

The second part of that paragraph is what you are referring to as "a more thorough approval process":

until such time as the Commission approves these entities’ plans and measures that will to ensure the such equipment will not be marketed and sold to for “the purpose of public safety, security of government facilities, physical surveillance of critical infrastructure, or other national security purpose”;

This is not simply an approval process, this is a requirement to fundamentally change how Dahua goes to market and to ensure that Dahua (and the other covered companies) have a plan "sufficient to prevent the marketing and sale of such equipment for purposes prohibited".

Will FCC accept the proposed plan? Will FCC demand more stringent terms? Will FCC not be convinced that Dahua can deliver on this plan? I don't know but I think these are more complicated and complex questions than the "simple" and "very easy" claims you make.

The full commission could refuse to approve the plan and dahua goes in on an order to show cause and its resolved in a month.

Is that your prediction? Put your prediction down and then we can wrap this up for now and review in a month or whenever you are predicting this to be resolved.

 

[fenderman]

You saying LE and "law enforcement" is simply factually false as the prohibited uses are far broader than simply "law enforcement". You've been adamant about being exact on points and you should hold yourself to the same standards.

Fenderman, the FCC itself said directly that they are prohibiting authorizations, to quote:


The second part of that paragraph is what you are referring to as "a more thorough approval process":


This is not simply an approval process, this is a requirement to fundamentally change how Dahua goes to market and to ensure that Dahua (and the other covered companies) have a plan "sufficient to prevent the marketing and sale of such equipment for purposes prohibited".

Will FCC accept the proposed plan? Will FCC demand more stringent terms? Will FCC not be convinced that Dahua can deliver on this plan? I don't know but I think these are more complicated and complex questions than the "simple" and "very easy" claims you make.



Is that your prediction? Put your prediction down and then we can wrap this up for now and review in a month or whenever you are predicting this to be resolved.

Again, another false misrepresentation. At issue is "public safety" use. We never discussed the rest and you know they dont apply to business and individials.
"have a plan "sufficient to prevent the marketing and sale of such equipment for purposes prohibited" - exactly easy peasy.
My prediction is that dahua will easily be approved based on its marketing changes as you have documented - they are complying with the FCC rules, yet you call them liars for doing so.
Not sure why ipvm has its lying and false story up on its website. Frankly its disgusting and repulsive. You are better than that John.
But I get your agenda. IPVM and its membership HATE dahua and websites like this because end users who dont want to pay overpriced dimwits for cameras or installation can do it themselves, better, cheaper and faster.

 

[wittaj]

This is not simply an approval process, this is a requirement to fundamentally change how Dahua goes to market and to ensure that Dahua (and the other covered companies) have a plan "sufficient to prevent the marketing and sale of such equipment for purposes prohibited".

And yet Dahua is doing exactly that (changing how they market based on this new legislation) and has been clear to you in their direct response to your requests that in NO UNCERTAIN TERMS that they are not marketing NDAA agencies and in fact are working with the FCC to try to get big warning label stickers approved to put on their boxes for an agency that purchases said product by mistake.....and yet you keep insisting on calling them liars based on wording they used prior to this legislation.

So they are fundamentally changing how they market (which you said is a requirement) so as to comply with this new legislation and their existing cameras can still be sold to people not needing NDAA, and yet you continue to call them liars and do not make mention that non NDAA customers can still purchase existing equipment...

 

[john-ipvm]

At issue is "public safety" use. We never discussed the rest and you know they dont apply to business and individials.

Fenderman, at issue, is the entire list of prohibited uses:

public safety,
security of government facilities,
physical security surveillance of critical infrastructure,
and other national security purposes

For example, critical infrastructure can be owned by private businesses but is subject to the same prohibition here. And, another example, is public schools, as "government facilities" included or excluded from this?

And what penalities or mechanisms will be in place if Dahua (or other companies) violate this and market or sell for prohibited purposes?

It could be "easy peasy" but it strikes me that there are important details that will need to be worked at that are not simple. But we will see.

 

[fenderman]

Fenderman, at issue, is the entire list of prohibited uses:


For example, critical infrastructure can be owned by private businesses but is subject to the same prohibition here. And, another example, is public schools, as "government facilities" included or excluded from this?

And what penalities or mechanisms will be in place if Dahua (or other companies) violate this and market or sell for prohibited purposes?

It could be "easy peasy" but it strikes me that there are important details that will need to be worked at that are not simple. But we will see.

That is not at issue here. IPVM's blog post and this discussion has been about "public safety"
The Report also defines government facilities - why dont you read it? You refuse to read the document you base your false stories on. I wonder why?

 

[wittaj]

Fenderman, at issue, is the entire list of prohibited uses:


For example, critical infrastructure can be owned by private businesses but is subject to the same prohibition here. And, another example, is public schools, as "government facilities" included or excluded from this?

And what penalities or mechanisms will be in place if Dahua (or other companies) violate this and market or sell for prohibited purposes?

It could be "easy peasy" but it strikes me that there are important details that will need to be worked at that are not simple. But we will see.

One could argue that a public school is a government facility as school boards are elected officials and they receive taxpayer money.

I will give you that critical infrastructure can be owned by private businesses - water, sewer, gas, electric companies, rail come to mind, as would probably private toll roads and bridges. If only they identified what they mean....oh wait they did on page 85:

212. With regard to scope of “critical infrastructure” and the prohibition that we are adopting
in this proceeding, we apply the meaning provided in section 1016(e) of the USA Patriot Act of 2001,
namely, “systems and assets, whether physical or virtual, so vital to the United States that the incapacity
or destruction of such systems and assets would have a debilitating impact on security, national economic
security, national public health or safety, or any combination of those matters.”527 Presidential Policy
Directive 21 (PPD-21) identifies sixteen critical infrastructure sectors: chemical, commercial facilities,
communications, critical manufacturing, dams, defense industrial base, emergency services, energy,
financial services, food and agriculture, government facilities, health care and public health, information
technology, nuclear reactors/materials/waste, transportation systems, and water/waste water systems.528
In this connection, CISA, through the National Risk Management Center (NRMC), published a set of 55
National Critical Functions (NCFs) to guide national risk management efforts.529 The CISA/NRMC
guide defines “critical infrastructure” similar to how that term is defined in the USA Patriot Act.
Specifically, it defines the NCFs as “functions of government and the private sector so vital to the United
States that their disruption, corruption, or dysfunction would have a debilitating effect on security,
national economic security, national public health or safety, or any combination thereof.”530 For purposes
of implementing the rules we are adopting today, we find that any systems or assets, physical or virtual,
connected to the sixteen critical infrastructure sectors identified in PPD-21 or the 55 NCFs identified in
CISA/NRMC could reasonably be considered “critical infrastructure.”


I don't see the typical homeowner or small business as being one of the 16 critical infrastructure sectors....it is probably identified somewhere, but is Walmart considered food and agriculture?

I also see that IPVM is footnoted with comments all over this FCC document - did you ever provide comment that the problem lies with allowing ANY of these devices regardless of who makes it from accessing the internet. Or did you only go after Dahua and Hikvision for personal vendetta reasons? You certainly realize that by simply not giving Dahua and Hikvision internet access that all the concerns are mitigated and go away....

But because this document is short-sided and not going after the real problems, we will continue to see more and more security breaches of NDAA compliant devices that have access to the internet...People will mistake NDAA compliance as being safe and give their NDAA compliant devices full internet and network access...

Let's be real - since police departments have partnered with Ring to gain access to Ring video that is cloud based under the name of public safety, there is much more risk of the enemy gaining access to stuff than thru the Dahua and Hikvision products that can be isolated from the internet....

Or any manufacturer that has cloud based services. Even high end Axis.

Even NDAA compliant Verkada was hacked and 150,000 cameras in private companies, along with prisons and public school systems were part of it, which would be government funded..

150,000 security cameras hacked, exposing Tesla, prisons, hospitals

Hackers gained access through a 'Super Admin' account, allowing them to peer into the cameras

www.business-standard.com

Personally I would rather have a device that I can prevent access to the internet than a cloud-based device that is useless without internet services....

 

[wittaj]

Let's see what Hikvision had to say:

"This decision by the FCC will do nothing to protect U.S. national security, but will do a great deal to make it more harmful and more expensive for U.S. small businesses, local authorities, school districts, and individual consumers to protect themselves, their homes, businesses and property," Hikvision said, adding that it will continue to serve U.S. customers "in full compliance" with U.S. regulations.

U.S. bans new Huawei, ZTE equipment sales, citing national security risk

The Biden administration has banned approvals of new telecommunications equipment from China's Huawei Technologies and ZTE because they pose "an unacceptable risk" to U.S. national security.

www.reuters.com

They are correct, now it will be jacked up prices and less secure devices as everyone assumes NDAA compliant devices means it is safe from hacking...

 

[Flintstone61]

So what does this mean for a Joe 6 pack ( like me)? anything?
I just submitted an allowance form to my local police dept, to add my address to their database of Citizens with cameras who will allow them to request my footage if something occurs in said area of coverage. So while my dahua's are for a residential security, there is a loop hole where it can be used to aid the police in an investigation.

 

[sdkid]

So what does this mean for a Joe 6 pack ( like me)? anything?
I just submitted an allowance form to my local police dept, to add my address to their database of Citizens with cameras who will allow them to request my footage if something occurs in said area of coverage. So while my dahua's are for a residential security, there is a loop hole where it can be used to aid the police in an investigation.

That's only done via your permission-- it is very different than if your municipality installed dozens of cameras all over town for Police to use in monitoring and recording daily events-- THAT use would likely not be allowed under those FCC guidelines.

 

[sdkid]

Remember the fraction-of-a-millimeter spying and surveillance chip that Chinese agents inserted into the manufacturing process for enterprise servers?

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iuMb2IgDb_zs/v0/-999x-999.gif

China put spy microchips in servers used by Amazon and Apple, report says

China secretly inserted surveillance microchips into servers used by major technology companies, including Apple Inc. and Amazon.com Inc., in an audacious military operation likely to further inflame trade tensions between the United States and its leading source of electronics components and…

www.latimes.com

We all know the risks with Chinese-manufactured electronics -- and that's why we keep our cams off of the internet.

 

[wittaj]

Remember the fraction-of-a-millimeter chip that Chinese agents inserted into the manufacturing process for enterprise servers?

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iuMb2IgDb_zs/v0/-999x-999.gif

China put spy microchips in servers used by Amazon and Apple, report says

China secretly inserted surveillance microchips into servers used by major technology companies, including Apple Inc. and Amazon.com Inc., in an audacious military operation likely to further inflame trade tensions between the United States and its leading source of electronics components and…

www.latimes.com

We all know the risks with Chinese-manufactured electronics -- and that's why we keep our cams off of the internet.

Exactly why I will take my Dahua over a Ring cloud based system owned by Amazon on Amazon servers - as I said, that risk is much more than my Dahua cams isolated from the internet!!!

Instead of targeting the real issue, they instead chose to alienate a few choice companies...