Let’s talk about this, supply chains, and the risks of the PRC. What experts think is the most likely explanation is that some company somewhere in the smartphone supply chain put malware into their components, which have ended up in millions of phones in Africa and elsewhere 1/n https://twitter.com/adrianzenz/status/1298606753706369024

Now there are a lot of people who initially assumed that this was some nefarious neocolonial Communist plot, because of BRI, which includes several nefarious neocolonial Communist plots. But I don’t think that’s what this is. 2/n

Instead, it reveals more about the business & tech environment in China and risks associated with highly complex supply chains. The former is simple: China is not 100 feet tall; the CCP’s regulatory capacity is highly limited, and as such there are a lot of companies with 3/n

shady/shoddy business practices that slip through the cracks. Even Huawei products have a lot of really obvious (to experts) and simple security flaws, which can credibly be chalked up to sloppy coding (if they were intended to be backdoors, one would assume that they would 4/n

be better hidden so as to not be caught). This, in conjunction with subsidies, is what results in their price advantage. What’s probably happening here is similar—a company (or companies) decided that they can cut prices by making up the difference with malware, and the rest 5/n

of the supply chain just didn’t pick up on it. This leads right into the supply chain risk aspect of this: the actual phone manufacturers probably did nothing overtly wrong, and yet their products were still totally compromised by bad suppliers in their supply chains. 6/n

When you have many suppliers, especially if you go for the absolute cheapest, these risks increase. (There are also risks with malware that’s built into hardware being far harder to detect but that’s beyond my expertise.) So you need to not trust and/or at least verify. 7/n

But of course that reduces the cost savings you were going for in the first place. With that said, it’s clear from this episode that companies without proper vision into & control over their supply chains are at risk. And the risks are especially high in semiconductors. 8/n

Let’s do a thought experiment. What if the component that contained the malware was a chip also used in tablets that, I don’t know, are used by county election authorities to verify voter registration. And let’s say instead of commercial malware the malware comes from MSS. 9/n

Total hypothetical, of course, but nothing I’ve just said is in a different universe from what has *actually happened*. And then all of a sudden, it’s Election Day, MSS activates the kill switch in Wisconsin and Georgia, and our election is thrown into chaos. 10/n

I suppose the point of this thread is we don’t have any real sense of what supply chain risks entail (especially in tech and in the China context), which should scare everyone, and there are significantly increased risks associated with supply chains passing through the PRC 11/n

Actually that should be 11/11; I’m done