Hacker Remix

TSMC told US of chip in Huawei product after TechInsights finding, source says

72 points by mikhael 8 hours ago | 44 comments

Aloha 5 hours ago

export compliance is a total absolute tire fire, its full of non-sensical policy, and contrary opinions, and the more countries your product goes thru, the worse it gets.

Have a part made in Japan, integrated into a product in the states but sold by someone in the UK to in France? you'll have to comply with Japan, US and UK laws.

Neat fact, the UK considers the Cisco C9200 switch to be a munition, because it has ipsec.

ArchOversight 5 hours ago

It's not only the UK that considers cryptography to be a munition. It is also classified as munitions in the US:

> Encryption items specifically designed, developed, configured, adapted or modified for military applications (including command, control and intelligence applications) are controlled by the Department of State on the United States Munitions List.

It was part of the whole crypto wars, and the lawsuit brought by Bernstein vs the United States.

See more:

- https://en.wikipedia.org/wiki/Bernstein_v._United_States - https://en.wikipedia.org/wiki/Crypto_Wars - https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

Aloha 3 hours ago

The Cisco C9200 is not considered a munition in the states.

ycombinatrix 2 hours ago

Have you tried exporting it?

ChrisMarshallNY 1 hour ago

Distribution is where the shenanigans happen.

In New York, the Mob likes to control trucking and rail transport, because it allows them to get their fingers into anyone’s business.

Very easy to have a truck make a 20-minute detour into a hidden depot, where the contents are “inspected.” I know folks that used to work for those types of outfits, and the stories I’ve heard, tell me that the wiseguys are very smart. They know how to get around pretty much any tracking and verification system.

The more people have their hands on the product, the more likely it is to “fall off the truck.”

kube-system 2 hours ago

You might disagree with tech export controls, but they are entirely calculated and purposeful. The friction they cause is intentional.

MichaelZuo 2 hours ago

Export controls in the parent example are intended to cause friction between people in the UK and US? Really?

kube-system 2 hours ago

Yes, anyone exporting anywhere needs to follow compliance rules, because the point is to ensure that all exporters are in compliance.

Consider the OP's example:

> Have a part made in Japan, integrated into a product in the states but sold by someone in the UK to in France? you'll have to comply with Japan, US and UK laws.

The reason all countries tediously ensure their laws are being followed is because, if they weren't, there'd be an obvious legal loophole: you could simply proxy export items to a country with different export restrictions -- and then all export restrictions would be worthless.

MichaelZuo 1 hour ago

Having strict, but identical restrictions would already accomplish that.

Having strict, slightly differing restrictions doesn’t seem to add anything extra of value? It’s pure downsides.

tonetegeatinst 3 hours ago

Challenge is to find the cheapest switch and router than meets the export law of weapons in the UK....bet it would be a cheap openwrt device.

m3kw9 6 hours ago

I’m sure there is some unscrubbable serial number to at least trace the first, second merchant

j_walter 6 hours ago

There is no serial number on the individual die, but TSMC has very unique test lines on the chip that would easily identify if it was in fact made at TSMC.

0xTJ 6 hours ago

Is it indicated somewhere in this article, or somewhere else, that the dies are not programmed with a unique serial while still as part of a whole wafer?

londons_explore 5 hours ago

I don't have insider knowledge... But I could believe that there is no per-die serial number unless the customer wants one. It would be extra manufacturing steps, and require integration with the customers design.

Due to the way lithography works, it isn't easy to make each die different. The usual way to put serial numbers into chips is with efuses, but not all chips have any efuses at all, and it would require collaboration with the customer to design a way that they be programmed and read (probably on a JTAG chain).

ddingus 4 hours ago

They could burn the number in after the chip is made.

Either one time fuses and some software, or via directed beam energy fusible or breakable links.

Edit, yeah like the other comment suggested.

j_walter 5 hours ago

No, but any programming that would occur with identifiable information would occur after the wafer is cut and packaged. Generally this would be after delivery to TSMC's customer.

wiml 5 hours ago

By default I'd assume most chips don't get serialized (their package may have a date/lot code). The article doesn't say what the chip is, so I don't think there's a reason to think that it's one of the types of chip that does usually get a unique ID.

iphoneisbetter 6 hours ago

[dead]

throawayonthe 2 hours ago

[dead]

DiogenesKynikos 6 hours ago

These chips could have been manufactured by TSMC before the US issued an export ban:

> It is unclear how the chip made its way to Huawei. In 2019, the company released its Ascend 910 chip series. At the time, prior to export controls, the chips were produced by TSMC, two sources told Reuters earlier this year.

The question of why the US has the right or power to tell TSMC, a Taiwanese company, who it is allowed to do business often comes up in these discussions. I've often seen the response that this is US technology, and that any country would apply similar controls to its own technologies. What I don't think people realize is that these sorts of "secondary" controls are very unusual, internationally.

The US imposes controls on goods manufactured abroad using US-made tools or intellectual property. This is a bit like the way that the GPL "infects" other projects, and forces them to abide by its terms, and to my knowledge, the US is the only country that does this (in any case, it's the only country doing this on such a large scale). If you think of how integrated the world economy is, these sorts of "infectious" controls are extremely disruptive.

burnte 6 hours ago

They say "if you want to do business in the US, with US companies, don't deal with these people/groups/countries."

j_walter 5 hours ago

Exactly this...and since the US is by far the biggest revenue source for semiconductors it would be stupid to ignore this rule. Taiwan in general wants to maintain favor with the US because of the invasion threat of China as well (although I'm not 100% confident the US would get involved in that fight).

joshuaissac 4 hours ago

> US is by far the biggest revenue source for semiconductors

It's actually China, where sales account for 29% of global semiconductor sales, compared to 26% for the Americas (NA & SA).

https://www.semiconductors.org/wp-content/uploads/2024/10/SI... (PDF)

oskarkk 2 hours ago

I guess this doesn't take into account semiconductors that go to China to be used in devices manufactured there, and then sold to other countries? I'd have thought that wealthy and IT-heavy USA together with other countries in the Americas (1B people) are buying more end products with semiconductors than China. Also, Europe (wealthy 9% of world pop) probably buys more semiconductors (in end products) than 11%.

newprint 2 hours ago

thank you for posting this link, very interesting reading. If you have more of the similar materials, I would be very interested. Thank you !

DiogenesKynikos 4 hours ago

US sanctions go far beyond that. As I said, US sanctions are designed to be highly "infectious," so that activities that don't seem to have any US connection fall under the US sanctions regime.

The world economy is tightly interconnected, so almost any economic activity anywhere on Earth has at least some incidental, indirect connection to the US (and to China, and to the EU). Imposing such a wide-ranging secondary sanctions regime is extremely disruptive, and it's viewed by other countries as an attack on their sovereignty. When Trump pulled out of the Iran nuclear deal, he effectively forced the EU to also renege on the deal, because US sanctions banned virtually every EU company from doing business with Iran. The EU could no longer determine its own trade and foreign policy with Iran.

The answer to this is probably for other countries that want to retain their sovereignty to impose retaliatory sanctions on the US when it targets their companies. The EU is not sufficiently politically unified to do this, though, and most other countries/blocs (except for China) don't have the heft to go one-on-one against the US.

UltraSane 1 hour ago

"for other countries that want to retain their sovereignty to impose retaliatory sanctions on the US when it targets their companies."

I wouldn't hold your breath.

rescbr 1 hour ago

> The question of why the US has the right or power to tell TSMC, a Taiwanese company, who it is allowed to do business often comes up in these discussions.

US Dollar hegemony. If a company is banned doing business in USD, no large banks will want to touch them.

threeseed 4 hours ago

Have you never heard of sanctions before ?

These are legal mechanisms that dictate the behaviour of companies and are routinely imposed even when the company has no presence in the country. It is extremely common in the financial sectors e.g. AML/KYC.

Right now the EU for example has sanctions against Russia and Chinese entities.

DiogenesKynikos 4 hours ago

What I wrote seems to have gone completely over your head.

Other countries impose sanctions, but "secondary" sanctions are very unusual. I don't know of any other country that imposes secondary sanctions on anywhere near the scale that the United States does. It is extremely unusual for countries other than the US to try to impose their own sanctions regimes on foreign companies operating outside their territory, based only on extremely incidental connections (like use of software written in the country imposing sanctions).

threeseed 40 minutes ago

UK and EU has imposed secondary sanctions on Russia and China.

And China has used secondary sanctions to prevent support for Taiwan.

Either way majority of US secondary sanctions has been for enforcing AML/KYC which other countries simply leverage instead of imposing their own system.

salawat 2 hours ago

Only the United States has raised weaponization of network effects to essentially the pinnacle of warfare. Which in essence, geopolitics is.

kube-system 2 hours ago

"Don't deal with my enemies if you want to be my friend" has been a thing since the ancestors of humans were living in caves and carrying clubs.

8note 1 hour ago

Dont deal with people who deal with my enemies either.

riehwvfbk 18 minutes ago

Don't deal with some of the people who deal with my enemies. Turkey always gets a special exemption, as do the Saudis.