The Snowden leak showed that Cisco routers had been altered to enable surveillance [1]. Whether or not the manufacturer is complicit, or how the alteration is performed is ultimately irrelevant to the end user. Ultimately, the only people that got in legal trouble for this were Snowden and people who provided service to him.

[1]: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...

Actually it's entirely relevant how, in the context of this conversation.

Here, we're discussing product as shipped, not product intercepted and modified. We're discussing if products are shipped secure or not.

The Snowden disclosures are important, but not relevant in this case.

It is absolutely relevant. It is completely within the realm of feasibility that a foreign nation state would pressure a manufacturer in their jurisdiction to include a backdoor, or simply insert it themselves. Routers are in every home and office in the country, and can be leveraged for immense attacks. It’s a hugely attractive target, and it’s a reasonable security policy to try to limit our exposure to this threat. And it would absolutely make sense for adversaries to avoid buying U.S. made routers for exactly the same reason. Unfortunately this administration is generating more adversaries by the day.

I think you're responding to the wrong comment, or missing the nuance above.

Having state actors redirecting products after shipping, without telling the company or the client it's happening, and installing backdoors, has nothing at all to do with backdoors from manufacturers.

You seem to have missed this part:

>a foreign nation state would pressure a manufacturer in their jurisdiction to include a backdoor

That absolutely is about jurisdiction and is a much bigger, more scalable attack than intercepting and installing implants. More to the point, it can be done at _any time_ not just the initial ship.

In as I was specifically not talking about that, and even said so, no.. it's not relevant.

My point is that the US did alter homemade products for export, and that the only people litigated against were the whistleblower and/or companies providing service to him.

> If US manufacturers (or manufacturers in allied countries) do this, legal avenues exist to hold those manufacturers accountable.

With that context added, my point is that the US judicial system would never litigate against e.g. Cisco if they were involved. The issue is not the relation between the state and Cisco, it's the relation between the US justice system and the US national security apparatus that prevents any such litigation to happen.

> legal avenues exist to hold those manufacturers accountable

Maybe in theory. I think the practical chance of enforcing anything meaningful through those legal avenues against a US manufacturer is not meaningfully higher than the chance of doing so against a Chinese manufacturer, so it doesn't make sense to treat them differently on these grounds.

When was the last time American intelligence agencies were held accountable?

Literally your own Congress is not even allowed to review their budget! Not that any US politician even WANTS to know.

> legal avenues exist to hold those manufacturers accountable

Oh, sweet summer child. Disclaiming these possible avenues of liability is the main goal of clickwrap "terms of service".