Recently, Senator Marco Rubio (R-FL) and Rep. Michael McCaul (R-TX) decried that Apple is considering adding Yangtze Memory Technologies Corp (YMTC), a Chinese state-owned manufacturer specializing in flash memory, to its supplier list for iOS-based devices.
Today, bipartisan support exists to blacklist YMTC, threatening to bar Apple from contracting them and preventing U.S. semiconductor manufacturing equipment providers from selling them tools.
Established in 2016 through a merger with a state-run enterprise in Hubei province, the Yangtze Memory Technologies Co (YMTC) has recently become more competitive and cleared Apple’s validation for 128-layer 3D NAND flash memory.
In 2018, a Nikkei Asia report claimed Apple and YTMC were holding talks. Geopolitical tensions aside, Apple’s continuous search to drive hardware prices down (or any firm for that matter) was unsurprising. Fast-forward a few years post-pandemic, and supply chain diversity is at the forefront of every global supplier, from widgets to iPhones.
The strictly market-based critique of YMTC is that they operate at a loss through state subsidies while engaging in other unfair market practices, including economic espionage. Sen. Rubio also asserted that YMTC would eventually corner the market by flooding it with supply.
The Chinese government heavily subsidized YMTC through Beijing’s National I.C. Industry Investment Fund. YMTC is also owned by Tsinghua Unigroup, which controls Tsinghua Tongfang, which sells ICT equipment to the Chinese military, just as Google and Microsoft sell to the Defense Department.
YMTC is reportedly capable of manufacturing NAND at 176 layers and has been trailing one generation behind its U.S. competitor, Micron (currently at 232 layers). Given YTMC’s stratospheric advances in a relatively short time, it is unlikely they got there by “poaching” South Korean engineers alone.
This economic critique is fair, but the devil is in the details, i.e., how did the NAND Flash market become a “critical national security technology”?
That argument only makes sense if we buy into two distinct claims commonly held by China hawks and their beneficiaries. The first is that US government agencies require a “trusted and secured” supply of semiconductor chips, memory, and storage, and this security is threatened by Apple’s use of YMTC.
Claim no. 1: Will YMTC chips be a Trojan Horse?
Critics of Apple claim that USG agencies and the DOD require a “trusted and secured” supply of semiconductor chips, memory, and storage. Let’s examine the specifics If we are strictly discussing hardware security, YMTC 3D NAND would be integrated into Apple systems on chips (SoCs).
Would Apple’s validation processes be unable to detect design obfuscations based on maliciously embedded reconfigurable logic in the NAND storage chips themselves (the pink box on the top left)? Apple SoCs use a hardware-based key manager, the Secure Enclave, to handle cryptographically secure services for all its downstream components.
While its design is secretive, white hat hackers have found two vulnerabilities in the Secure Enclave. The first, in 2017, allowed decryption of the Secure Enclave’s firmware but couldn’t compromise private device keys. The second, in 2020, was revealed by the Pangu Team, a team of Chinese hackers responsible for iPhone jailbreaking tools. Pangu revealed a first-of-its-kind Secure Enclave Processor bug that requires physical access to a phone. The group didn’t hand this zero-day exploit to China’s Ministry of State Security but likely sold it to Apple for a $1 million bounty.
Still, the concern here is limited to NAND flash storage. Apple Platform Security explains how the immutable ROM code generates hardware AES keys (the root of trust) using a secure entropy source. Apple claims the Secure Enclave “has a mechanism to store information securely on attached storage separate from the NAND flash storage that’s used by the Application Processor and operating system.” In other words, should a maliciously embedded and reconfigurable YMTC NAND chip be somehow designed as a logic bomb, it would cause a memory authentication error, and “the Secure Enclave would stop accepting requests until the system is rebooted.” In other words, your iPhone would likely throw an error and get stuck in a reboot loop. Attribution to China would be straightforward, and the YMTC contract would be breached, causing significant economic losses on both sides. An improbable scenario.
Besides, If the deal with YMTC goes through, Apple has already made it clear it will not sell iPhones with the “tainted” Chinese chips in the U.S.
That said, it is worth remembering that iPhones have been manufactured and assembled in Zhengzhou, China, for many years while sourced by more than 200 suppliers worldwide. Yet somehow, China hawks would have us believe that nothing has happened only because the Chinese Communist Party has been patiently waiting for this golden opportunity to execute a hardware-based infiltration of USG agencies instead of using highly effective software backdoors or phishing and social engineering techniques.
A somewhat more credible national security risk is the potential disruption of leading-edge logic chip supply by China annexing Taiwan and opting to embargo exports (instead of making tons of money). While the Chips Act will take years to re-shore mega-fabs to the U.S. (for better or worse), it should help alleviate that risk. Note that field weapons and the automotive sector do not use leading-edge chips but rely on more mature nodes.
Claim 2: Memory Chips and the U.S. Industrial Base
The second bogus claim made by opponents of YMTC is that advancements and innovation in memory chips enable high-performance computing or A.I./deep learning and are critical to a thriving U.S. industrial base.
Significant capital investments are required to make memory fabs competitive and viable. In this case, they are driven by the need to find incremental improvements by stacking memory capacity through layers and increasing their bandwidth for advanced applications.
Memory and storage are pervasive and essential across every vertical market, from edge to cloud. Memory and storage now represent close to 30% of the total semiconductor market share (~$154B out of a total of ~$556B in 2021). The importance of memory and storage scales proportionally with the various use-cases powering the digital economy. For example, 5G phones have half as much DRAM as 4G phones and twice as much NAND storage. And of course, logic chips cannot enable computation without memory and storage working in tandem.
However, the “criticality” of memory is always assumed based on future unknown capabilities and applications. The claim that more computing power somehow enables “emerging defense capabilities” is flimsy. This “emerging technology” game has been played in Congress since the Trump administration – but, suspiciously, the debate rarely covers supercomputing at U.S. national labs, or radiation-hardened chips for defense, or aeronautical applications. Somehow, it is always about consumer-grade electronics and services. The more likely reality is that YMTC is perceived as an an existential threat to the U.S. memory industry. U.S. industry interests are advancing economic protectionism by wrapping themselves in the flag and linking their fate to U.S. national security. We, the people (aka, Congress), need to stop conjuring up imaginary futures as a pretext for bad policy making.
As veteran trade policy expert William Reinsch notes: “The core problem is that for the chip companies, China is both the biggest threat and the best customer (…) the answer from some quarters—treat semiconductors as a “foundational” technology and impose broader controls on them, including re-controlling older chips—will only make things worse. Aside from closing the barn door after all the horses have left, this approach would starve the U.S. industry of revenue, set back our own development of next-generation chips, and thereby compromise our security.”
If the U.S. Commerce Department were to sanction every company that threatens to drive prices down, regardless of what market distortions they use, it would create a chilling effect. Emergent economies would resort to other markets and currencies, encouraging further geopolitical polarization and less free-flowing capital. There are many other policy tools to fix competition and industrial policy, but sanctions aren’t one of them. The post Apple and YMTC: Another “national security” risk? first appeared on Internet Governance Project.The post Apple and YMTC: Another “national security” risk? appeared first on Internet Governance Project.
Source: Internet Governance Forum