Comment by kube-system

> they can't make a generic law against say suspicious code running on consumer devices that could be used to exfiltrate personal data, as it would potentially hit every connected device out there, including western branded ones. My impression is that they (the law makers) are almost facing the wall where they should admit that closed proprietary devices are generally unsafe and bad

The issue is even bigger than that. It doesn't matter what the device does now, nor does it matter whether it is open or proprietary.

When it comes to national security, ask yourself "what could happen in a time of war?" Some obvious answers are:

1. If it connects to foreign service providers, those services could be shut off or changed to be malicious

2. If the device uses parts/support/updates from foreign service providers, those could be discontinued, or changed to be malicious

3. If you need the product, but don't make them locally, they may no longer be available.

etc.