> If the story is true, it's a MAJOR breach of classified information from US intelligence operations; operations which I assume (without evidence to the contrary) are operating in good faith -- in the interest of the US and its citizens. Breaching classified information of such ongoing investigations to trace supply chains of spy chips could very well compromise those investigations (which would be irresponsible to risk).
Unless those counterintelligence operations were, by intention and policy, the original source of the story in the first place. I could easily imagine an FBI agent essentially telling Bloomberg, "Hey, we discovered this security vulnerability, but the only sustainable solution is to convince the tech industry to move hardware manufacturing out of PRC control--we'll feed you the story but don't say it came from us."
That's a really great point! That's a good third option I didn't really properly consider: Perhaps this is the intended means of propagating this information into actions across the industry, in which case Bloomberg definitely did nothing wrong here.
Unless those counterintelligence operations were, by intention and policy, the original source of the story in the first place. I could easily imagine an FBI agent essentially telling Bloomberg, "Hey, we discovered this security vulnerability, but the only sustainable solution is to convince the tech industry to move hardware manufacturing out of PRC control--we'll feed you the story but don't say it came from us."