Hmm. How about having a firewall consisting of two distinct servers placed in series, one made in the US and the other made in China, both running some open-source OS. I know, the surface attack is still huge but at least you are not automatically and completely open to a single three-digit agency.
Edit: oh, you'd have to import the Chinese one yourself into the US to make sure it doesn't get its firmware "updated" somewhere in the suppliers chain.
> Edit: oh, you'd have to import the Chinese one yourself into the US to make sure it doesn't get its firmware "updated" somewhere in the suppliers chain.
Remember the pictures of Cisco gear allegedly intercepted by the NSA on its way out to customers? Unless you carry that router with you on a flight, you have little guarantee other than hoping you're too insignificant for them to pay attention.
Edit: oh, you'd have to import the Chinese one yourself into the US to make sure it doesn't get its firmware "updated" somewhere in the suppliers chain.