Enemy of the State: Congress brands IBM 'a Potential Threat' to National Security

Hopes that antiquated Cold War attitudes might soon be banished from the modern Sino-American equation were dealt a crippling blow this week, with the announcement that the US Department of State, under extreme pressure form Congress, has agreed to downgrade the security status of almost 1000 Personal Computers, because of fears that they may have been compromised by Chinese intelligence services.

Enemy At The Gate?

At issue are 900 IBM personal computers, which were earlier branded 'a potential threat to national security' by the US-China Economic and Security Review Commission; a powerful congressional committee charged with safeguarding US interests in the face of a rising China..

According to the USCC, IBM's ties to Mainland China render its products 'unsuitable' for use in sensitive areas of the Government, because of the risk that Beijing might attempt to install intelligence gathering hardware or software in them.

“We believe that Chinese intelligence services are capable of doctoring computer systems”. Larry Wortzel, USCC

The Computers, part of an order of 16,000 PCs and Laptop, have not yet been installed in the DoS, but were destined for use in areas where sensitive information might be stored or processed.

It is thought that they will now be reassigned to duties in less restricted areas of the Dos. It is not known what they will be replaced with, if they will be replaced at all. Or what the cost of the decision will be to tax payers.

Precautionary Measures

The PCs are believed to have been reassigned based on 'concerns' over security, rather because the existence any specific security threat from IBM, whose ailing PC division was taken over, in 2005, by 聯想 (Lenovo); one of Mainland China's most successful electronics manufacturers.  As is standard practice, the PCs had already been certified as safe by the DoS.

"Lenovo products sold to US government customers all have been certified for security and integrity as required to qualify for government procurement" Spokesperson, Lenovo

There is no suggestion that IBM computers are unsafe for home or business use.

Miexed Reception

The Dos's decision, to downgrade the security status of the disputed PCs, has been broadly welcomed by Conservative groups, who have hailed it as being a case of 'common sense' prevailing over 'commercial pressures', and as being 'a move in the right direction' for national security.

"The State Department has now taken the appropriate steps [to protect national security]” Frank Wolf (Republican-Va), Chair, Appropriations Committee, House of Representatives.

However, not all observers have been so welcoming, with some deriding the decision as being 'unfair', and questioned its legality. Asking whether the Government could legitimately bar certain companies from sections of the procurement process without any evidence of wrongdoing, or even intent.

Others have also gone on record to accuse Congress of maintaining 'a cold war mentality', and to voice concerns over claims that the Government is maintaining an unrealistic view of China based on 'Doom sayers' and Cold War prejudices, rather than modern realities.

"[Some US leaders] have an excessively heightened view of China as a national security threat" Joseph Massey, Assistant US Trade Representative for Japan and China (1985-92)

Concerns have also been raised as to where this latest announcement is the end of the IBM-DoS saga, or the start of a new wave of anti-Chinese/anti-Foreigner sentiment from an administration which has become increasingly hostile to foreign businesses operating, or seeking to operate, within US territory. Particularly those from 'the wrong type of country'.

“Dell has many clients in the Chinese government, yet you see how difficult it is for us to develop clients in the US government" Spokesperson, Lenovo (2005)

IBM?

For their part, IBM reacted to the decision with disappointment, having earlier offered reassurances that, while the their ownership had changed, their products had not.

"These systems are exactly the same systems, with the same software loads, that IBM would have sold them a year ago" Jeffrey Carlisle, Vice president for government relations, IBM

Made in the USA

Ironically, while the disputed computers at the heart of the IBM-DoS controversy carry a Chinese owned brand name, they are not products of China, and are not subject to Mainland Chinese jurestiction.

As with IBM machines manufactured prior to the Lenovo takeover, the disputed computers are produced in either Monterrey, Mexico, or Raleigh, North Carolina, and are built from components manufactured in Chinese-Taiwan; which is nominally considered to be Chinese territory at a diplomatic level, but which remains independent in all but name.

As is standard procedure, these facts were disclosed to Washington prior to the signing of the original purchase deal.

"the sourcing of the units were all disclosed and discussed with the State Department" Spokesperson, Lenovo

These reassurances however failed to appease critics.

“Even if these computers were put together in the United States, software, operating systems or hardware could still be modified. Therefore, we were very concerned that if Chinese intelligence could target the diplomatic communications of the State Department, it would do so.” Larry Wortzel, USCC

Realistic Threat?

Despite there having been numerous recorded incidents of electronic espionage being carried out against the US, a number of influential conservative think-tanks have already gone on record to dismiss fears that companies could successfully infiltrate the Federal Government using doctored Personal Computers.

When called to discuss the issue with the USCC, expert witnesses previously testified that it would be almost futile for a company to purposefully engineer their products for espionage.

According to the testimony of these experts, the level of scrutiny that government computers are put under, as part of the purchasing and quality assurance process, makes the fear that a foreign power could successfully install espionage hardware in Government all but redundant.

Experts additionallyy testified that the potential for an intelligence gathering device inside a PC to fail, due to incompatibility with other components, was likely to be so high as to make it uneconomical to even attempt in any serious manner.

“the malicious component may not work as planned once it is integrated with components from other sources. Even if it works when it leaves the factory, it may fail later when it is integrated into a larger network.” James A. Lewis, (Effect of U.S.-China Trade on the Defense Industrial Base), 23 June 2005

Far from worrying about 'rigged hardware', experts stated that the security issues that the US should be most concerned with are so-called 'Trojan horse' programs; software that has been hidden on a computer in order to perform deviant functions, such as the gathering and transmission of passwords and other confidential information.

“the current threat lies in the use of viruses and spyware that exploit software vulnerabilities rather than in malicious changes to hardware or software. “ James A. Lewis, (Effect of U.S.-China Trade on the Defense Industrial Base), 23 June 2005

However, the same experts also voiced that even if companies, such as IBM, were to attempt to plant deviant software on DoS computers, it would unlikely to pose a threat to national security because Government agencies routinely erase all information on newly purchased PCs. Deleting the Operating System and all factory installed software, in order to replace it with a standard - pre configured - suit that has been built to government specifications and cleared by state security forces.

This operation, known as "ghosting", is designed to assist in computer servicing and maintenance by ensures that all government computers have identical settings and contain identical software packages. However, it is also a key security measure as it results in the destruction of any covert intelligence gathering software that may have been installed.

In this line, observers have voiced that the largest threat to internal security probably comes from commercial 'spyware'; programs written by civilians and designed to harvest passwords and other personal information for sale to Spamming companies and Identity Thieves, which can be installed remotely through email attachments and infected websites, or from intelligence gathering software installed on computers by traitors and spies already within the US establishment.

The former of which would be a threat regardless of whom the computers were purchased from, and the latter of which is minimized by the fact that the only people who would be able to install software after installation would be employees of DoS itself, or certified PC Engineers, most of whom are America technical staff retained from when Lenovo took over IBM.

The Delivery?

At the heart of the issue are 16,000 personal computers which were ordered from 聯想 (Lenovo), -previously known as Legend.

According to public records, the deal is worth an $US13 Million and consists of:

15,000 Lenovo ThinkCenter M51 desktop PCs with high resolution monitors flat panel LCD monitors - $11.7 million.
1,000 ThinkCenter M51 'mini-tower' PCs with support with LCD monitors and removable 'caddy' hard drives. - $1.4 million.

The units are to be installed in batches of 500 PCs, over a period of approximately 6 Months.

Preliminary information suggest that a November date was has been set for the first installations.

tags: spy  trojan  congress  ibm  lenovo  threat  china threat  uscc  espionage  spywar  virus  china  

links: digg this    del.icio.us    technorati    reddit