Angry Chinese Blogger
 |
 |
Angry Chinese Blogger:
The news and views about China that the big media can't, or won't, tell you The is no single truth Menu: Home |
|
Entries By Country
   |
Fact or Fiasco: Are Chinese electronics spying on you?
posted Tuesday, 4 April 2006
For quite some time now, conservative groups in Washington have been growing increasingly concerned about the flow of US technology to China, and about how this technology might be put to 'bad uses', that could potentially impact on America's ability to influence events in the Asia Pacific region.
As such, the export of any material or technology to China that could potentially have military uses, or which might otherwise impinge on the balance of power between east and west, has been carefully scrutinized for decades.
| “The risk of transferring US commercial technology has been a staple of the larger US debate over China policy for many years. Trade with China is routinely viewed through the prism of Chinese military capabilities” James A. Lewis, Center for Strategic and International Studies |
However, it now appears that things have turned on their heals, with congress now expressing concern over the import of technology into the US, rather its export.
As a symptom of these concerns, it has been announced that the US-China Economic and Security Review Commission has launched an investigation into the purchase of Chinese computer equipment by the US Department of State.
| "Members of Congress, I think, will react very strongly when they see a deal like this come through." Larry Wortzel, Chairman, USCC |
The investigation has two primary aims, a to preform a 'standard' probe'; to ensure that the deal was ethical, and to forestall the possibility that the equipment might contain intelligence gathering 'bobby traps' that could capture confidential information from within the halls of western power, and transmit it back to Beijing.
The Problem?
At the heart of the issues are 16,000 personal computers which were ordered from 聯想 (Lenovo), -previously known as Legend, in a deal that is estimated to be worth $US13 Million which was formally announced on 20 March of this year.
Although the deal was made through standard state purchasing channels, and went forward without a hitch, the fact that it involved company with strong ties to the Chinese State, suppling computers to the federal government, quickly rang alarm bells in the corridors of power, and rousing members of the USCC sufficiently for them to call for an immediate investigation.
| "The opportunities for intelligence gains by the Chinese are phenomenal" Michael Wessel, Commissioner, USCC |
Although the commission is to investigate a number of different angles, two key fears have been raised in regards to the deal.
- That Beijing might instruct Lenovo to include digital eavesdropping devices in their computers, capable of monitoring internal documents stored on them and communications made through them, by the Department of State, with the intent that this information be transmitted back to China.
- That Lenovo might install spying technology on its own initiative, and sell the information on. Either to Beijing, as state intelligence, or to private companies within China, the US, or another competitor nation.
| "If you're a foreign intelligence service and you know that a federal agency is buying 15,000 computers from your company, wouldn't you look into the possibility that you could do something about that?" Larry Wortzel, USCC |
The Response? – Lenovo
In response to the news that it was being scrutinized for possible espionage activities, Jeffrey Carlisle, Lenovo's vice president of government relations, expressed disappointment that officials considered the matter to be worth investigating and dismissed the commissions actions as being a result of paranoia rather than an indication of there being a genuine issue.
| "We would rather not have to go through these issues every time we win a government contract" Jeffrey Carlisle, Vice President of Government Relations, Lenovo |
Referring to insinuations against Lenovo as being "completely fantastic", Carlisle voiced that it would make little commercial sense for the company to risk damaging its reputation by engaging in unethical data monitoring or recording, and expressed frustration at the fact that the Commission was pressing ahead with the review despite the fact that Lenovo's products had already been 'fully certified' as being 'safe for government use' under the compulsory security vetting systems that all federal technology suppliers are required to go though.
| "Lenovo products sold to US government customers all have been certified for security and integrity as required to qualify for government procurement" Spokesperson, Lenovo |
Despite reservations, officials within Lenovo promised that they would co-operate fully with the commission.
| "While we think another exhaustive investigation is unnecessary, we very much want to make sure the facts are understood" Spokesperson, Lenovo |
The Response? – Department of State
Upon the announcement of the investigation, the Department of State also moved to defended the deal.
Stating that its contract with Lenovo represented 'good value for money' for US taxpayers, the Department offered its reassurances that the use of Chinee computers by the Federal Government in now way not endanger national security. Firstly, because Lenovo had complied met with all of the existing safeguards that were built into the purchasing system, and secondly, because the computers were for 'general use' and would not be installed in highly confidential areas of the State Department. Thus ensuring that they didn't contain any 'nasty surprises', and additionally limiting their depth of access to classified materia.
| "The United States takes its responsibilities seriously in terms of getting the best value for the dollar whenever we spend American taxpayer dollars" Sean McCormack, Spokesman, Department of State, US |
Prudent, or Paranoid?
Although conservative elements within Washington have voiced their concerns over the deal, and have been backed up by member of the USCC who described it as being a matter the “needs to be investigated”, other's have dismissed the idea of Lenovo computers being used to spy on the State Department as being the result of anti-Chinese bias and basic ignorance.
As such, some observers have accused Congress of 'harboring a cold war mentality' that causes it to see any China related development as being a potential threat, while other's have voiced that state officials 'have been watching too many spy movies' which have fooled them into thinking that electronic espionage is easy.
The Mechanics of Espionage?
Despite there having been numerous recorded incidents of electronic espionage against the US, most have revolved around 'human intelligence gathering' and the interception of communications, rather than the use of intelligence gathering devices hidden within personal computers by the manufacturers.
Indeed, a number of influential conservative think tanks have already dismissing fears that companies, such as Lenovo, could successfully infiltrate the Federal Government using personal computers, as being 'unjustified'.
When called to discuss the issue with the USCC, expert witnesses voiced that it would be almost futile for a company to purposefully engineer their products for espionage, on the grounds that the risk of discovery is high because of the level of scrutiny that government hardware is put under as part of the purchasing and quality assurance process.
More over, it was voiced that the risk of economic damage, upon discovery, largely outweighs the potential benefits of spying.
| “Intentionally building flaws into hardware or software for later exploitation is a high risk strategy with uncertain payoff. If discovered, the supplier company could be forced from the market.” James A. Lewis, Center for Strategic and International Studies (Effect of U.S.-China Trade on the Defense Industrial Base), speaking before the USCC, 23 June 2005 |
Similarly, the risk of intelligence gathering chips and circuit board, installed in commercial PCs, failing due to incompatibility with other hardware or software components, was also quoted as being 'high'.
| “the malicious component may not work as planned once it is integrated with components from other sources. Even if it works when it leaves the factory, it may fail later when it is integrated into a larger network.” James A. Lewis, (Effect of U.S.-China Trade on the Defense Industrial Base), 23 June 2005 |
Far from worrying about 'rigged hardware', experts have stated that the security issues that the US should be most concerned with are 'Trojan horse' programs; software that has been hidden on a computer in order to perform deviant functions, such as the gathering and transmission of passwords and other confidential information.
| “A cursory assessment suggests that the current threat lies in the use of viruses and spyware that exploit software vulnerabilities rather than in malicious changes to hardware or software. “ James A. Lewis, (Effect of U.S.-China Trade on the Defense Industrial Base), 23 June 2005 |
However, experts have also voiced that, even if Lenovo were to attempt to plant deviant software on State Department PCs, it would unlikely to pose a threat to US security because US agencies routinely erase all information on newly purchased computer. Deleting the Operating System and all factory installed software, and replacing it with a standard - pre configured - suit that has been built to government specifications.
This operation is known as "ghosting", and is designed to assist in computer servicing and maintenance by ensures that all government computers have identical settings and contain identical software packages. However, it is also a key security measure as it results in the destruction of any covert intelligence gathering software that may have been installed.
In this line, observers have voiced that the largest threat to internal security probably comes from 'commercial spyware'; programs written by civilians and designed to harvest passwords and other personal information for sale to Spamming companies and Identity Thieves, or from intelligence gathering software installed on computers after their installation within the State Department.
The former of which would be a threat regardless of whom the computers were purchased from, and the latter of which is minimized by the fact that the only people who would be able to install software after installation would be employees of the State Department itself, or certified Lenovo Engineers, most of whom are America technical staff retained from when Lenvo took over IBM.
Anti-Chinese Sentiment?
In light of these dismissals of concerns, some observers have leveled accusations that the only reason that the Lenovo purchase is being scrutinized is because those seeking an investigation harbor strong anti-Chinese sentiment.
As such, observers have voicing that some of those displaying concern over Lenovo are seeing a fictitious “China Threat”, rather than a real threat.
| "[Some US leaders] have an excessively heightened view of China as a national security threat" Joseph Massey, Assistant US Trade Representative for Japan and China (1985-92) |
Observers have also accused some of those calling for Lenovo to come under increased of trying to interfere with the purchase in order to 'keep China down' and voicing that US officials are trying to put up 'unofficial trade barriers' in an effort to prevent Chinese companies from gaining ground on their US rivals.
Even before the current incident, Lenovo has complained about discrimination against its products in the US, and has gone on record to publicly denounce what it sees as being 'Anti-Chinese sentiment' from US purchasers, particularly those working for the State.
| “Dell has many clients in the Chinese government, yet you see how difficult it is for us to develop clients in the US government" Spokesperson, Lenovo (2005) |
Claims of 'anti-Chinese sentiment' being used against Lenovo were brought to the world's attention in 2005, after a salesperson working for US computer giant Dell was alleged to have sent an letter to corporate clients, warning that purchasing 'post takeover' IBM computers was tantamount to supporting China's communist regime.
| “As you know Lenovo is a Chinese government owned company that recently purchased IBM's desktop business. While the US government has given its stamp of approval to continue to purchase these units, people must understand that every dollar clients spent on these IBM systems is directly supporting/funding the Chinese government. Salesperson, Dell |
Dell was later forced to confirm that the incident had taken place, and that it had disciplined a staff member for breaching internal police over the email.
| "We have a code of conduct that we uphold here for Dell in the US and worldwide, specific guidelines for not commenting on competitors Lionel Menchaca, Spokesperson, Dell Dell refused to name the individual involved. |
Genuine Concerns?
Despite the apparent dismissal of security concerns by both observers and conservative think tanks, there remains an air of worry of the issue, particularly as it is being personally pressed forward by Larry Wortzel, the current Chairman of the US-China Economic and Security Review Commission.
Although not a household name, Wortzel is a former Director of the Strategic Studies Institute of the US Army War College, and US Army Attache to China, with a resume that includes monitoring Chinese military communications in Vietnam and Laos, during the 1970s, and working “[to develop] counterintelligence programs to protect emerging defense technologies from foreign espionage” for the Under Secretary of Defense for Policy.
As such, Wortzel is considered to be one of the US's foremost exports on “The China threat”, and a man who would quickly dismiss any Sino-US intelligence issues, such as this, that he considered to be utterly baseless.
Other Concerns?
Although the security implication of a Federal group using Chinese computers has created concerns over security, the issue of the Lenovo purchase goes much deeper than the possibility that State Department computers might pass on information to foreign agencies.
Indeed, there are also strong concerns over Lenovo's relationship with 中国科学院 (the Chinese Academy of Sciences), which currently owns 27% of the PC manufacturer.
Being a state owned body, 中国科学院 (CAS) is not only controlled by Beijing, but it is also funded by the Chinese government. A fact which has lead to claims that Lenovo is in receipt of unfair state subsidies that acted to put the US companies bidding for the Department of State contract as a disadvantage.
| “if you have these state-owned enterprises that don't have to make any money, they can underbid to gain market share” Donald Manzullo Republican (Illinois) |
Manzullo, who served on the Small Business Committee, previously urged the Government to extend the time allotted to reviewing the takeover of IBM by Lenovo.
| "Given the relationship between so-called private companies in communist states and their government, we believe that it is manifestly in the public interest to extend the time for review by those agencies in the federal government responsible for defense, foreign policy and intelligence in order to ensure that there are no adverse national security ramifications of the sale," the congressmen wrote in the letter. Donald Manzullo Republican (2005) |
Such issues are also likely to be investigated by the USCC
Overseas-Chinese?
Ironically, although the disputed computer equipments will carry the Chinese Lenovo brand name, there will be very little about them that has anything to do with Mainland China.
According to Lenovo, all of the machines destined for the Department of State are to be constructed in Monterrey - Mexico and Raleigh - North Carolina, and are to largely use components manufactured in Chinese-Taiwan.
| "the sourcing of the units were all disclosed and discussed with the State Department" Spokesperson, Lenovo |
Additionally, they will be internally identical to the standard IBM machines that would have been sold to the State Department had Lenovo not brought out the company, and will be serviced by IBM engineers, not Chinese staff.
These details were disclosed to Washington as a pre condition of government security vetting procedures prior to the signing of the PC deal, and are known to the USCC.
The Delivery?
According to public records, the delivery from Lenovo to the Department of state is to consist of:
- 15,000 Lenovo ThinkCenter M51 desktop PCs with high resolution monitors flat panel LCD monitors - $11.7 million.
- 1,000 ThinkCenter M51 'mini-tower' PCs with support with LCD monitors and removable 'caddy' hard drives. - $1.4 million.
The units are to be installed in batches of 500 PCs, over a period of approximately 6 Months.
Preliminary information suggest that a November date was set for the first installations.
View Comments/Add a Comment (3)
1. chicago dyke left...
Thursday, 6 April 2006 3:46 am
very nice blog. i'll come back, the work is high quality.
2. chicago dyke left...
Thursday, 6 April 2006 3:46 am
very nice blog. i'll come back, the work is high quality.
3. Sarah left...
Thursday, 6 April 2006 6:46 am :: http://www.journalscape.com/rhubarb/
Booby traps? Intelligence gathering?