us-vs-china
Security

China: When Trade Trumps Information Security

As the world’s second-largest economy and one of its largest consumers of technology, China has a staggeringly powerful position at the centre of global trade. There’s something about a market of over one billion consumers which tends to make governments and private enterprises pretty nervous about offending Beijing in any way… there’s always the chance that retribution could be brutally swift and irreversible.

Google has probably been one of the most prominent recipients of this kind of rough justice. A well-publicised spat in 2010 over hacking and censorship saw the web giant relocate its search servers to Hong Kong. Since then its services have become increasingly patchy inside the Great Firewall, with user numbers dropping as they switch to local competitors. This is no coincidence. More recently, the US government last year decided to play with fire by branding Huawei and ZTE a “national security risk”, effectively banning them for competing for telecoms infrastructure tenders in the States. It remains to be seen whether that move will be reciprocated with a directive from Beijing to ban Cisco in the Middle Kingdom, but there’ll be a few sweaty palms in San Jose.

At the end of July another potential flashpoint emerged with a report claiming that Lenovo products had been banned by intelligence and security agencies in the “Five Eyes” allies of UK, US, Australia, Canada and New Zealand after serious backdoor security vulnerabilities were found in testing. The ban was slapped on Lenovo back in the mid-2000s, just after it took over IBM’s PC business, the Australian Financial Review reported.

The report falls short of accusing Beijing of working with Lenovo – a firm whose biggest shareholder is part-owned by the government – to spy on Western targets through these backdoors. Lenovo has also released a statement saying it basically can’t comment as it is not aware of any such ban. However, you can be pretty sure Beijing isn’t too happy with the story. Sources at media companies have told me that Beijing officials have contacted them directly in the past after negative articles appeared in their publications, trying to put pressure on to avoid similar articles appearing in the future.

Lenovo is one of the country’s most successful technology firms – the top selling PC vendor in the world right now – so not only does this story reflect badly on the business itself but also Team China. Who knows what the repercussions on Lenovo’s Western competitors in China may be. In the world of global politics the Middle Kingdom is a notoriously unpredictable and difficult prospect to deal with. In July this month it effectively stalled a World Trade Oganization attempt to expand its Information Technology Agreement (ITA) in order to make a range of products tariff free. China wanted to exempt a staggering 106 out of the total 260 products up for discussion, despite standing to gain much from an accord, which could see a removal of tariffs on $800bn in ICT trade and expand global GDP by $190bn.

Aside from whether these Lenovo allegations end up fomenting some kind of East-West trade war, however, there’s a wider issue about just how much information on security threats the UK government should be sharing with the private sector. If intelligence agencies rigorously tested Lenovo products and found serious vulnerabilities, forcing them to ban the kit internally, then why wasn’t this info passed on for the good of UK public? You can be sure that in China such intelligence would have found its way very swiftly from the public to private sector, although the line between the two is much more blurred in the People’s Republic.

The UK’s new Cyber Security Strategy, launched in 2011, talks extensively about organisations like its national intelligence agency GCHQ sharing best practice with a private sector which not only needs to be protected for the good of the economy, but also for the stability of the critical national infrastructure. It sets out a vision, for example, where “private organisations work in partnerships with each other, government and law enforcement agencies, sharing information and resources, to transform the response to a common challenge, and actively deter the threats we face in cyberspace”. It would be interesting to know whether, had that discovery been made this year rather than in the mid-2000s, such information would have been shared.

Info-security consultant Brian Honan argued the whole area is “fraught with complications”, however.

“Sensitive government networks will have different risk profiles to many private companies and an outright ban may not be a sensible security trade-off for those private organisations,” he told me. “Also, would it be just certain products or all products from a vendor and its subsidiaries? There is also the question whether the publication of such government research could be seen as anti-competitive and result in trade wars.”

Perhaps, in the end, China is simply too important a trading partner to pass on the kind of dirt that UK spooks are alleged to have found on Lenovo. In today’s post-PRISM world China could certainly convince the neutrals, if it had to, that it had found similar evidence in Western kit. The under-fire IT manager caught, as always, in the middle will just have to continue relying on good, old fashioned risk management to keep sensitive data out of harm’s way.

 

John Anderson has been writing about technology and all things Asia for over a decade. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region.

PREVIOUS ARTICLE

« Kenya's M-PESA Overhauls African Mobile Money Transfers

NEXT ARTICLE

Logging on to the Cloud Creates Complexity and Opportunities »
John Anderson

John Anderson has been writing about technology and all things Asia for over a decade, having started out on some of the UK's best known best-known IT trade titles. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region. 

  • Mail

Recommended for You

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Training and certification for a cloud native world

Keri Allan looks at the latest trends and technologies

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Poll

Do you think your smartphone is making you a workaholic?