Asia Time Online - Daily News
Asia Times Chinese
AT Chinese

    China Business
     Dec 23, '13

Page 1 of 2
NSA leaks sink US business deals
By Andrew M Johnson

Speaking Freely is an Asia Times Online feature that allows guest writers to have their say. Please click here if you are interested in contributing.

The United States' National Security Agency (NSA) and Central Intelligence Agency operate Special Collecting Services (SCS) "listening posts" in more than 80 cities worldwide, including Beijing, Shanghai, and Hong Kong. [1] In recent months, the NSA's extensive electronic eavesdropping

programs have prompted the world to take a new look at US national security interests. With such wide access to the sensitive information of companies, governments and individuals worldwide, the NSA has emerged as the enemy of cyber-security.

Only a year ago, US intelligence officials were holding China's feet to the fire over matters of cyber-espionage. A year later, it seems that the tables have turned. But in order to glimpse the hypocrisy of the US intelligence community, we must start in late 2012, when the US House Intelligence Committee first condemned two Chinese telecommunications companies, Huawei and ZTE, for alleged ties to the Chinese government.

An unsuccessful witch hunt
In 2012, a congressional investigation concluded that hardware from Huawei and ZTE "pose security risks to the US" because their equipment could be leveraged by the Chinese government to spy on Americans. [2] The 70-page report, titled "Investigative Report on the US National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE" is far from a conclusive demonstration of the allegations.

The report's contents include information on everything from the shareholder process and corporate structure of the companies to their personnel and historical backgrounds as it seeks to justify the aggressive (and unlikely) thesis that "Chinese telecommunications companies provide an opportunity for the Chinese government to tamper with the United States telecommunications supply chain." [2]

Recently, British national security officials took an extensive look into Huawei's connection to the Chinese government and their investigation found "no evidence of wrongdoing by the company". [5] This is no surprise, considering a 2012 statement from the Cabinet Office in London in which officials said, "We recognize, of course, that no systems can be completely invulnerable, but by working together we can mitigate some of the risks." [4] One of Huawei's main customers - BT Group Plc - has called the company a "trusted equipment supplier", pointing out that "We find them to be good value and high quality - that's why they have been chosen as a supplier in a fiercely competitive international market." [4]

Nevertheless, the US Intelligence community continues to warn of the risks of doing business with Huawei and ZTE, maintaining that such collaboration exposes American consumers to cyber-security risks. But more than a year has past since the 70-page report was released and no substantial evidence has surfaced to support its claims.

To the contrary, Huawei has consolidated ties with many of its closest customers, which include British telecom giant Vodafone PLC and several other European companies such as Telefonica, Deutsche Telekom, and France Telecom. It seems that the report emerged from nothing more than a cognitive itch that has resulted in a witch hunt for Chinese hackers with government ties.

Needless to say, Huawei has firmly rejected the claims of US officials. In a white paper on cyber-security, Huawei deputy chairman Ken Hu stated, "We can confirm that we have never been asked to provide access to our technology, or provide any data or information on any citizen or organization to any government, or their agencies." [3]

It is important to note that the assertion that Beijing supports (or directly sponsors) cyber-attacks is not supported by any substantial evidence. The only serious evidence put forth in support of this thesis is included in a report released by security firm Mandiat in 2012. On page 9 of its report, it is stated that, "Our research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army to commit systematic cyber-espionage and data theft against organizations around the world." [6]

Mandiat's claims offered a comprehensive analysis of a particular hacker group called "Unit 61398", which the firm tracked to a particular building in Shanghai related to the People's Liberation Army.

Not everyone in the cyber security community is convinced by the Mandiat report and some have asserted that it has some "serious analytical flaws". [16] The document poses some compelling ties, but is far from a silver bullet. The report has nothing to do with Huawei or ZTE, which suggests that even if its claims are true, they would not demonstrate the relationship between private companies and the government that the House Intelligence Committee's report puts forth.

All in all, "alleged ties" to the Chinese government are very different from "clear evidence of ties" to the Chinese government. Indeed, corporate cyber-theft could be perpetrated by any number of sufficiently skilled hackers. To this point, Symantex Corp released a 28-page report about a group it calls "Hidden Lynx" - a private Chinese hacking syndicate that has targeted hundreds of different organizations all over the world, including companies in both the US and China.

Regardless of the frail support for what has become a telling foreign relations blunder, US politicians have continued to play the moral high ground. Speaking on the matter of cyber-espionage in spring of 2013, Treasury Secretary Jack Lew stated that "the basic lever we have is that they [the Chinese] very much want a different relationship going forward." Lew claims that China wants "a seat at the table where countries establish rules of the international economy". Atop the white horse of US hegemony, Lew goes on to say "that means they also have to live by the rules." [7]

This rhetoric is maintained by all politicians. At an informal meeting in June at Sunnylands Ranch in California, US President Barack Obama told Chinese President Xi Jinping that "Governments are responsible for cyber-attacks that take place from within their borders." [8] Lew and President Obama must certainly have been blindsided in June when whistle-blower Ed Snowden leaked documents revealing to the world the extent to which the United States' very own National Security Agency has extended its mandate beyond the boundaries of "international rule".

The classified documents provided by Snowden have since been the object of countless articles and analyses from the resulting diplomatic tensions between the US and its allies and the revelation of a massive domestic spying effort. Since no shortage of ink has been spilled on the subject, here I offer a slightly different criticism of the programs and put the situation into context.

It is often argued that these programs are necessary because they help crack down on terrorists. On the surface, that may sound logical - after all, we need to collect communications to know their next move - but, upon examination, this turns out to be a very weak approach to stopping terror attacks.

First, it remains to be seen whether the blind collection of unprecedented amounts of meta-data is actually an effective means of defense against terror attacks. Secondly, a simple analysis by experts familiar with the process (using rough estimates and Bayesian statistics) reveals that "whenever the rate of an event of interest is extremely low, even a very accurate test will fail very often". [9] In other words, a test that hunts for rare traits in a population (terrorists) will turn up false positives that will vastly outnumber correct hits regardless of how efficient the test for the traits.

This means that - in addition to spawning international outrage and infuriating American (and international) citizens - the NSA's PRISM program may suffer from some critical design flaws. The jury is still out on that one, but nevertheless, the ineffectiveness of PRISM is supported by the fact that to date the program has only succeeded in preventing one terror-related attack. [10]

In this example, the PRISM program prevented what appeared to be an attack on the New York subway system. But there is no reason to believe that conventional security techniques would have failed in preventing this attack - they have successfully prevented similar attacks many times over.

Regardless of these objections and many others on more sophisticated grounds, US officials have insisted on maintaining their default justification: these programs prevent terror attacks.

Revelations of the closely knit relationship between private US technology corporations and the NSA's data mining efforts have not only brought Washington into the spotlight, but have had the same effect on US tech companies operating abroad.

As a result of Snowden's disclosures, government offices, tech companies, educational and financial institutions all over the world are relinquishing their dependence on US-made network and Internet equipment. Nowhere is this trend more pronounced than in China.

Continued 1 2




All material on this website is copyright and may not be republished in any form without written permission.
Copyright 1999 - 2013 Asia Times Online (Holdings), Ltd.
Head Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East, Central, Hong Kong
Thailand Bureau: 11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110