In Wake Of NSA Leaks, China Drops Major US Tech Companies From Its Approved Supplier List
from the leaks-docs,-leaking-dollars dept
The NSA continues to “save” the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world’s trust of American technology.
Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA’s surveillance tactics could cost companies anywhere from $22-180 billion over the next three years.
Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list.
China has dropped some of the world’s leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.
Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center’s (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.
Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp’s security software firm McAfee and network and server software firm Citrix Systems.
It’s certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency’s hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not “safe.”
The fact that foreign hardware may arrive loaded with spyware and backdoors isn’t the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There’s also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts.
China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more “secure” than NSA-infected tech shipping from the US. Purchasers will find themselves taking the “lesser of two evils” approach when seeking to obtain tech products — something that won’t always work out in favor of American companies.
Cisco has openly stated that “geopolitical concerns” — like the NSA’s interception of its products destined for foreign markets — have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it’s clear the last 18 months of leaks have done little to raise their future expectations. OTI’s wide-open estimate on potential losses will probably never achieve sharper focus. It’s unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA’s actions, but surveys have indicated this concern does factor heavily into purchasing decisions.
The leaks aren’t going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn’t going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there’s no way any company can claim with certainty that they have avoided becoming part of any government’s intelligence apparatus — and that’s going to hurt them for years to come.
Filed Under: china, nsa, privacy, surveillance, tech industry
Comments on “In Wake Of NSA Leaks, China Drops Major US Tech Companies From Its Approved Supplier List”
I don't see how any country could trust another at this point
I don’t see how any company could trust any other now with all the revelations of spying, even on allies. I think if I was a head of state, I would do whatever I could to get all tech built in my own country. Not only would my spyware be the only spyware on it, it would create jobs.
Re: I don't see how any country could trust another at this point
Forgot to add, that once trust is lost, it is all but impossible to get back. It will take many, many years to earn it back and with the current state of things; it doesn’t appear that the UK and US are interested in being trusted again. Either by other countries or their own citizens.
I can’t wait until Cisco sues the US Government for the “loss of income” this has caused, and then we all get to pay the bill.
Yay.
Re: Re:
Maybe Cisco’s China part of the organization can sue the US in some twisted form of corporate sovereignty? Then our circle of TAFTA/TTIP/stupidity can be complete!
Re: Re:
If part of the settlement involved closing the NSA and ending its illegal practices, the cost might be worth it, but sadly, the government, like corporations, would rather pay a fine (with someone else’s money) than change their behavior.
I’m not surprised. I think of it as proof to how bipartisan universal surveillance is.
Because if it wasn’t, we would see one party or the other decrying it as a “job killer” that “hurts the middle class” for cheap votes. Instead it’s either stunning silence or overwhelming support.
Yes, my cynicism is fed by Washington’s lack of cynicism in this case.
Dear large American tech companies,
One percent of those predicted losses could buy a whole new Congress.
I’m just putting that out there…
Re: Re:
Can’t press enough Funny / (Sad) / Insightful buttons.
Awesome, especially regards to Cisco. Screw Cisco. They’re the ones who even came up with the “legal intercept” protocol for routers, that IETF later standardized. Such a company is not to be trusted. A Cisco employee is still a co-chair at IETF, as is an NSA agent in another crypto group at IETF.
Easy Fix
NSA Headquarters
Dear China;
Please put all American products removed from your list back on the to-buy list, and we will afford you the same trade agreement we have with Britain’s GHCQ.
We give you the keys to the back doors in all US products, you give us the keys to all Chinese products, and we trade the information fully from both sets of hardware.
It’s a win-win for Intelligence agencies.
=========
(Aside) Bob Asprin covered a scenario rather like this in his novella “The Cold Cash War”. A good read if you’ve got a half hour to kill sometime.
Re: Easy Fix
Of course they are doing this. China isn’t the enemy, it’s the American people and their bizarre idea that they have some sore of rights granted by some piece of paper somewhere.
and what’s the betting it will be China’s fault that USA companies have been treated like this? i’ve never known anything to be the USA’s fault, whatever the issue is!
They will blame
They will continue to blame Snowden, but we all know it was a matter of time before they were found out eventually anyway. And once they were found out it just would have been worse. The hubris to think they could have long term kept that going without being found out, that only Snowden was the reason they ever would have gotten caught, it rather astounding.
Wouldn’t surprise me if China decides to call in all the IOUs they’re holding for us in the future…
Re: Re:
They won’t.
If you owe someone 100 bucks, he has power over you. If you owe 100M bucks someone, you have power over him. And the US owes chine trillions.
Re: Re:
“Wouldn’t surprise me if China decides to call in all the IOUs they’re holding for us in the future…”
They would be screwing themselves too, if they did.
Re: Re: Re:
Wouldn’t that ‘I’m gonna take you with me!’ kinda thing?
Lenovo anyone
Considering the spyware that Lenovo loads onto its systems, and you know damn well that as a computer manufacturer theyu are under the scrutiny if the Communist party and government, why would anyone in the west buy any of their stuff? It works both ways.
Re: Lenovo anyone
Don’t forget Motorola. There is almost a sure bet that Motorola phones either already have or soon will have spyware as well. Just imagine Obama using a Motorola phone when calling in the nuclear codes. Makes for a good movie.
Re: Lenovo anyone
“why would anyone in the west buy any of their stuff?”
Depends on who they are. Personally, I feel much less threatened by the notion that China might be spying on me than the notion that the US might be. However, major US corporations and companies that do business with the government or with sensitive businesses such as banking would rightfully feel differently.
Re: Lenovo anyone
Personally, I’d rather be certain a foreign government is spying on me than worry about my own. My own can press criminal charges against me, interrogate my family, get me fired by implying I broke the law to my boss, and so on. What’s the worst China can do?
Re: Re: Lenovo anyone
how does that help when the foreign governments are sharing the info with US?
Open-source hardware anyone?
Re: Re:
Yes, we can run down to Radio Shack and pick up a board, some chips and a soldering gun. Oh wait!
/sarc
Too funny. China saying they will not buy products that were made in China under purchase orders from US companies.
Where is the mainstream reporting?
Where are the mainstream media outlets when these stories break? Nowhere. Look at how little reporting there was of the Chicago Police’s black site.
It is clear that the media are not interested in criticizing government. As for those reporters in Chicago who knew about Homan square, but did not report it: I hope that they get “disappeared” for a few hours.
ISDS
Maybe the Cisco offices in these foreign countries can launch ISDS (aka corporate sovereignty) suits against the US.
That would be fun.
Safety calculus
Before doing road improvements, there is usually an estimate of cost vs. lives saved, with the expectation that a saved life is worth somewhere around $0.5M to $1M (I don’t know the current number). I found a study that showed that the cost of saving a life in vehicle safety improvements was about $0.5M in 2002/2004.
Using a more conservative number ($1M per life saved), the NSA should be able to show that their activities saved the lives of at least 22,000 US residents and perhaps 180,000 US residents. Can’t show this? Then the NSA’s activities are a waste of resources. Resources that could be more effectively spent elsewhere.
It'd be nice to have more info.
Physically installing backdoors in transit could use some deeper investigation. Specifically, how and where and with whom are these “interdictions” occurring? It would be nice to have some journalism boots on the ground shining light on that process. FedEx, UPS, USPS, DHL, et al, need to be asked some hard questions, starting with what kind of cooperation they’ve provided.
Re: It'd be nice to have more info.
According to James Bamford, during the Cold War the NSA managed to place a US Navy submarine close to some underwater Soviet cables in the sea of Okhotsk. They then tapped into those cables, under the cold north Pacific waters, and as a consequence, the US had full access to Soviet Navy communications.
I cannot know the details, but I don’t think the NSA would have trouble intercepting a UPS package.
The Chinese have found the perfect excuse to do what they always do: entice foreigners, steal their know-how, then get rid of the foreigners when no longer needed. Nothing new here.
As an aside, I am reading the Gordievsky history of the KGB. At one point in between the world wars, the US Embassy in the USSR operated without any crypto, the ambassador was not particularly worried about “secrets.” Apparently everything was above the table, and the US envoy found the Russians perfectly reasonable. The Russians on the other were not honorable: they intercepted every communication they could, brought prostitutes to honey-trap the employees, etc. It did not take long for US to institute countermeasures.
The US spooks have come a long way, needless to say. Unfortunately, the NSA has managed to turn US opinion against it. At a minimum, the NSA is guilty of not being able to keep secrets. At worst, they are the enablers of total surveillance, at the service of God-knows-who. If US citizens could do so, they would vote the agency out of existence. This spy stuff has gone too far.
I might have been born in the USA, but I was Made In China, and assembled in Russia. No matter though, they all worship the Beast.
We need well documented hardware with open source drivers controlling the hardware components. That is the only way to have any security in a product. Anything less is security through obscurity. In other words, “trust us” voodoo.
Trust No One
It’s perfectly reasonable at this point to trust no OEM and require safety audits of critical systems. What’s unreasonable is to put blind trust in any OEM or service provider.
We are heading toward a world where major OEMs will either learn to love open source and audits, or die and an increasing number of companies roll their own commodity hardware.
Intel knows this, but have Cisco and IBM got the message?
It should be noted Huawei has cooperated with pre-installation audits for years in the UK and recently offered to open it’s source code to customers.
Did the US Senate and White House do them a favor by banning them and sending them down that road years ahead of their American competitors?
Probably.
Nice work assholes.