In Wake Of NSA Leaks, China Drops Major US Tech Companies From Its Approved Supplier List

from the leaks-docs,-leaking-dollars dept

The NSA continues to "save" the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world's trust of American technology.

Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA's surveillance tactics could cost companies anywhere from $22-180 billion over the next three years.

Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list.
China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.

Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems.
It's certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency's hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not "safe."

The fact that foreign hardware may arrive loaded with spyware and backdoors isn't the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There's also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts.

China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more "secure" than NSA-infected tech shipping from the US. Purchasers will find themselves taking the "lesser of two evils" approach when seeking to obtain tech products -- something that won't always work out in favor of American companies.

Cisco has openly stated that "geopolitical concerns" -- like the NSA's interception of its products destined for foreign markets -- have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it's clear the last 18 months of leaks have done little to raise their future expectations. OTI's wide-open estimate on potential losses will probably never achieve sharper focus. It's unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA's actions, but surveys have indicated this concern does factor heavily into purchasing decisions.

The leaks aren't going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn't going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there's no way any company can claim with certainty that they have avoided becoming part of any government's intelligence apparatus -- and that's going to hurt them for years to come.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 27 Feb 2015 @ 6:31am

    I don't see how any country could trust another at this point

    I don't see how any company could trust any other now with all the revelations of spying, even on allies. I think if I was a head of state, I would do whatever I could to get all tech built in my own country. Not only would my spyware be the only spyware on it, it would create jobs.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Feb 2015 @ 6:32am

      Re: I don't see how any country could trust another at this point

      Forgot to add, that once trust is lost, it is all but impossible to get back. It will take many, many years to earn it back and with the current state of things; it doesn't appear that the UK and US are interested in being trusted again. Either by other countries or their own citizens.

      reply to this | link to this | view in chronology ]

  • icon
    TimK (profile), 27 Feb 2015 @ 6:34am

    I can't wait until Cisco sues the US Government for the "loss of income" this has caused, and then we all get to pay the bill.

    Yay.

    reply to this | link to this | view in chronology ]

    • icon
      Designerfx (profile), 27 Feb 2015 @ 7:25am

      Re:

      Maybe Cisco's China part of the organization can sue the US in some twisted form of corporate sovereignty? Then our circle of TAFTA/TTIP/stupidity can be complete!

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Feb 2015 @ 7:44am

      Re:

      If part of the settlement involved closing the NSA and ending its illegal practices, the cost might be worth it, but sadly, the government, like corporations, would rather pay a fine (with someone else's money) than change their behavior.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 6:35am

    I'm not surprised. I think of it as proof to how bipartisan universal surveillance is.

    Because if it wasn't, we would see one party or the other decrying it as a "job killer" that "hurts the middle class" for cheap votes. Instead it's either stunning silence or overwhelming support.

    Yes, my cynicism is fed by Washington's lack of cynicism in this case.

    reply to this | link to this | view in chronology ]

  • icon
    carborundum (profile), 27 Feb 2015 @ 6:39am

    Dear large American tech companies,

    One percent of those predicted losses could buy a whole new Congress.
    I'm just putting that out there...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 6:42am

    Awesome, especially regards to Cisco. Screw Cisco. They're the ones who even came up with the "legal intercept" protocol for routers, that IETF later standardized. Such a company is not to be trusted. A Cisco employee is still a co-chair at IETF, as is an NSA agent in another crypto group at IETF.

    reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 27 Feb 2015 @ 7:01am

    Easy Fix

    NSA Headquarters

    Dear China;

    Please put all American products removed from your list back on the to-buy list, and we will afford you the same trade agreement we have with Britain's GHCQ.

    We give you the keys to the back doors in all US products, you give us the keys to all Chinese products, and we trade the information fully from both sets of hardware.

    It's a win-win for Intelligence agencies.
    =========

    (Aside) Bob Asprin covered a scenario rather like this in his novella "The Cold Cash War". A good read if you've got a half hour to kill sometime.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Feb 2015 @ 8:04am

      Re: Easy Fix

      Of course they are doing this. China isn't the enemy, it's the American people and their bizarre idea that they have some sore of rights granted by some piece of paper somewhere.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 7:01am

    and what's the betting it will be China's fault that USA companies have been treated like this? i've never known anything to be the USA's fault, whatever the issue is!

    reply to this | link to this | view in chronology ]

  • icon
    Geno0wl (profile), 27 Feb 2015 @ 7:01am

    They will blame

    They will continue to blame Snowden, but we all know it was a matter of time before they were found out eventually anyway. And once they were found out it just would have been worse. The hubris to think they could have long term kept that going without being found out, that only Snowden was the reason they ever would have gotten caught, it rather astounding.

    reply to this | link to this | view in chronology ]

  • identicon
    avideogameplayer, 27 Feb 2015 @ 7:08am

    Wouldn't surprise me if China decides to call in all the IOUs they're holding for us in the future...

    reply to this | link to this | view in chronology ]

  • icon
    musterion (profile), 27 Feb 2015 @ 7:12am

    Lenovo anyone

    Considering the spyware that Lenovo loads onto its systems, and you know damn well that as a computer manufacturer theyu are under the scrutiny if the Communist party and government, why would anyone in the west buy any of their stuff? It works both ways.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Feb 2015 @ 7:38am

      Re: Lenovo anyone

      Don't forget Motorola. There is almost a sure bet that Motorola phones either already have or soon will have spyware as well. Just imagine Obama using a Motorola phone when calling in the nuclear codes. Makes for a good movie.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 27 Feb 2015 @ 7:39am

      Re: Lenovo anyone

      "why would anyone in the west buy any of their stuff?"

      Depends on who they are. Personally, I feel much less threatened by the notion that China might be spying on me than the notion that the US might be. However, major US corporations and companies that do business with the government or with sensitive businesses such as banking would rightfully feel differently.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Feb 2015 @ 8:36am

      Re: Lenovo anyone

      Personally, I'd rather be certain a foreign government is spying on me than worry about my own. My own can press criminal charges against me, interrogate my family, get me fired by implying I broke the law to my boss, and so on. What's the worst China can do?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 7:28am

    Open-source hardware anyone?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 7:43am

    Too funny. China saying they will not buy products that were made in China under purchase orders from US companies.

    reply to this | link to this | view in chronology ]

  • identicon
    Whoever, 27 Feb 2015 @ 9:07am

    Where is the mainstream reporting?

    Where are the mainstream media outlets when these stories break? Nowhere. Look at how little reporting there was of the Chicago Police's black site.

    It is clear that the media are not interested in criticizing government. As for those reporters in Chicago who knew about Homan square, but did not report it: I hope that they get "disappeared" for a few hours.

    reply to this | link to this | view in chronology ]

  • identicon
    Dave, 27 Feb 2015 @ 10:21am

    ISDS

    Maybe the Cisco offices in these foreign countries can launch ISDS (aka corporate sovereignty) suits against the US.

    That would be fun.

    reply to this | link to this | view in chronology ]

  • identicon
    Whoever, 27 Feb 2015 @ 10:38am

    Safety calculus

    Before doing road improvements, there is usually an estimate of cost vs. lives saved, with the expectation that a saved life is worth somewhere around $0.5M to $1M (I don't know the current number). I found a study that showed that the cost of saving a life in vehicle safety improvements was about $0.5M in 2002/2004.

    Using a more conservative number ($1M per life saved), the NSA should be able to show that their activities saved the lives of at least 22,000 US residents and perhaps 180,000 US residents. Can't show this? Then the NSA's activities are a waste of resources. Resources that could be more effectively spent elsewhere.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 12:55pm

    It'd be nice to have more info.

    Physically installing backdoors in transit could use some deeper investigation. Specifically, how and where and with whom are these "interdictions" occurring? It would be nice to have some journalism boots on the ground shining light on that process. FedEx, UPS, USPS, DHL, et al, need to be asked some hard questions, starting with what kind of cooperation they've provided.

    reply to this | link to this | view in chronology ]

    • identicon
      Albi Qeli, 27 Feb 2015 @ 2:31pm

      Re: It'd be nice to have more info.

      According to James Bamford, during the Cold War the NSA managed to place a US Navy submarine close to some underwater Soviet cables in the sea of Okhotsk. They then tapped into those cables, under the cold north Pacific waters, and as a consequence, the US had full access to Soviet Navy communications.

      I cannot know the details, but I don't think the NSA would have trouble intercepting a UPS package.

      reply to this | link to this | view in chronology ]

  • identicon
    Albi Qeli, 27 Feb 2015 @ 2:13pm

    The Chinese have found the perfect excuse to do what they always do: entice foreigners, steal their know-how, then get rid of the foreigners when no longer needed. Nothing new here.

    As an aside, I am reading the Gordievsky history of the KGB. At one point in between the world wars, the US Embassy in the USSR operated without any crypto, the ambassador was not particularly worried about "secrets." Apparently everything was above the table, and the US envoy found the Russians perfectly reasonable. The Russians on the other were not honorable: they intercepted every communication they could, brought prostitutes to honey-trap the employees, etc. It did not take long for US to institute countermeasures.

    The US spooks have come a long way, needless to say. Unfortunately, the NSA has managed to turn US opinion against it. At a minimum, the NSA is guilty of not being able to keep secrets. At worst, they are the enablers of total surveillance, at the service of God-knows-who. If US citizens could do so, they would vote the agency out of existence. This spy stuff has gone too far.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Feb 2015 @ 3:39pm

    I might have been born in the USA, but I was Made In China, and assembled in Russia. No matter though, they all worship the Beast.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2015 @ 8:11am

    We need well documented hardware with open source drivers controlling the hardware components. That is the only way to have any security in a product. Anything less is security through obscurity. In other words, "trust us" voodoo.

    reply to this | link to this | view in chronology ]

  • icon
    xz11111000000 (profile), 28 Feb 2015 @ 8:32am

    Trust No One

    It's perfectly reasonable at this point to trust no OEM and require safety audits of critical systems. What's unreasonable is to put blind trust in any OEM or service provider.

    We are heading toward a world where major OEMs will either learn to love open source and audits, or die and an increasing number of companies roll their own commodity hardware.

    Intel knows this, but have Cisco and IBM got the message?

    It should be noted Huawei has cooperated with pre-installation audits for years in the UK and recently offered to open it's source code to customers.

    Did the US Senate and White House do them a favor by banning them and sending them down that road years ahead of their American competitors?

    Probably.

    Nice work assholes.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Home Cooking Is Killing Restaurants
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.