Lenovo Banned by U.S. State Department

chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."

Protectionism? Why?

[denissmith]

While Levono insists that their computers pose no security risk, we need to remember that they do run the Windows OS which is a significant hole:-) On a more serious note, this is obviously a purely political step - but why? No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists. Is a mere accusation enough to get a company dumped from secure contracts, if so I have dirt on Halliburton, KBR, CACI and a host of companies who are defrauding government agencies. Isolationism doesn't score political points the way it used to, and these are the same people that will happily defend moving jobs off shore. Who are they trying to appeal to here? There can't be that many blindly stupis people in the country ( 29%, or so, it seems)...

Cry Wolf

[TripMaster+Monkey]

From TFA:

Mr Wolf, Republican chairman of the committee that oversees the department's funds, told reporters that China's spying efforts were "frightening".

It was "no secret that the US is a principal target of Chinese intelligence services", he said, adding: "No American government agency should want to purchase from them".

This is just plain stupid. Apparently, Representative Wolf's former crusades against meth and medical marijuana no longer have the punch needed, especially in an election year, so he stirs up some ridiculous FUD about Lenovo laptops.

Never mind that the State Department would probably be wiping the default software load on these laptops in favor of its own custom software load (frankly, if they don't, they're idiots). Never mind that the State Department itself (as well as any other networks these systems will be connecting to) should be adequately protected by firewalls to prevent any unauthorized phoning-home by these systems (again, idiots if they don't). Never mind that someone at least halfway competent should be able to analyze packets exiting these systems to determine conclusively, one way or another, if they are trying to compromise security (again...well, you get the idea).

Trouble is, none of these measures will provide Rep. Wolf with the political ammo required in a year divisible by 2. By denouncing the Lenovo laptops as a 'security risk', he insures that his constituents (at least the less-technically minded of them) perceive him as 'fighting for America'.

Re:Cry Wolf

[TripMaster+Monkey]

I didn't say there was no risk. I did say:

• By following proper security procedures, any risk could be effectively managed.
    - and -
  
• Rep. Wolf isn't interested in avoiding risk. He's interested in acquiring political clout.

Re:Cry Wolf

[mungtor]

Dell laptops are assembled in Malaysia and shipped to the US from there. Components are mostly Taiwan, Singapore, and Korea. I'm sure there is China in there too, but there doesn't seem to be a lot.

Dumb

[homer_ca]

It's not like the PCs weren't made in China when the division was owned by IBM.

Re:Dumb

[just_another_sean]

Not to mention every other PC manufacturer who's PCs are made in China. Dell, HP, Gateway, Acer, show me one PC manufacturer who doesn't have at least some of their PCs assembled in China by Chinese.

Seems kind of arbitrary for them to pick on one company over this.

Re:Dumb

[archen]

Actually I'd like to know where they are going to get these PC's that are not made in China. And why stop at China anyway? Ban all foreign PCs (which isn't going to make much of a difference since they're all made in China anway). Oh, the U.S. doesn't make any anymore? Guess that's too bad for us. Most companies don't even bother hiding where it comes from. My iBook shipped directly from China to my address.

Re:Dumb

[gedeco]

The only pc's who don't have electronics "made in China" are part of musea colections.

Re:Dumb

[burnin1965]

"It's not like the PCs weren't made in China when the division was owned by IBM."

That truely is the ironic part of Wolf's concern. As if the upper management, the part of IBM PCs that changed when they were pruchased by Lenovo, would have ever noticed if the Chinese made PCs were bugged before leaving the factory.

That said, there should be proper due diligence for any equipment that is purchased and used in sensitive work. In the 1960s the Soviet embassy in Washington purchased/leased a Xerox copier and didn't realize that it was bugged with a CIA camera that took pictures of every document they copied. When the Xerox repairman came in to do routine maintenance on the equipment he would replace the film and take the exposed roll to the CIA. :)

http://www.parascope.com/articles/0197/xerox.htm

Old News

[eldavojohn]

This is old news to anyone who works in Defense.

In fact, if you want to use hardware/software in a classified area, it has to be from a United States based company and passed through a rigorous investigation as to whether or not it is safe to use. Even things like Java or C++ libraries have to undergo this for the simple fact of the matter that the US government is over-cautious.

Do you blame them? Can you strip down a Laptop and really ensure that there's nothing like a keystroke logger or a very very low-level chipset process running on a side processor or microcontroller that captures choice information and automatically sends it out the NIC to a Chinese agency?

You have to remember that there are conspiracy theorists out there that are paid and unpaid. The paid ones are simply better at controlling their imagination to realistic limits and are hired by governments to think & fear.

Now, do you remember when certain Chinese conspiracy theorists decided that China's government suspected Windows SP2 of foul play? This is more of the same kind of thinking ...

Concern about security

[Garabito]

"Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed"

After the interview, Secretary of State Richard Griffin proceded to log on with his blank-password account on his spyware infested Windows PC...

Does this mean... ?

[TheJediGeek]

alter its procurement process to ensure US information security was guaranteed

Does this mean that they WON'T be outsourcing their network management to India?

This is plain ignorant.

[ZSpade]

Exactly when have computer components been made in America. Most, in fact, are not. thinkpads were made in China before, the only difference now is that they are not supervised by a US company.

Somebody should show this guy the label on the pen he uses, on his reading glasses, on most of the small electronics he owns. Odds are they aren't made in America either. Does that mean his cellphone is a threat to national security!? This kind of ignorance really makes no sense whatsoever.

Re:This is plain ignorant.

[Frumious+Wombat]

Digital Equipment Corporation PDP-8s, probably. The State Department should be finalizing the procurement procedures for 2 or 3 of those any day now.

In all seriousness, unlike our 80s Moscow Embassy (which did have microphones embedded in the cement), a laptop phoning home is pretty easy to detect. Don't do anything serious on it, hook it up to the network, start typing while someone watches your packets. It's not like the Chinese have their new MagicNet(tm) which doesn't require wires, or emit electromagnetic radiation detectable by standard instruments.

OTOH, one could make the distinction between (for example) HP or Dell, which are built by Taiwainese companies, and Lenovo, which is Mainland Chinese, if you're really worried about embedded tracking devices, etc, but that's still a political, rather than a technical argument. Of course, someone at State could simply decide that auditing every 30th laptop for phoning home is too much work and risk, but even then they'd probaby only find a standard set of phishing tools and DOS zombie installs, rather than hostile foreign government spyware.

Any congresscritter proposing legislation involving technology should have to show credit from MIT for a recent course in computing/electrical engineering.

Re:This is plain ignorant.

Acctually I consider that to be a very serious threat to national security. What happens if someday we do go to war with China, suddenly the shelves of Walmart are completley bare. We have no production base in the United States anymore, and it was that production base that won us the last World War. China doesn't have to embed gremlins in there products to take the USA down, they just have to stop selling their products to us and our economy/society would colapse.

I bought one of those things.

[Ivan+Matveitch]

It started to sing the Internationale so I took it back to store.

Damn... There goes the eggroll

[kid_oliva]

I suppose next they're going to ban chinese take-out as well.

Chinese food may lead to Maoism. Protect yourself and your family with Freedom fries and toast!!! The American thing to do.

Guess we will have to remove all other stuff too

[digitaldc]

All other computer equipment manufactured in China must be removed too, by this reasoning.

This includes keyboards, mice, USB hubs, and other PC equipment.

Thank GOD the Blackberries are manufactured in Mexico!

I can see it now.

[Chas]

[NSA Agent 1] Duuude! Yer gettin' a DELL!

[NSA Agent 2] AUUUUGH!

Re:Protectionism? Why?

[Spiked_Three]

"No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists."

Why would you think this has not already happened? Add to that the fact the the government buys these things in bulk and even IF a sample posessed no backdoor, how hard would it be to put a backdoor in 1 out of 1000 and hope it gets by?

Paranoid? I think not, you haven't had night shift cleaning crews hired by the chinese into your business have you? It happens.

If Windows has US government demanded backdoors as so many Slahdotters insist, why would ANYONE think the Chinese (or the Russians or the French or the Germans or the English or the Japanese or the Koreans ....) wouldn't do the same on their hardware?

Re:Protectionism? Why?

[blueZhift]

There's definitely a lot of politics and money in play here. Practically speaking, it would be difficult to impossible to exclude products made by any country that may be a present or future enemy of the US from use in govt agencies. And ironically the US govt has aided and abetted the rise of Chinese economic and political power that now they suddenly fear. If they really cared so much, they should have said something before IBM sold its PC division to Lenovo. So given that everyone spies on everyone else, the real trick is not to stop the spying, but to make sure that your enemy (and sometimes your friends) only get inaccurate or junk info.

For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!

Re:Protectionism? Why?

[CosmeticLobotamy]

"A little box on the keyboard wire"? I'm sorry, but do you imagine Chinese intelligence to be run by 14-year-old pranksters that get their spy supplies at ThinkGeek?

Know what would be funny?

[Rob+T+Firefly]

I know it'd never happen in a million years, but wouldn't it be absolutely hilarious if the Chinese company was so upset by the American politics involved that they decided to stop doing business with us?

Re:Protectionism? Why?

[denissmith]

I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it. Remember, Lenovo assembles these in this country and in Mexico, and the company has moved its headquarters here, and hired American executives, etc. If they got caught doing this HEADS WOULD ROLL. These people would all be guilty of spying or treason, so it wouldn't be quietly hidden away, they would face arrest, possible execution. These aren't products from a company where the Chinese government has direct control of operations, and design, specification and manufacture is worldwide.

28% a minority?

[dkone]

I don't trust them.

The article claims that the Chinese government owns a 28% stake in the company. At the end of the article a Lenovo spokesman says that the "government is only a minority stakeholder"

Well call me naive, but look at the power our government has over influencing companies where they own 0%. ie.. the whole NSA call monitoring thing, DOJ over MS, etc... Not to mention we have a much 'nicer' government then Chinas.

So I would hardly classify a government that owns 28% of a company a "minority stakeholder". Can you imagine the board meeting where the Lenovo CEO tell the "minority" stakeholder no.

DK

Re:28% a minority?

[Anonymous+Meoward]

And if you want to be really paranoid, the "minority stakeholder" is in fact the People's Liberation Army.

Y'see, the PLA, unlike the armed forces of every other country on the planet, doesn't get its funding from the central government. They have their own business ventures, be it a stake in Lenovo or agricultural exports produced with slave labor. (Oops, I mean "re-education camps", silly me.)

If you want to know why this is so, read up on the Cultural Revolution, and how it almost tore China apart. Had the PLA not stepped in, China could have devolved into civil war yet again. The top general staff of the PLA obviously has every interest in maintaining control, so they would rather manage their own purse strings. It beats relying on the caprice of the leader of the People's Central Committee.

Getting back to the original question: Is it possible that some "extra" circuitry is in every Lenovo laptop? Certainly. Is it likely? I don't think so. (One thing to consider is how the U.S. Government is buying these laptops. We're addicted to deficit spending, and selling bonds to the China's central bank.)

Should every Lenovo laptop be inspected before use in government offices, just in case some enterprising intelligence officer in the PLA is really that stupid?

Umm.... can't hurt.

Surely the least of their worries

[simonjp]

I was going to write a long(-ish) reply, but decided against it - after all - it can be summed up easier: surely there are much weaker security issues than who made a laptop -- such as the user for example. Others have commented about windows. I say they should worry about education of their users rather than who made it.

And surely the US can't talk back at people for spying on others considering recent news.

Re:Good policy

[Homology]

I believe US companies should be given preferential treatment by the US government for the following reasons:

But when other states does the same, we hear outraged yapping from US about undermining "free market". Go figure.

Re:I Agree

[gatkinso]

While I would love to agree with you, I have to regretfully point out the fact that we long ago handed virtually any manufacturing capability to the Chinese and now have no choice but to buy from them and hope that they continue to fund our debt.

However, they don't really have a choice anymore in the debt funding dept. They have to in order to insure the viability of their own investments.

House of cards? Or is it a house of cheap plastic goods, motherboards, and US govt issued bonds? Either way....

Actually, it's in the interest of the US taxpayer

[Opportunist]

Let's be reasonable here.

The US government, in theory, should do what is beneficial to the US citizens. They're, after all, their employers, their reason to exist. Without them, they're as superfluous as the RIAA to music.

So, the government should need no reason to reach for US manufactored goods and prefering them over foreign ones. For the simple sake of national commerce. Security aside, the US government is a non profit thing. Their "profit" is the well being of the US. And that isn't buying the cheapest products, the best deal for the US is their government buying at US companies.

Just stand up and proclaim that you won't buy the Chinese laptops and instead buy (insert something that at least partly could be possible manufactured at least at SOME areas within the US). Not because China is evil, not because you don't trust them, simply 'cause the US government should first and foremost aid (and thus buy from) US based enterprises.

Re:Protectionism? Why?

[frodo+from+middle+ea]

It puts pressure no the Chinese, pure and simple.

Are you Japanese ?

Re:Protectionism? Why?

[SmokedS]

I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it.

Agreed, for now, MS would most likely not be able to hide such things. But what about when Treacherous Computing comes around?
I don't know about you, but Microsoft having their own hardware encrypted little processing enclaves, communicating over an encrypted channel with Microsoft, on most of the computers in the world gives me the shivers in a bad way.

Domestic PCs ?

[Just+Jeff]

For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!

Does anyone really think that these PCs are "domestic?" They may not be made in mainland China, but they are certainly not made in the United states either.

read up on international trade

[enjahova]

If you want to be reasonable you should take an introductory course in economics. Just because you are buying from the US does not mean you are automatically doing the best thing for the US economy.

The concept is called relative advantage. Due to the situations being what they are, The US has been a leader in science and education for a while now, and China has lots of cheap labor. So the computer was first made by a handful of scientists in America, it was expensive as hell and there were very few of them. As the scientists better understood the computer and were able to commoditize its production it became cheaper and more accessible. Computers have now gotten to the point where they are pretty much a commodity, and manufacturing them at the cheapest cost is important inorder to meet the demand.

So China has the relative advantage of manufacturing, while Americans are still the leader in business and software. If you really want to do something good for the US stand up and proclaim that you want better education systems! If we are going to lose status in the world economy it wont be because we are buying foreign products, it will be because we got fat and lazy.

Just google Comparative Advantage if you want to know more about it.

No! Other stuff is still safe.

[WebCowboy]

All other computer equipment manufactured in China must be removed too, by this reasoning.

As I read this you're modded 5/insightful...Moderators on crack again...

This reasoning means nothing of the sort. The distinguishing factor is that Lenovo is PARTLY OWNED BY THE CHINESE GOVERNMENT. Apple makes computers in China, as does Dell. However, in those cases there is NO owenership by ANY foreign governments, China or otherwise. This is important because since a foreign government can control the latter companies to disrupt supply of sensitive goods (cutting them off, or sabotaging them).

This is standard Military policy: sensitive equipment of ANY kind cannot be supplied by ANY company that is partly or wholly owned by a foreign GOVERNMENT, and even private foreign ownership is restricted somewhat. As I mentioned in another post AMC had to sell AM General when Renault bought part of AMC because Renault was owned by the French GOVERNMENT, because the military wouldn't stand for relying on its supply of Hummers being influenced by the government of a foreign company.

This includes keyboards, mice, USB hubs, and other PC equipment.

Well although many are made in China, they are not made by companies owned by the Chinese government. If it really matters, a sizeable amount of this stuff is made in Taiwan (NOT recognised as part of Communist China) and other asian countries.

Thank GOD the Blackberries are manufactured in Mexico! ..by a Canadian company ;) This is not an issue becasue RIM is not a Crown Corporation, not because it is not Chinese. If RIM was a Crown Corporation (government) then I'm sure use of blackberries by US government or military agents wouls also be restricted, or a special agreement would've had to be established.

Re:Protectionism? Why?

[radtea]

On a more serious note, this is obviously a purely political step - but why?

Because the U.S. is in the grip of a fairly major bout of xenophobia just now. This is something that overtakes all human groups every once in a while, where suddenly anyone who is remotely outside the mainstream is automatically suspect and "other".

This kind of thinking can be seen all over the current immigration reform in the U.S., as well as border security generally. It creates massive distortions in thinking--for example, President Bush's proposal for a "tamperproof" ID for foreigners working in the U.S. only makes sense if you somehow mentally categorize outsiders in such a way that they are inherently different from Americans. Otherwise the obvious work-around of foreigners using fake American IDs is, well, obvious. Without this kind of unconscious mental distortion it is clear that foreigners are indistinguishable from Americans.

We see the same kind of thinking amongst the people who say that various illegal and unconstitutional measures will only be used against "terrorists", as if that was an unabiguously distinct, knowable category of person. By reconceptualizing terrorists as inherently "other" they are able to perform this nasty mental trickery of reassuring themselves that only bad people will be affected by the draconian powers being granted spies and miliary officials, despite the glaring epistemological problems with such beliefs.

In such a social climate, xenophobia has a lot of political value, and gestures of solidarity with the group (flag waving, declarations of patriotic feeling, signs posted on businesses declaring they hire only documented legal workers) are highly valued. Those things by themselves are relatively benign, but the flip-side is the tendency to demonize anyone outside of the group.

Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.

Re:Protectionism? Why?

[lgw]

One reason the US government is so paraoid about hardware backdoor is the number of times we've done this to other countries! Line printers (line-at-a-time impact printers) sold to Iraq in the 80s had radio transponders secretly embedded, so that they could be located at some distance. As such printers are only used in large data centers, we had a targets list of a significant portion of the Iraqi communications infrastructure, which we bombed at the start of Gulf War I.

Xerox machines sold to the USSR during the cold war often had cameras embedded, and service technicians would take great risk in retreiving the data (I think it was actual film) when servicing the machines, but we had pictures of everything copied.

These are just 2 very simple examples that have been made public, who knows what sort of stuff we've done that's clever enough that we still keep it secret. If the Chinese got busted the consequences wouldn't be much worse than where we already are today. The CHinese government could, after all, argue that they're not crossing the line any more than the US government has repeatedly done.

Re:Protectionism? Why?

[Defector!!!]

I'm not sure that many of you all remember this, but a while back the US actually sold China a Boeing 767 with at LEAST 27 different spying devices on board. Both China and the US were mostly quiet about this though, which kept things under wrap. The BBC has articles here and here.

Looks like America has every right to be paranoid, if it expects China to treat it as it has been treated.