Slashdot Mirror
Lenovo Banned by U.S. State Department
chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."
While Levono insists that their computers pose no security risk, we need to remember that they do run the Windows OS which is a significant hole:-) On a more serious note, this is obviously a purely political step - but why? No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists. Is a mere accusation enough to get a company dumped from secure contracts, if so I have dirt on Halliburton, KBR, CACI and a host of companies who are defrauding government agencies. Isolationism doesn't score political points the way it used to, and these are the same people that will happily defend moving jobs off shore. Who are they trying to appeal to here? There can't be that many blindly stupis people in the country ( 29%, or so, it seems)...
I have nothing to hide. So, why are you spying on me?
From TFA: This is just plain stupid. Apparently, Representative Wolf's former crusades against meth and medical marijuana no longer have the punch needed, especially in an election year, so he stirs up some ridiculous FUD about Lenovo laptops.
Never mind that the State Department would probably be wiping the default software load on these laptops in favor of its own custom software load (frankly, if they don't, they're idiots). Never mind that the State Department itself (as well as any other networks these systems will be connecting to) should be adequately protected by firewalls to prevent any unauthorized phoning-home by these systems (again, idiots if they don't). Never mind that someone at least halfway competent should be able to analyze packets exiting these systems to determine conclusively, one way or another, if they are trying to compromise security (again...well, you get the idea).
Trouble is, none of these measures will provide Rep. Wolf with the political ammo required in a year divisible by 2. By denouncing the Lenovo laptops as a 'security risk', he insures that his constituents (at least the less-technically minded of them) perceive him as 'fighting for America'.
____
~ |rip/\/\aster /\/\onkey
It's not like the PCs weren't made in China when the division was owned by IBM.
This is old news to anyone who works in Defense.
...
In fact, if you want to use hardware/software in a classified area, it has to be from a United States based company and passed through a rigorous investigation as to whether or not it is safe to use. Even things like Java or C++ libraries have to undergo this for the simple fact of the matter that the US government is over-cautious.
Do you blame them? Can you strip down a Laptop and really ensure that there's nothing like a keystroke logger or a very very low-level chipset process running on a side processor or microcontroller that captures choice information and automatically sends it out the NIC to a Chinese agency?
You have to remember that there are conspiracy theorists out there that are paid and unpaid. The paid ones are simply better at controlling their imagination to realistic limits and are hired by governments to think & fear.
Now, do you remember when certain Chinese conspiracy theorists decided that China's government suspected Windows SP2 of foul play? This is more of the same kind of thinking
My work here is dung.
Does this mean that they WON'T be outsourcing their network management to India?
I suppose next they're going to ban chinese take-out as well.
Chinese food may lead to Maoism. Protect yourself and your family with Freedom fries and toast!!! The American thing to do.
I eat Karma for breakfast, lunch, and dinner. That's why I don't have any.
Digital Equipment Corporation PDP-8s, probably. The State Department should be finalizing the procurement procedures for 2 or 3 of those any day now.
In all seriousness, unlike our 80s Moscow Embassy (which did have microphones embedded in the cement), a laptop phoning home is pretty easy to detect. Don't do anything serious on it, hook it up to the network, start typing while someone watches your packets. It's not like the Chinese have their new MagicNet(tm) which doesn't require wires, or emit electromagnetic radiation detectable by standard instruments.
OTOH, one could make the distinction between (for example) HP or Dell, which are built by Taiwainese companies, and Lenovo, which is Mainland Chinese, if you're really worried about embedded tracking devices, etc, but that's still a political, rather than a technical argument. Of course, someone at State could simply decide that auditing every 30th laptop for phoning home is too much work and risk, but even then they'd probaby only find a standard set of phishing tools and DOS zombie installs, rather than hostile foreign government spyware.
Any congresscritter proposing legislation involving technology should have to show credit from MIT for a recent course in computing/electrical engineering.
the more accurate the calculations became, the more the concepts tended to vanish into thin air. R. S. Mulliken
I know it'd never happen in a million years, but wouldn't it be absolutely hilarious if the Chinese company was so upset by the American politics involved that they decided to stop doing business with us?
Slashdot Burying Stories About Slashdot Media Owned
I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it. Remember, Lenovo assembles these in this country and in Mexico, and the company has moved its headquarters here, and hired American executives, etc. If they got caught doing this HEADS WOULD ROLL. These people would all be guilty of spying or treason, so it wouldn't be quietly hidden away, they would face arrest, possible execution. These aren't products from a company where the Chinese government has direct control of operations, and design, specification and manufacture is worldwide.
I have nothing to hide. So, why are you spying on me?
I don't trust them.
The article claims that the Chinese government owns a 28% stake in the company. At the end of the article a Lenovo spokesman says that the "government is only a minority stakeholder"
Well call me naive, but look at the power our government has over influencing companies where they own 0%. ie.. the whole NSA call monitoring thing, DOJ over MS, etc... Not to mention we have a much 'nicer' government then Chinas.
So I would hardly classify a government that owns 28% of a company a "minority stakeholder". Can you imagine the board meeting where the Lenovo CEO tell the "minority" stakeholder no.
DK
On a more serious note, this is obviously a purely political step - but why?
Because the U.S. is in the grip of a fairly major bout of xenophobia just now. This is something that overtakes all human groups every once in a while, where suddenly anyone who is remotely outside the mainstream is automatically suspect and "other".
This kind of thinking can be seen all over the current immigration reform in the U.S., as well as border security generally. It creates massive distortions in thinking--for example, President Bush's proposal for a "tamperproof" ID for foreigners working in the U.S. only makes sense if you somehow mentally categorize outsiders in such a way that they are inherently different from Americans. Otherwise the obvious work-around of foreigners using fake American IDs is, well, obvious. Without this kind of unconscious mental distortion it is clear that foreigners are indistinguishable from Americans.
We see the same kind of thinking amongst the people who say that various illegal and unconstitutional measures will only be used against "terrorists", as if that was an unabiguously distinct, knowable category of person. By reconceptualizing terrorists as inherently "other" they are able to perform this nasty mental trickery of reassuring themselves that only bad people will be affected by the draconian powers being granted spies and miliary officials, despite the glaring epistemological problems with such beliefs.
In such a social climate, xenophobia has a lot of political value, and gestures of solidarity with the group (flag waving, declarations of patriotic feeling, signs posted on businesses declaring they hire only documented legal workers) are highly valued. Those things by themselves are relatively benign, but the flip-side is the tendency to demonize anyone outside of the group.
Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.
Blasphemy is a human right. Blasphemophobia kills.
One reason the US government is so paraoid about hardware backdoor is the number of times we've done this to other countries! Line printers (line-at-a-time impact printers) sold to Iraq in the 80s had radio transponders secretly embedded, so that they could be located at some distance. As such printers are only used in large data centers, we had a targets list of a significant portion of the Iraqi communications infrastructure, which we bombed at the start of Gulf War I.
Xerox machines sold to the USSR during the cold war often had cameras embedded, and service technicians would take great risk in retreiving the data (I think it was actual film) when servicing the machines, but we had pictures of everything copied.
These are just 2 very simple examples that have been made public, who knows what sort of stuff we've done that's clever enough that we still keep it secret. If the Chinese got busted the consequences wouldn't be much worse than where we already are today. The CHinese government could, after all, argue that they're not crossing the line any more than the US government has repeatedly done.
Socialism: a lie told by totalitarians and believed by fools.