Best Practice: Travel Light To China

← Back to Stories (view on slashdot.org)

Best Practice: Travel Light To China

Posted by timothy on Monday February 13, 2012 @01:11AM from the micro-sd-in-dental-work dept.

Hugh Pickens writes "What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return. 'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' says Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. The scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010 when the chamber learned that servers in China were stealing information from four of its Asia policy experts who frequently visited China. After their trips, even the office printer and a thermostat in one of the chamber's corporate offices were communicating with an internet address in China. The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them 'to certain countries,' notably China. 'Everybody knows that if you are doing business in China, in the 21st century, you don't bring anything with you,' says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. 'That's "Business 101" — at least it should be.'"

25 of 334 comments (clear)

Min score:

Reason:

Sort:

Pot calling kettle. by Anonymous Coward · 2012-02-13 01:14 · Score: 2, Insightful

Read the subject line.
1. Re:Pot calling kettle. by jimbolauski · 2012-02-13 01:34 · Score: 5, Insightful
  
  Exactly.
  I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.
  I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and how exactly can a drone invade your privacy any more then a manned plane?
  
  --
  Knowledge = Power
  P= W/t
  t=Money
  Money = Work/Knowledge so the less you know the more you make
2. Re:Pot calling kettle. by TheEyes · 2012-02-13 02:14 · Score: 2, Insightful
  
  Exactly.
  I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.
  I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and hquipow exactly can a drone invade your privacy any more then a manned plane?
  Saying you don't have to worry about surveillance because you're not doing anything illegal is something like saying you don't have to worry about being shot because one of your legs is artificial. There are so many problems with being able to be put under surveillance by anyone who can flash a badge, or can fake it sufficiently to get away worn it, that concealing potentially illegal activity is almost trivial.
  We Americans need to stop this live affair we are having with arbitrary privacy invasion, both by the government and private companies; if we keep it up we might someday be as bad as China is today.
3. Re:Pot calling kettle. by fuzzyfuzzyfungus · 2012-02-13 02:23 · Score: 5, Insightful
  
  how exactly can a drone invade your privacy any more then a manned plane?
  Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results.
  
  The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...)
  
  Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.
4. Re:Pot calling kettle. by chill · 2012-02-13 03:08 · Score: 3, Insightful
  
  Because once the cost is driven down so much by the commoditization of the hardware that it becomes ubiquitous, they will not stop at looking for marijuana crops.
  The argument is called a slippery slope and perfectly valid. For popular media references see everything from The Simpsons to the Clint Eastwood classic Magnum Force.
  The distinction isn't manned or unmanned surveillance, it is the frequency and pervasiveness.
  [Note: The Magnum Force reference is to the slippery slope argument in general, not necessarily total surveillance in specific.]
  
  --
  Learning HOW to think is more important than learning WHAT to think.
5. Re:Pot calling kettle. by fuzzyfuzzyfungus · 2012-02-13 04:07 · Score: 3, Insightful
  
  I apologize if I was insufficiently clear on this aspect of the 'price' argument:
  
  Historical legal norms, governing what is/isn't protected, what does/doesn't require special permission, etc. are crafted in response to the situations that the lawmakers have to confront, either hypothetically, when crafting legislation, or in actuality, when a case comes before a court. In no small part, those actual and hypothetical situations are influenced by technology, what it costs and what it can do. If something is impossible or economically prohibitive in virtually all cases, there isn't any impetus for legal norms or institutional protections to grow up and prevent it.
  
  Consider, for example, the notion that things done in public spaces are fair game without any sort of warrant. Historically, that seems plausible enough: cops are a limited resource, and people have lousy memories, so everybody who is acting normally enough to be forgotten quickly, and isn't interesting enough to justify the expense of having one or more agents tailing them with a notebook is safe. Thus, in practice the historical standard was not'anything is fair game in public', it was 'anything notable enough for Joe Citizen to remember it later, and anyone worth the expense of tailing manually is fair game'. If, through some innovation in cameras and machine vision, say, it becomes technologically and economically viable to track everybody all the time, the formal 'in public, no problem' standard hasn't been violated; but the previous actual 'only stuff of note, and people suspected enough to spend real money on for some reason' standard is overwhelmingly weakened.
  
  Overflights would be a similar thing: as long as aircraft time costs some hundreds of dollars or more an hour(depending somewhat on your chosen craft and method of cost accounting), the de-facto standard for aerial observation is actually fairly high. It doesn't demand a warrant; but it demands some internal explanation good enough to move those resources. If flyovers cost $10/hour or $1/hour, that de-facto standard would vastly weaken.
  
  That's the real core of the argument: outside of specific, dramatic, cases(like getting evidence stricken from a trial because it was illegally obtained, where your protections are essentially purely legal, since the practical side has already happened and gone against you), the real standards that governed relations between people and the state(or one another) have always been governed to a great degree by logistics, with law stepping in in situations where logistics seemed to be providing a bad result. If you merely examine those accumulated legal fixes, without reference to the logistical situation under which they were enacted, you grossly distort the actual protection(or lack thereof, as in the stereotypical gossipy small town where everybody knows everybody) which a given legal standard implied in practice. Technological change tends not to attack specific, legally formulated, protections/nonprotections very much, it just massively changes their operational significance.
6. Re:Pot calling kettle. by networkBoy · 2012-02-13 04:25 · Score: 2, Insightful
  
  I am worried about the drones, yes.
  I am vastly more worried about China if I travel there for work.
  I am a not major stakeholder for a company that they would really like some intel on. We have the clean laptop, clean phone policy.
  Earlier in the thread someone said pot/kettle, but seriously I don't think that's the case. The US does it's fair share of snooping, yes, but I do not think it is directed at corporate espionage, at least not at the insane level that you see in China.
  Does this absolve the US of it's transgressions? no, not at all, but this is not a binary thing, it's not saint/evil, there is a vast grey area involved.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
I wonder... by Anonymous Coward · 2012-02-13 01:14 · Score: 5, Insightful

...if people traveling from Russia or China to here are told the same thing?
1. Re:I wonder... by mbone · 2012-02-13 03:03 · Score: 5, Insightful
  
  I deal with Chinese companies on a regular basis, and can assure you that they are innovating like mad. China is following the same classic development arc, which goes something like copy, steal, make, innovate, that the Japanese did ~ 50 years ago.
2. Re:I wonder... by hitmark · 2012-02-13 03:29 · Score: 3, Insightful
  
  And USA did right after gaining independence.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
A good start by gtvr · 2012-02-13 01:17 · Score: 5, Insightful

Good to see companies waking up to a very obvious threat. Next will be if they can figure out that sharing IP for a little bit of extra market share over there is NOT a good long term investment.
Why not an article "Travel Light to US"? by stm2 · 2012-02-13 01:19 · Score: 5, Insightful

Since your laptop can be confiscated legally at the border.

--
DNA in your Linux: DNALinux
1. Re:Why not an article "Travel Light to US"? by N1AK · 2012-02-13 01:32 · Score: 5, Insightful
  
  I have no intention of defending the USA's often excessive intrusions; however, as with many other issues, trying to make out that they are operating on the same level as China is misleading and counter-productive. Unless you actually have, or can provide links to a credible source showing, evidence that the US is routinely compromising the electronic devices of a vast number of foriegn visitors then you're just spreading FUD.
2. Re:Why not an article "Travel Light to US"? by CohibaVancouver · 2012-02-13 02:38 · Score: 4, Insightful
  
  Since your laptop can be confiscated legally at the border.
  Yes, but you know it's happened. They scan your laptop for CP and bomb plans, then hand it back. In China, your privacy is raided without you ever knowing. This is the crucial difference.
Why do you think companies hate user's devices? by msobkow · 2012-02-13 01:21 · Score: 4, Insightful

When there are risks of company devices being hacked and used to spy on corporate data, is it any wonder that many companies still refuse to allow personal devices to be connected to the company networks?
Still, you have to wonder how much of these issues are due to poor maintenance and management of the corporate infrastructure enabling the penetrations and attacks.
I've heard of ONE incident where a penetration was actually a zero-day exploit and did not happen because someone didn't upgrade a server or change passwords after employees left the company. 25 years. A quarter century. And only ONE incident that wasn't someone's failure to perform due diligence of maintenance?
That doesn't say much for North America's corporate security policies, does it?

--
I do not fail; I succeed at finding out what does not work.
Good practice anywhere by million_monkeys · 2012-02-13 01:23 · Score: 5, Insightful

This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.
Chromium OS by should_be_linear · 2012-02-13 01:28 · Score: 3, Insightful

For this purpose notebook with ChromeOS (or ChromiumOS) seems like good solution.

--
839*929
1. Re:Chromium OS by idji · 2012-02-13 01:38 · Score: 4, Insightful
  
  Where Google has full access to all your data
They Do Catch Criminals That Way by eldavojohn · 2012-02-13 01:29 · Score: 5, Insightful

Since your laptop can be confiscated legally at the border.
I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage that way. The key difference here is that it's intended to be an open action against you by US Customs whereas in China the intent is for you to never know anything happened and the key logger or stolen information being covertly used without your knowledge of who did it or even what's going on. I think one is much worse than the other but I guess that's just my opinion.

--
My work here is dung.
1. Re:They Do Catch Criminals That Way by Moskit · 2012-02-13 02:49 · Score: 2, Insightful
  
  How do you know that USA does not do similar "covert" operations"?
  Echelon is just one example of a covert industrial espionage mechanism established and run by Americans. I would not think US does not do the same things as China, Russia, France or other countries. China is just so convenient to be a scapegoat. If you believe this is just to "catch criminals", you've been convinced by the dark side ;-)
  In any case this article is a valuable reminder that nothing is "private" these days, that every electronic device is susceptible to be used against you.
2. Re:They Do Catch Criminals That Way by jackhererUK · 2012-02-13 03:37 · Score: 3, Insightful
  
  They only catch the moronic ones that way. If you want to move data from country x to country y there is this new fangled thing called "the internet" that allows you to move data from one place to another without having to pass through customs. If you are dumb enough to try and smuggle illicit data from one country to another by carrying a laptop across the border containing said illicit data then you deserve to get caught because you are a moron.
Re:A thermostat? by Captain+Hook · 2012-02-13 01:30 · Score: 3, Insightful

I read it as... laptop taken to China, infected with something which then wormed it's way into all the systems it could when reconnected to the corporate network, which happened to include some network controllable thermostats.

i.e. the Chinese aren't after the thermostat, it was just part of a system which got compromised.

--
These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
sign by CohibaVancouver · 2012-02-13 01:31 · Score: 4, Insightful

Sigh.

Cue all the "BUT THE US IS WORSE THAN CHINA!" posts. You should log off WoW and read a little on Amnesty International about China. Could the USA do much better? Absofreakinglutely - But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.
Here's a better idea- by IWantMoreSpamPlease · 2012-02-13 01:34 · Score: 5, Insightful

Stop doing businees in and with China, entirely.
Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.

--
So rise up, all ye lost ones, as one, we'll claw the clouds.
1. Re:Here's a better idea- by siddesu · 2012-02-13 02:06 · Score: 3, Insightful
  
  His position is obviously against maximizing corporate profits. As such, it is undeniably dangerous, abhorrent, anti-capitalist and utterly unjustifiable, as I already explained. It is also very bad for you, although you probably cannot realize it now. By supporting this position, it looks like you may benefit, but this is most assuredly a delusion. And here's why.
  You are a man who thinks in terms of nations and peoples. There are no nations. There are no peoples. There are no Russians. There are no Arabs. There are no Third Worlds. There is no West. There is only one holistic system of systems. One vast and immane, interwoven, interacting, multi-varied, multi-national dominion of dollars. Petro-dollars, electro-dollars, multi-dollars, reichmarks, rands, rubles, pounds and shekels.
  It is the international system of currency which determines the totality of life on this planet. That is the natural order of things today. That is the atomic, and sub-atomic and galactic structure of things today.
  You get up here on Slashdot howl about America and democracy. There is no America. There is no democracy. There is only IBM and ITT and AT&T, and DuPont, Dow, Google and Apple. Those are the nations of the world today.
  We no longer live in a world of nations and ideologies, Mr AC. The world is a college of corporations, inexorably determined by the immutable bye-laws of of business. The world is a business, Mr AC. It has been since man crawled out of the slime.
  And our children will live, Mr AC, to see that perfect world, in which there is no war nor famine, oppression or brutality. One vast and ecumenical holding company for whom all men will work to serve a common profit. In which all men will hold a share of stock.