Best Practice: Travel Light To China

Hugh Pickens writes "What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return. 'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' says Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. The scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010 when the chamber learned that servers in China were stealing information from four of its Asia policy experts who frequently visited China. After their trips, even the office printer and a thermostat in one of the chamber's corporate offices were communicating with an internet address in China. The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them 'to certain countries,' notably China. 'Everybody knows that if you are doing business in China, in the 21st century, you don't bring anything with you,' says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. 'That's "Business 101" — at least it should be.'"

Pot calling kettle.

Read the subject line.

Re:Pot calling kettle.

[jimbolauski]

Exactly.

I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.

I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and how exactly can a drone invade your privacy any more then a manned plane?

Re:Pot calling kettle.

I see the Chinese shills are on the job here at /. as usual. You get a cup of tea and a biscuit for being so diligent and getting at FP!

Re:Pot calling kettle.

[1s44c]

pot calling kettle

My cooking pots are stainless steel. My kettle is likewise stainless steel. Nether can talk and as far as I'm aware nether has racist tendencies.

It's time that whole pot/kettle thing was just forgotten about.

Re:Pot calling kettle.

No, it's more the whole "err teh us is evler thn evrybdy else!!!!" drivel. Nobody does espionage like the Chinese, and you know it. Hell, it was a joke at an old job, go into china, turn your phone on, and watch it light up for a good 20 minutes while they downloaded the entire contents of your phone. Oddly enough, I've never seen that happen when I re-enter the US. The US isn't sneaky about it, they just confiscate what they want.

Throw in stuff like how hwawei equipment is banned for deployment in the US, as well as India and several other countries, and at some point, even the biggest idiots amongst us have to start admitting that saying china gets a pass because the US does bad stuff too is sort of like saying hitler and stalin weren't so bad because Teddy Roosevelt liked to hunt.

Re:Pot calling kettle.

[TheEyes]

Exactly.

I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.

I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and hquipow exactly can a drone invade your privacy any more then a manned plane?

Saying you don't have to worry about surveillance because you're not doing anything illegal is something like saying you don't have to worry about being shot because one of your legs is artificial. There are so many problems with being able to be put under surveillance by anyone who can flash a badge, or can fake it sufficiently to get away worn it, that concealing potentially illegal activity is almost trivial.

We Americans need to stop this live affair we are having with arbitrary privacy invasion, both by the government and private companies; if we keep it up we might someday be as bad as China is today.

Re:Pot calling kettle.

[fuzzyfuzzyfungus]

how exactly can a drone invade your privacy any more then a manned plane?

Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results.

The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...)

Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.

Re:Pot calling kettle.

[jimbolauski]

how exactly can a drone invade your privacy any more then a manned plane?

Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results. The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...) Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.

You failed to answer the question if a drone flies over your house and records you mowing your lawn how is that any different then a manned plane, if either is trampling your rights, then what does frequency have to do with it? My point is if it's perfectly acceptable for DEA agents to fly over corn fields to look for marijuana then how is a drone doing the exact same thing different. There is no distinction between manned and unmanned recording of private property from a plane, they are both in plain sight and as such recording of them is not protected.

Re:Pot calling kettle.

While the US security structure is misguided, wasteful, full of theatrics and largely indifferent towards personal privacy... the goal at least is lowering the probability of terrorism at that location. Or failing that, it's about scaring the voters. Whatever.

The Chinese goal is economic warfare on the rest of the planet. No longer content with being a model manufacturing nation for every Wall Street executive with a soft spot for despotic governments, China is looking to wholesale theft of trade secrets.

Every nation has their own agents of corporate espionage, but this is the first time that the actual nation-state gets into the game.

Maybe you should have read more than the subject line.

Re:Pot calling kettle.

[chill]

Because once the cost is driven down so much by the commoditization of the hardware that it becomes ubiquitous, they will not stop at looking for marijuana crops.

The argument is called a slippery slope and perfectly valid. For popular media references see everything from The Simpsons to the Clint Eastwood classic Magnum Force.

The distinction isn't manned or unmanned surveillance, it is the frequency and pervasiveness.

[Note: The Magnum Force reference is to the slippery slope argument in general, not necessarily total surveillance in specific.]

Re:Pot calling kettle.

[b4dc0d3r]

Your question has been answered. There is no difference, there's just more of it.

I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us

I can't make a solid legal argument because it has not been tested. SCOTUS refused to rule on whether GPS tracking, as ean example of constant monitoring, is an invasion of privacy, solely because trespass was involved on placing it there. So the question of whether it is legal to record someone's movements constantly is an unresolved legal question.

It is not a foregone conclusion, as you seem to believe, that non-stop monitoring is perfectly legal. It will be done until it is challenged. Tracking software on top of automated drones makes it possible to track individuals going about their daily lives in fairly good detail at this point, were it allowed to continue. That level of detail is excessive compared to what law enforcement needs to do its job.

I happen to believe that the Constitution and Bill of Rights make it clear that as long as you're not bothering anyone, you're free to act unimpeded. When you start setting off enough flags that someone thinks you're doing something illegal, law enforcement will put together a warrant request and then are allowed to investigate. Constant monitoring, license plate tracking, internet interception, and all of the modern surveillance techniques are so far removed from what the Founding Fathers even considered that there is no way you can just assert it's fine without a court test.

In other words, the question is to you, to argue that this is not an invasion of privacy. Until it is answered by the courts, who have already trampled on just about everything else using a combination of terrorism and commerce clause to steamroll whatever we have left. One side pushes for more surveillance, the other pushes back, and then it gets resolved in a court. Until then you're going to have to bring more to the table than this as a defense.

Re:Pot calling kettle.

Blackadders pot is blacker than his kettle.

Re:Pot calling kettle.

[fuzzyfuzzyfungus]

I apologize if I was insufficiently clear on this aspect of the 'price' argument:

Historical legal norms, governing what is/isn't protected, what does/doesn't require special permission, etc. are crafted in response to the situations that the lawmakers have to confront, either hypothetically, when crafting legislation, or in actuality, when a case comes before a court. In no small part, those actual and hypothetical situations are influenced by technology, what it costs and what it can do. If something is impossible or economically prohibitive in virtually all cases, there isn't any impetus for legal norms or institutional protections to grow up and prevent it.

Consider, for example, the notion that things done in public spaces are fair game without any sort of warrant. Historically, that seems plausible enough: cops are a limited resource, and people have lousy memories, so everybody who is acting normally enough to be forgotten quickly, and isn't interesting enough to justify the expense of having one or more agents tailing them with a notebook is safe. Thus, in practice the historical standard was not'anything is fair game in public', it was 'anything notable enough for Joe Citizen to remember it later, and anyone worth the expense of tailing manually is fair game'. If, through some innovation in cameras and machine vision, say, it becomes technologically and economically viable to track everybody all the time, the formal 'in public, no problem' standard hasn't been violated; but the previous actual 'only stuff of note, and people suspected enough to spend real money on for some reason' standard is overwhelmingly weakened.

Overflights would be a similar thing: as long as aircraft time costs some hundreds of dollars or more an hour(depending somewhat on your chosen craft and method of cost accounting), the de-facto standard for aerial observation is actually fairly high. It doesn't demand a warrant; but it demands some internal explanation good enough to move those resources. If flyovers cost $10/hour or $1/hour, that de-facto standard would vastly weaken.

That's the real core of the argument: outside of specific, dramatic, cases(like getting evidence stricken from a trial because it was illegally obtained, where your protections are essentially purely legal, since the practical side has already happened and gone against you), the real standards that governed relations between people and the state(or one another) have always been governed to a great degree by logistics, with law stepping in in situations where logistics seemed to be providing a bad result. If you merely examine those accumulated legal fixes, without reference to the logistical situation under which they were enacted, you grossly distort the actual protection(or lack thereof, as in the stereotypical gossipy small town where everybody knows everybody) which a given legal standard implied in practice. Technological change tends not to attack specific, legally formulated, protections/nonprotections very much, it just massively changes their operational significance.

Re:Pot calling kettle.

[networkBoy]

I am worried about the drones, yes.
I am vastly more worried about China if I travel there for work.
I am a not major stakeholder for a company that they would really like some intel on. We have the clean laptop, clean phone policy.
Earlier in the thread someone said pot/kettle, but seriously I don't think that's the case. The US does it's fair share of snooping, yes, but I do not think it is directed at corporate espionage, at least not at the insane level that you see in China.
Does this absolve the US of it's transgressions? no, not at all, but this is not a binary thing, it's not saint/evil, there is a vast grey area involved.
-nB

Re:Pot calling kettle.

[yurtinus]

In one case, you at least have to put up with the smell.

I wonder...

...if people traveling from Russia or China to here are told the same thing?

Re:I wonder...

[vlm]

...if people traveling from Russia or China to here are told the same thing?

1) Our security forces focus exclusively on taking peoples shoes off, punishing them for traveling by irradiating travelers, and molest traveling women and children. Definitely the laughingstock of the world's security and customs personnel.

2) Russia occasionally innovates something worth stealing (occasionally...) but China never innovates. Individual Chinese visit the US to go to research colleges etc and innovate, but nothing comes out of China worth stealing. Other than plots to put melamine in baby formula and lead paint on kids toys, can anyone think of anything they've done that the west wants that isn't just copying the west? Also what would we do with something we stole from them, outsource it right back to them anyway? Russia is corrupt enough that nothing happens there that isn't at least tangentially involved in organized crime, so if you stole a "whatever" from them, you can safely assume you'll and/or your family will end up dead, which is in some ways better than our IP system and in some ways worse.

Re:I wonder...

[Theophany]

True, but they do rip off an inordinate amount of IP too.

As much as I like my woodblock printing set, there's only so much goodwill such inventions get before I get pissy about my Ray Ban Wayfarers being Chinese fakes.

Re:I wonder...

[lorenlal]

Fine.

Add "Since the Maoist revolution," to the statement and then dispute. I'm a huge fan of tea, monks who can whoop some arse, and even some of the old music... but I'm not a fan of their current operating procedure.

Re:I wonder...

[mbone]

I deal with Chinese companies on a regular basis, and can assure you that they are innovating like mad. China is following the same classic development arc, which goes something like copy, steal, make, innovate, that the Japanese did ~ 50 years ago.

Re:I wonder...

True, but they do rip off an inordinate amount of IP too.

That's only because western cultures (specifically the handful of rich "content owners") defined IP in such a way that what China and most normal people do these days counts as a violation/infringement. They defined it as such to justify their pricing and distribution schemes (which they're free to do), and to justify government intervention and regulation (which is stupid for all but the few rich/powerful people at the top)

By getting government involved, most of these content owners have become sluggish and unresponsive to the market (they rely on government to keep them going as opposed to adapting). As such, China and other people who see the situation for what it is, are able to take advantage of them/the situation.

If the content owners spent time improving their business instead of lobbying governments, they would have come up with better solutions to piracy long ago. And it's not like there aren't attempts, such as DRM, DLC, and online subscription models for software (you may not like them, but you can just opt out and boycott those companies... same can't be said if government comes in and makes laws telling you what you can or cannot do)

Re:I wonder...

[vlm]

Who do you think has been supporting the mighty US empire with loans for the last few decades? Who does the US now owe more to than it could ever hope to pay back?

First order answer is nothing stops the mint from printing a single $100T bill, and declaring it paid off.

Second order answer is that messes up oil import costs. Once the M.E. is drained dry, or Iran closes the straits, or "whatever", then there is no further point in maintaining the charade. China gets a couple more years of interest payments, then they get something about as valuable as a box of confederate money.

Third order answer is we simply tell them "no". They can't even invade Taiwan... what are they realistically going to do to us, worst case scenario?

Now if we were dumb enough to issue bonds payable in Chinese currency, that would be a problem ... We are dumb, but not that dumb.

Re:I wonder...

[mbone]

Keep in mind that China has a recorded history of what, something between 11,000 and 17,000 years?

Say what ? The Qin Shi Huang Emperor "buried the scholars and burned the books" in 213 BCE so the history of anything much before his reign is exceedingly fragmentary. The oldest extant Chinese writings are the Oracle "bones", which date from no earlier than 1500 BCE. Even Sima Qian started his history with the Yellow Emperor (~ 2600 BC), the first ruler he considered as probably historical.

So, two thousand years ? Yes. Three, four thousand ? Maybe. Ten thousand ? No way.

Re:I wonder...

[hitmark]

And USA did right after gaining independence.

Re:I wonder...

[tnk1]

Good point, let's make that more accurate by saying that they haven't innovated since the 15th Century. That definitely changes everything.

I mean, really, what *have* they innovated since then? And no, it's not meant to cut them down. Bear in mind, this is the *reason* that one of the most populous countries in the world, with one of the oldest civilizations could turn into a second rate country in the first place. Do you think the British and Germans and Russians and Japanese could have done squat to China if they had innovated in the last 500 years? No way.

China is doing what the US did in the 19th Century... rip off everything they didn't invent themselves. Although, I will say that even when the US was ripping stuff off, they were actually inventing things too. China still isn't inventing anything other than better ways to censor their Internet.

Re:I wonder...

[Darinbob]

This is a patently obvious security thing to do. It has nothing to do with rampant paranoia as the summary suggests. Security on phones is next to non-existent, WiFi is swiftly crackable, and most users do not follow necessary security procedures because security and convenience do not co-exist. Modern office workers have essentially been trained to be lax with security because ignoring security is more productive.

We get away with it for the most part because the domestic dangers tend to be trivial (viruses, malware) and because we're not specifically targeted we just need to be slightly more secure than the next person. This doesn't work so well when it comes to business though, and even within the US you may be specifically targeted. The only difference with China is that now it's widely known that devices belonging to business visitors will be actively targeted and thus there's no room left for willful naivete.

Let's be blunt. Who are the dumbest people in the organization when it comes to computers? Sales people, who come and go at an alarming rate and who have minimal training much of the time. They're on the road constantly taking their devices into the competition's buildings. Next up on clueless meter are the executives who will be traveling around the world and schmoozing. Both of these groups will be using their own personal devices and copying work related information to them (violating IT guidelines most likely), connecting to the net via the hotel's WiFi or Starbucks, and with a smartphone they're probably automatically connecting to whatever wifi signal they see as the move around. Security nightmares even without leaving the US.

A good start

[gtvr]

Good to see companies waking up to a very obvious threat. Next will be if they can figure out that sharing IP for a little bit of extra market share over there is NOT a good long term investment.

Why not an article "Travel Light to US"?

[stm2]

Since your laptop can be confiscated legally at the border.

Re:Why not an article "Travel Light to US"?

[N1AK]

I have no intention of defending the USA's often excessive intrusions; however, as with many other issues, trying to make out that they are operating on the same level as China is misleading and counter-productive. Unless you actually have, or can provide links to a credible source showing, evidence that the US is routinely compromising the electronic devices of a vast number of foriegn visitors then you're just spreading FUD.

Re:Why not an article "Travel Light to US"?

[jellomizer]

Or anywhere in the world.
General rule of thumb when traveling is to always travel light and poor. The more valuable things you bring with you the more liability that you are lugging around, which may be stolen, confiscated, or make you prime bate to be kidnapped.
Sure you may be street smart enough in your area to see the difference between a criminal and an honest folk, but in a different culture you are green all over again, and prime bate. Even if you are going across the US. In the country and need assistance often you can get help from those guys walking down the street with large riffles in hand (as they are probably just hunting) for those who live in the country these people are not threatening they are just out having a good time. In the City you should avoid the guy walking down the street with a riffle.
Or up in the Northeast, People usually go straight to business with less pleasantries, down south there is more talk and gentlemen behavior. For a Northern folk if someone comes up to you and starts talking all friendly like, you get warning bells that this guys is trying to distract you. If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.

Re:Why not an article "Travel Light to US"?

[GameboyRMH]

Yep this is a point on which it is fair to say that America is no better.

The only safe way to take devices there is to wipe your devices clean (an uncertain and damaging act on flash storage) and carry a hard drive with a deniable hidden encrypted partition (including duress key to unlock a decoy partition) containing backups of the devices. Or store the backup online (connecting with an anti-MITM system and using proper encryption of course, that means ONLY YOU have the key and there is no "recovery" option) if you have a shit-ton of bandwidth and time.

Even then they may take your hardware and do who-knows-what to it, as happened to Moxie Marlinspike's phone. Or you may just not get it back at all.

Re:Why not an article "Travel Light to US"?

[ios+and+web+coder]

Yep this is a point on which it is fair to say that America is no better.

I'm not sure I'd agree with that.
This is a case of them planting trojans on your equipment in China, then exercising that, when you get back to the US.
In the US, this can be (and I'm sure, is) done by folk like the CIA and NSA. However, folks like me don't do it. Foreigners can come to my office, exchange files and information, use my network, and even use my USB fobs with no worries that I'll plant spyware on their machines (I am quite capable of doing so, as, I'm sure, are a significant number of /. readers).
To have it so prevalent in a nation is a serious, serious indictment. The NSA does not come to my office and demand that I arbitrarily plant trojans on our partners' and customers' machines. If they did, I would fight them fang, tooth and claw.
What is happening in China is very dangerous. Not just for us, but also for the Chinese. They may think they have this tiger by the tail, but they will really be shocked when it turns around and bites them.

Re:Why not an article "Travel Light to US"?

[vlm]

If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.

I spent a year in the south in the 90s and the reason is people see themselves as instruments of tradition. Historically mobility was low in the south, so a simple business transaction well become a lifetime economic marriage, so there's lots of courting going on. Your GGGgrandpa and his GGGgrandpa probably served in the same civil war regiment, and in fact there probably is a distant genealogically tenuous connection between you two assuming you're genuine southern natives. If nothing bad happens, your kids might very well be expected to continue the business transaction. Also there exists a massive gossip network such that you can assume everyone is all into your business, so if they truly don't know you, they will be mystified as to what you're up to simply due to curiosity. I heard some hilarious jokes that probably only make sense in the rural south about old forgetful people simply relying on their gossip hound neighbors to remind them of stuff, like a human peer to peer network. In the go go go north economic transactions are more of a one night stand or fling at most, so no one cares what church if any you attend, or what military unit you or your GGGgreatgrandpa served in. Its an article of faith amongst the southerners I knew that tradition and reputation (both individual and familial) are extremely valuable, they believe in that about as much as their church, more or less.

Northern business transactions are like a single hand of poker. Southern business transactions are like a multigenerational game of chess or Go. Before you freak out, obviously these stereotypes are only about 75% accurate.

Re:Why not an article "Travel Light to US"?

[CohibaVancouver]

Since your laptop can be confiscated legally at the border.

Yes, but you know it's happened. They scan your laptop for CP and bomb plans, then hand it back. In China, your privacy is raided without you ever knowing. This is the crucial difference.

Re:Why not an article "Travel Light to US"?

[GameboyRMH]

The NSA does not come to my office and demand that I arbitrarily plant trojans on our partners' and customers' machines. If they did, I would fight them fang, tooth and claw.

Consider the AT&T interception room, the people working there weren't as upstanding as you. I know it's server-side spying rather than client-side but it's not much better.

Also consider the laws that allow the US government unfettered access to Gmail, Blackberry comms., cellular data...is that so different from the Chinese government asking Chinese companies to spy for them?

And if the Chinese citizens think their government isn't a danger to them, they're morons. They were a danger to their own citizens long before they were a danger to any foreigners.

Why do you think companies hate user's devices?

[msobkow]

When there are risks of company devices being hacked and used to spy on corporate data, is it any wonder that many companies still refuse to allow personal devices to be connected to the company networks?

Still, you have to wonder how much of these issues are due to poor maintenance and management of the corporate infrastructure enabling the penetrations and attacks.

I've heard of ONE incident where a penetration was actually a zero-day exploit and did not happen because someone didn't upgrade a server or change passwords after employees left the company. 25 years. A quarter century. And only ONE incident that wasn't someone's failure to perform due diligence of maintenance?

That doesn't say much for North America's corporate security policies, does it?

Good practice anywhere

[million_monkeys]

This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.

Re:Good practice anywhere

[jimbolauski]

This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.

Wiping your HD after a trip to remove almost all types of malware so you don't bring anything back to the company is new, using a throw away phone so your phone can't be compromised is something new, having a thumb-drive with all your passwords on it so a key logger can't get them is something new. Not taking sensitive data overseas has been a policy for a long time but these new measures are something totally different. This is just the next evolutionary step in the battle to steal IP vs protect IP.

Hang on,,.

My T510 Came from china in the first place...

Done all over the place

This is done in every totalitarian country. For example, when David Smick was in Singapore, he called home and made a comment about being dissatisfied with the hotel room provided to him. When he was picked up the next day, the person "escorting" him apologized for his hotel room not being good.

Here in the States, we're monitored under the auspices of the "War on Drugs" or Terrorism or Child Porn or what have you. When folks say we live in a free country, I have to ask, "Is being monitored being Free?" The fact that I have to show id to buy suphedrine because a couple of addicts burnt their houses down is freedom? (As an aside, I live in white trash America and there has been maybe one meth lab in my area that has been raided in the last decade. One. But yet people and the police act like there's one on every block.)

In this day and age, the tin foil hat brigade are usually right

Re:Done all over the place

[AnonyMouseCowWard]

I haven't been, but how about a real-life example of how one of my friend has been "monitored".

She's American-born, holds an American passport, but is not white and studies in Canada. On a drive home (note, drive, not even flying) from Canada, she gets stopped at the border, her car gets searched, is detained for hours, has her cellphone messages checked, and is asked to unlock her computer, and they look at every single document and personal picture on her computer. Then they proceed to question her and ask her if she knows why she got stopped.

Why, you ask? Well, apparently being brown qualifies you as a terrorist threat despite having lived all your life in the US and studying in the crime nest that is Canada.

No, no IP was stolen. It was just "war on terror". The actions that result from it, though, are uncannily similar.

Conclusion: travel light. Period.

Chromium OS

[should_be_linear]

For this purpose notebook with ChromeOS (or ChromiumOS) seems like good solution.

Re:Chromium OS

[idji]

Where Google has full access to all your data

Re:Chromium OS

[hobarrera]

The point in question was to avoid the Chinese Government taking his information, so he switched to an alternative organization to do this.

They Do Catch Criminals That Way

[eldavojohn]

Since your laptop can be confiscated legally at the border.

I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage that way. The key difference here is that it's intended to be an open action against you by US Customs whereas in China the intent is for you to never know anything happened and the key logger or stolen information being covertly used without your knowledge of who did it or even what's going on. I think one is much worse than the other but I guess that's just my opinion.

Re:They Do Catch Criminals That Way

[Moskit]

How do you know that USA does not do similar "covert" operations"?

Echelon is just one example of a covert industrial espionage mechanism established and run by Americans. I would not think US does not do the same things as China, Russia, France or other countries. China is just so convenient to be a scapegoat. If you believe this is just to "catch criminals", you've been convinced by the dark side ;-)

In any case this article is a valuable reminder that nothing is "private" these days, that every electronic device is susceptible to be used against you.

Re:They Do Catch Criminals That Way

[Hentes]

I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage that way.

Bullshit. Why would anyone try to smuggle data physically through the border instead of sending it on wire?

Re:They Do Catch Criminals That Way

[jackhererUK]

They only catch the moronic ones that way. If you want to move data from country x to country y there is this new fangled thing called "the internet" that allows you to move data from one place to another without having to pass through customs. If you are dumb enough to try and smuggle illicit data from one country to another by carrying a laptop across the border containing said illicit data then you deserve to get caught because you are a moron.

Re:A thermostat?

[Captain+Hook]

I read it as... laptop taken to China, infected with something which then wormed it's way into all the systems it could when reconnected to the corporate network, which happened to include some network controllable thermostats.

i.e. the Chinese aren't after the thermostat, it was just part of a system which got compromised.

this is old news

[mbone]

If you travel to China, this is old news.

Yes, some businesses are beginning to require wiped travel laptops for entering the US. I have to say that I do not know anyone personally who has had laptop issues at the US border (although I know that there are some people who are on some sort of list and have them frequently). The assumption is, if you go to China, you will probably be hacked, and it's not going to happen at Customs.

By the way, in my experience Chinese firms are incredibly paranoid about this, much more so than US firms. I suspect that paranoia has some justification.

sign

[CohibaVancouver]

Sigh.

Cue all the "BUT THE US IS WORSE THAN CHINA!" posts. You should log off WoW and read a little on Amnesty International about China. Could the USA do much better? Absofreakinglutely - But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.

Re:sign

[gmhowell]

I can tell you that Chinese did not require my fingerprints and were very polite to me. Guess who was exactly the opposite?

Oh, for shit's sake, America was rude to you?! Is everyone from your home country a little pantywaist, or is your dipshittery unique?

I like the implications later on:

I also don't care about watching Tibet videos on YouTube when visiting China, I don't watch them at home either.

IOW, 'fuck Tibet, but Americans were rude to me, so let me start my Intarweb jihad against them.'

Boy, talk about first world problems.

Here's a better idea-

[IWantMoreSpamPlease]

Stop doing businees in and with China, entirely.
Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.

Re:Here's a better idea-

[siddesu]

Too bad the captains of the industry already decided it cannot work. To paraphrase the best one of them, workers in your home country/state are no longer flexible enough, smart enough and diligent enough to contribute enough to your shareholders' returns.

Also, you're not a common radical, you're a delusional and dangerous communist.

Re:Here's a better idea-

[siddesu]

His position is obviously against maximizing corporate profits. As such, it is undeniably dangerous, abhorrent, anti-capitalist and utterly unjustifiable, as I already explained. It is also very bad for you, although you probably cannot realize it now. By supporting this position, it looks like you may benefit, but this is most assuredly a delusion. And here's why.

You are a man who thinks in terms of nations and peoples. There are no nations. There are no peoples. There are no Russians. There are no Arabs. There are no Third Worlds. There is no West. There is only one holistic system of systems. One vast and immane, interwoven, interacting, multi-varied, multi-national dominion of dollars. Petro-dollars, electro-dollars, multi-dollars, reichmarks, rands, rubles, pounds and shekels.

It is the international system of currency which determines the totality of life on this planet. That is the natural order of things today. That is the atomic, and sub-atomic and galactic structure of things today.

You get up here on Slashdot howl about America and democracy. There is no America. There is no democracy. There is only IBM and ITT and AT&T, and DuPont, Dow, Google and Apple. Those are the nations of the world today.

We no longer live in a world of nations and ideologies, Mr AC. The world is a college of corporations, inexorably determined by the immutable bye-laws of of business. The world is a business, Mr AC. It has been since man crawled out of the slime.

And our children will live, Mr AC, to see that perfect world, in which there is no war nor famine, oppression or brutality. One vast and ecumenical holding company for whom all men will work to serve a common profit. In which all men will hold a share of stock.

Re:Here's a better idea-

[CohibaVancouver]

Stop doing businees in and with China, entirely. Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.

You do realize many of these business travellers (like the ones from my company) are selling stuff *to* China, right? So we're actually generating jobs here....

Misinformation

[Maximum+Prophet]

So take a laptop filled with misinformation, science fiction, and totally bogus stuff. If enough people do this, your adversary will bankrupt himself trying to figure it all out. Extra points for the size of the server farms you can get trying to decrypt output from /dev/random.

Re:Misinformation

[greg1104]

You should take a look at the pornography laws in China before you do that. That's a good way to land in jail a few years.

"Little bit ?"

[unity100]

China is 1.5 billion people. all of anglosphere and europe AND russia combined, cannot match that market. and its a growing market. not a saturated one.

Re:"Little bit ?"

[tnk1]

Actually, the US is still the largest manufacturing country in the world, although China is catching up.

The lesson to take from this

[Blahah]

The lesson to take from this is: don't store valuable information on your thermostat.

Re:The lesson to take from this

[Ihmhi]

The scene is a dark room with a solitary light bulb suspended by a cord. Two Chinese thugs hold an American businessman hostage.

Thug: Give us the information on the chip fabrication process and we'll let you go. Otherwise, we may have to do something... unpleasant.

Businessman: Do your worst!

Thug: Very well! Turn his home thermostat up... to 71 degrees!

Businessman: N-n-no! You bastards! YOU BASTARDS!

Lacks disposable income

[realxmp]

China is 1.5 billion people. all of anglosphere and europe AND russia combined, cannot match that market. and its a growing market. not a saturated one.

China as a nation has a big GDP yes, but the per capita GDP is right down there with the Dominican Republic. There are a lot of people in China, but as a market western companies can only target the relatively small subset with relatively large disposable incomes. All of the migrant workers etc need their money to eat and clothe themselves and don't have much left over. Also you need to bear in mind that the rules aren't the same across China, some businesses are only possible in the Special Economic Zones. The other big problem is it is really hard to judge how big the market is, the only accurate figures are a state secret and that makes a lot of businesses nervous.

Re:Lacks disposable income

[Cytotoxic]

The Chinese "middle class" surpassed the population of the entire United States or Europe several years ago. Sure, that still leaves roughly a billion poor people, but with nearly a half-billion doing well, they have some serious internal market power. This also bodes well for political change within China.... a half-billion people with iPhones (or clones) and cars are going to start asking why they don't have more control over their lives at some point.

Of course, with twice as many people stuck in rural poverty while seeing a growing bourgeoisie, there's another potential road to political change....

Re:A thermostat?

[Lehk228]

a fancy thermostat and a printer would both have a web interface panel, if the firewall did not isolate those devices from outside http requests both could have been being accessed from china without compromising anything, for that matter it could have been one of their own people tried to print something while they were in china, and that put the printers address in memory with the great firewall, and chinas security guys were following up (probably automated but sometimes china will do things manually that really need not be) to check if that address was some kind of proxy system.

Re:A thermostat?

[vlm]

Not only just another windows box, but a windows box that cannot be upgraded without violating the extremely expensive software support contract.
Seen this happen with numerically controlled machine tools, PBXs, some internet accessible "software as a service" type of apps, some weird embedded stuff I don't think I can talk about ... the stereotype is if there is an expensive support contract, that machine is gonna get owned.

Re:Kind of dumb...

[pseudofrog]

Okay. Erm...good for you? Would you like a cookie?

And that doesnt happen in u.s. ?

[unity100]

Nato has been an espionage networ that is called echelon for around 2-3 decades, and its now publicly acknowledged. i have a hard time believing that u.s. did not use the non-military information it intercepted through that or other means, for the benefit of its own corporations - the very corporations which back governments into power there by the way.

Its naive to think that way. abusive parties abuse power, public or private. the only difference in between the chinese and what goes on in the west, is probably chinese do not care much to put a storefront up.

Re:Kind of dumb...

[gstoddart]

Okay. Erm...good for you? Would you like a cookie?

His phone probably doesn't accept cookies. ;-)

And Now You Know: Don't Trust Symantec

[cmholm]

Those who RTTFA (read the third fine article) may have noted the discrepancy between what Mr. Mark Bregman of Symantec does when he travels to China, versus what he sells to the rest of us: he uses a dedicated laptop for China trips, and wipes the device before and after travel. On the other hand, he defends farming out coding to China based on 1) all the big s/w vendors do it, and 2) why worry about malicious code from China, when there have been terrorist attacks on the US committed by US citizens?

Rebuttals, off the cuff:
1) Evidently, capitalists don't just sell the rope that hangs them, they'll also teach you how to tie the noose.
2) Timothy McVeigh and 8 "pro-life" murders over the course of 20 years, vs. opportunity to open back doors into virtually every PC in the United States. I think we need to check whether Mr. Bregman has registered as a lobbyist for the China Central News Agency.