Posts Tagged ‘National Security Agency’

China Uses “Great Internet Cannon” for Aggressive Censorship

April 11, 2015

By Nicole Perlroth
Sydney Morning Herald

SAN FRANCISCO: Late last month, China began flooding US websites with a barrage of internet traffic in an apparent effort to take out services that allow China’s internet users to view websites otherwise blocked in the country.

Initial security reports suggested that China had crippled the services by exploiting its own internet filter – known as the Great Firewall – to redirect overwhelming amounts of traffic to its targets.

Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.

The Great Cannon, the researchers said in a report published on Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.

The system was used, they said, to intercept web and advertising traffic intended for Baidu – China’s biggest search engine company – and fire it at GitHub, a popular site for programmers, and, a nonprofit that runs mirror images of sites that are blocked inside China.

The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.

But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.

“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalisation of widespread and public use of an attack tool to enforce censorship.”

The researchers, who have previously done extensive research into government surveillance tools, found that while the infrastructure and code for the attacks bear similarities to the Great Firewall, the attacks came from a separate device.

The device has the ability not only to snoop on internet traffic but also to alter the traffic and direct it – on a giant scale – to any website, in what is called a “man in the middle attack”.

China’s new internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former U.S. intelligence contractor.

The US system, according to the documents, which were published by The Intercept, can deploy a system of programs that can intercept web traffic on a mass scale and redirect it to a site of their choosing. The NSA and its partners appear to use the programs for targeted surveillance, whereas China appears to use the Great Cannon for an aggressive form of censorship.

The similarities of the programs may put US officials on awkward footing, the researchers argue in their report. “This precedent will make it difficult for Western governments to credibly complain about others utilising similar techniques,” they write.

Still, the Chinese program illustrates how far officials in Beijing are willing to go to censor internet content they deem hostile. “This is just one part of President Xi Jinping’s push to gain tighter control over the internet and remove any challenges to the party,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.

Beijing continues to increase its censorship efforts under its State Internet Information Office, an office created under Xi to gain tighter control over the Internet within the country and to clamp down on online activism.

In a series of recent statements, Lu Wei, China’s internet czar, has called on the international community to respect China’s internet policies.

Beijing has recently said that it plans to help Chinese internet companies extend their influence and customer base abroad. At a meeting of the National People’s Congress in China last month, Premier Li Keqiang announced a new “Internet Plus” action plan to “encourage the healthy development of e-commerce, industrial networks and Internet banking and to guide internet-based companies to increase their presence in the international market.”

Yet the latest censorship offensive could become a major problem for Chinese companies looking to expand overseas.

“They know one of their biggest obstacles is the perception that they are tools of the Chinese government,” Lewis said. “This is going to hurt Baidu’s chances of becoming a global competitor.”


China is widely suspected to be behind the recent attacks on Github and internet freedom group Great Fire. Now we have the most concrete evidence that indeed it was, and it looks like it did so using a new weapon to boot.

That’s according to a report from Citizen Lab — an ICT, security and human rights lab based within the Munk School of Global Affairs at the University of Toronto. Citizen Lab looked into these recent attacks and identified ‘Great Cannon’, a tool built to intercept data and redirect it to specific sites, as the attack system responsible for them.

The recent attacks are the first instances of the Great Cannon being deployed, and they are notable for a few reasons. Scale is one of them: Great Fire claimed “millions” of users were compromised for the attack it suffered, which hijacked Baidu and pushed the organization’s Amazon hosting bill to $30,000 per day. It is also persistent: Github said it faced the largest attack in its history, which was ongoing for five days.

The Citizen Lab report surfaced evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon. That’s another indicator that China was behind these malicious attacks — something it denies — but there is also concern that China’s new internet weapon could be used for more specific and targeted attacks.

The Edward Snowden leaks revealed the existence of QUANTUM, an NSA tool that could plant malware on millions of computers. Citizen Lab said that, with slight moderations, China’s Great Cannon could act in a similar way:

A technically simple change in the Great Cannon’s configuration, switching to operating on traffic from a specific IP address rather than to a specific address, would allow its operator to deliver malware to targeted individuals who communicates with any Chinese server not employing cryptographic protections.

The discovery of this tool is another reminder of the importance of secure browsing technology, like HTTPS, since weak security systems can undermine the safety of internet users browsing websites.

Furthermore, with the tool now exposed to the world, what were China’s motives for using it in such a public way? It could be that it was meant as a warning to other sites that challenge its censorship and regime so directly, but, either way, it represents a worrying change in policy from defensively censoring websites in China to proactively bringing them down.


American Intelligence and Getting past the zero-sum game online

April 3, 2015


The National Security Agency campus in Fort Meade in 2013. (Patrick Semansky/Associated Press)

By Michael V. Hayden
The Washington Post

As director of the National Security Agency and then the Central Intelligence Agency after the Sept. 11, 2001, attacks, I fought to provide our intelligence officers with every possible advantage in their work to detect and confront threats from our enemies.

We were entering a new kind of conflict. I had grown to professional maturity in an era in which it was NATO vs. the Soviet Union, and our enemy — with its tank divisions in Eastern Europe and intercontinental ballistic missile silos in our sights — was easy to find, though hard to defeat. Today, our enemies are relatively easy to defeat, but they often are damnably difficult to find. Hence the need to create timely, actionable — even exquisite — intelligence.

In our efforts, the genius and innovation of American business has been essential. The United States enjoys a number of advantages, such as world-class information-technology companies, a mastery of the challenges and opportunities of big data and the reality that much of the world’s Internet traffic is serviced by U.S. companies. These things have truly made a difference, but sometimes less can be more. Here a little bit of history might be instructive.

In the late 20th century, many viewed the world as a zero-sum game. Any U.S. loss of competitive advantage was our adversary’s gain, and our security, the argument went, was correspondingly weakened as well.

Then, a key technology battleground was a measure of raw computing power known as “MTOPS” — or millions of theoretical operations per second. Successive administrations tried to protect this assumed U.S. security advantage by blocking exports of computers above a certain MTOPS limit to any but our closest allies. The NSA was always an important player in this discussion. After all, in the business of making and breaking codes, advantages in computing power were often decisive. The export barrier was seen as the NSA’s friend.

By the time I became NSA director in the late 1990s, however, the calculation was no longer that simple. We still wanted an MTOPS advantage, of course, but we were fast realizing that our preferred limits were undermining the global competitiveness of the U.S. computer industry — the very industry on which we relied for our success. It was becoming clear that the overall health of that industry was more important than any MTOPS advantage against a specific target country. We still insisted on limits with regard to places such as Cuba and North Korea, but we became far more forgiving elsewhere.

This, of course, had a powerful, positive commercial impact, but the NSA didn’t flip its position for commercial reasons. We did it for security reasons. On balance, this change made us stronger, not weaker, over the long haul, since retarding exports would inevitably retard the technological progress that was both our economic and our security lifeblood.

That early lesson has caused me to continue to challenge arguments that technological protectionism furthers national security. It might, but then again, it could have the opposite effect if it freezes development, alienates allies, feeds distrust or invites the creation of similar barriers abroad. I would recommend these broader considerations to those in the U.S. security enterprise with responsibility for evaluating these trade-offs today.

In a perverse way, as the saying goes, what goes around comes around. Precedents we set will be followed — or exploited — by others in an economic system that becomes more globalized and hence more interdependent by the day. Already others point to U.S. activities to justify their own, often nefarious, efforts. Witness the Chinese trying to create moral and legal equivalency between legitimate U.S. intelligence and their massive theft of intellectual property, or their placement of newly minted restrictions on U.S. IT firms. One wonders what the Russias and Chinas of the world will demand if U.S.-based firms are forbidden to create encryption schemes inaccessible to themselves or the government. Beyond the realm of speculation, the Chinese company Alibaba has announced plans to open a cloud data center in the United States. How will we feel when a Chinese court orders Alibaba to send data on Americans back to China, citing our own behavior as justification?

These are serious, long-term questions requiring serious, strategic answers. Possible second- and third-order effects — such as generating a stampede toward data localization or a Balkanized Internet — need to be considered alongside a still-important calculus based on more transient, tactical advantage.

U.S. intelligence was given a black eye, unfairly for the most part, by l’Affaire Snowden. It has conducted its business honorably, with restraint and oversight — perhaps more than any other country. But that has been little noted.

Today’s issues give the United States a chance to demonstrate to the world that its tough and powerful intelligence services understand what is at stake and intend to join the public discussion on how to balance the truly important privacy and security questions before us and, more important, take meaningful steps to make us stronger.

Michael V. Hayden is a principal at the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. He was director of the National Security Agency from 1999 to 2005 and the Central Intelligence Agency from 2006 to 2009.


Google Makes Most of Ties to White House — Google Executives Often in the White House

March 25, 2015

Search giant averages a White House meeting a week during Obama administration

By Brody Mullins
The Wall Street Journal

Google’s access to high-ranking Obama administration officials during a critical phase of the antitrust probe is one sign of the Internet giant’s reach in Washington. 
Google’s access to high-ranking Obama administration officials during a critical phase of the antitrust probe is one sign of the Internet giant’s reach in Washington. Photo: Marcio Jose Sanchez/Associated Press

WASHINGTON—As the federal government was wrapping up its antitrust investigation of Google Inc., company executives had a flurry of meetings with top officials at the White House and Federal Trade Commission, the agency running the probe.

Google co-founder Larry Page met with FTC officials to discuss settlement talks, according to visitor logs and emails reviewed by The Wall Street Journal. Google Chairman Eric Schmidt met with Pete Rouse, a senior adviser to President Barack Obama, in the White House.

The documents don’t show exactly what was discussed in late 2012. Soon afterward, the FTC closed its investigation after Google agreed to make voluntary changes to its business practices. (See the FTC document on Google).

Google’s access to high-ranking Obama administration officials during a critical phase of the antitrust probe is one sign of the Internet giant’s reach in Washington. Since Mr. Obama took office, employees of the Mountain View, Calif., company have visited the White House for meetings with senior officials about 230 times, or an average of roughly once a week, according to the visitor logs reviewed by the Journal.


One top lobbyist at Google, Johanna Shelton, has had more than 60 meetings at the White House. In comparison, employees of rival Comcast Corp., also known as a force in Washington, have visited the White House a total of about 20 times since Mr. Obama took office.

“We think it is important to have a strong voice in the debate and help policy makers understand our business and the work we do to keep the Internet open, to build great products, and to fuel economic growth,” says Google spokeswoman Niki Christoff.

Jennifer Friedman, a White House spokeswoman, said the FTC “is an independent agency and we respect their independent decision-making.”

She added: “White House officials meet with business executives on a range of issues on a regular basis. These meetings help keep the White House apprised of outside perspectives on important policy issues. Our staff is cognizant that it is inappropriate to discuss issues relating to regulatory enforcement.”

Justin Cole, an FTC spokesman, said: “The FTC is an independent law enforcement agency. Its enforcement decisions are driven by the applicable law and evidence in each case.”

U.S. President Barack Obama (C) speaks to the media alongside Google CEO Eric Schmidt (R) and other company CEOs during an economic meeting in the Roosevelt Room of the White House in Washington (Reuters/Jason Reed)

U.S. President Barack Obama (C) speaks to the media alongside Google CEO Eric Schmidt (R) and other company CEOs during an economic meeting in the Roosevelt Room of the White House in Washington, March 2014. (Reuters/Jason Reed)

Google’s knack for getting in the room with important government officials is gaining new relevance as scrutiny grows over how the company avoided being hit by the FTC with a potentially damaging antitrust lawsuit. Last week, the Journal reported that the FTC’s competition staff concluded that Google used anticompetitive tactics and abused its monopoly power in ways that harmed Internet users and rivals.

The staff recommended a lawsuit, which would have triggered one of the highest-profile antitrust cases since the Justice Department sued Microsoft Corp. in the 1990s. FTC commissioners voted unanimously to end the probe.

Visitor logs and internal emails reviewed by the Journal describe meetings involving Google, senior White House advisers and top FTC officials between the staff’s recommendation in August 2012 and the vote in January 2013.

On Nov. 6, 2012, the night of Mr. Obama’s re-election, Mr. Schmidt was personally overseeing a voter-turnout software system for Mr. Obama. A few weeks later, Ms. Shelton and a senior antitrust lawyer at Google went to the White House to meet with one of Mr. Obama’s technology advisers.

By the end of the month, the FTC had decided not to file an antitrust lawsuit against the company, according to the agency’s internal emails.

It is unusual for White House aides to talk with officials at a company or agency about law-enforcement matters involving the company or agency. Officials in the Justice Department’s Antitrust Division typically don’t meet with the White House during major investigations.

Google’s efforts in Washington also include a well-funded lobbying operation. Last year, Google spent $16.8 million on lobbyists, more than any other company except for Comcast, according to lobbying disclosures.

The 2014 total by Google is more than triple the company’s lobbying spending in 2010, the year before the FTC antitrust probe began, according to the Center for Responsive Politics. Google has about 100 individual lobbyists at 20 lobbying firms.

During Mr. Obama’s 2012 re-election campaign, Google employees were the second-largest source of campaign donations to his campaign by any single U.S. company, trailing only Microsoft.

A former Google vice president, Megan Smith, is now the U.S.’s chief technology officer and a high-tech adviser to Mr. Obama. Mr. Schmidt and other Google executives have been part of White House advisory panels, as have officials from other technology companies. Former Google employees helped fix problems with the website, and Mr. Obama has mentioned the company in half of his State of the Union addresses.

The company’s win-loss record on policy is mixed. The Federal Communications Commission’s rules on net neutrality were stricter than Mr. Schmidt wanted, and Google has been an antagonist of the National Security Agency and its eavesdropping operations. But Google and other Silicon Valley firms prevailed over Hollywood on tough copyright protections.

One of Google’s biggest victories is the defeat of the FTC’s antitrust probe. A lawsuit would have challenged the core of some Google business strategies. In a sign of the stakes, Google announced the hiring of 12 additional lobbying firms one week after news broke that the FTC had begun subpoenaing documents related to the investigation.

According to the visitor logs and emails reviewed by the Journal, on Dec. 12, 2011, Ms. Shelton, the Google lobbyist, and Google General Counsel Kent Walker met with Jason Furman, the chairman of the Council of Economic Advisers. Later that day, Mr. Furman met with several FTC officials, including the chairman of the commission, Jon Leibowitz.


WSJ.D is the Journal’s home for tech news, analysis and product reviews.

People familiar with the meetings say Google talked with Mr. Furman about copyright issues. Messrs. Furman and Leibowitz discussed competition in the pharmaceutical industry, according to a person in the meeting.

The same day, Mr. Schmidt and Google’s chief legal officer, David Drummond, joined other technology companies for a meeting with then-White House Chief of Staff Bill Daley. Mr. Daley met with the FTC chairman at the White House the next day, while Ms. Shelton and Mr. Drummond met with Obama senior adviser Valerie Jarrett, visitor logs show.

Google’s meeting with Mr. Daley was about online privacy, say people familiar with the meeting. Messrs. Daley and Leibowitz talked about judicial nominations. It isn’t clear what was discussed at the other White House meetings.

Mr. Leibowitz says he “would never discuss any investigative matter with anyone at the White House, including the Google investigation,” adding that he never spoke to Messrs. Furman or Daley about it.

“The FTC is an independent agency and Commissioners take their obligations of independence and confidentiality very seriously,” Mr. Leibowitz says.

The FTC staff report in August 2012 recommended against pursuing an antitrust case related to Google’s search-engine business—and in favor of a lawsuit in three other areas. A separate report from the FTC’s economic bureau didn’t favor legal action.

A string of meetings, emails and phone calls followed the staff report. While it is common for companies to communicate with government agencies, especially as investigations near a conclusion, the records reviewed by the Journal suggest more contact than was previously known publicly.

On Nov. 7, a top Google lawyer sent a defense of Google’s business to Mr. Leibowitz and the other FTC commissioners. Two days later, Mr. Drummond of Google spoke with Mr. Leibowitz, emails show.

“Am traveling back home but had a quick question,” wrote Mr. Drummond, Google’s chief legal officer. “Do you have five minutes to chat over the weekend?”

On Nov. 13, Ms. Shelton, the Google lobbyist, and the company’s antitrust counsel met with one of Mr. Obama’s top high-tech advisers in the White House. The meeting was related to Motorola patents, people familiar with the meeting say.

The next day, senior members of the FTC held an all hands “state of play” meeting on the Google investigation, emails show.

Mr. Page, Google’s co-founder, met with the FTC on Nov. 27 to discuss settlement talks. The next day, a senior FTC aide told other members of the agency’s staff that “we’re going to start our settlement discussions with Google,” according to an email. Mr. Schmidt met with Mr. Rouse, the senior White House adviser, on Nov. 30.

For the next month, FTC officials and Google worked to bring the investigation to a close, emails show. Messrs. Drummond and Leibowitz exchanged emails and phone calls over the year-end holidays while on family vacations and on New Year’s Eve.

“At your service to close this out,” Mr. Drummond wrote to the FTC chairman on Dec. 17, 2012.

Write to Brody Mullins at

China’s new terrorism law provokes anger in U.S., concern at home

March 6, 2015

The Washington Post

A new draft counterterrorism law here is provoking unusually strong condemnation, from multinational companies trying to do business in China to domestic dissidents trying to stay out of jail and from global human rights groups to foreign health workers.

Governments around the world have dealt with the threat of terrorism by increasing surveillance and curtailing civil rights, but China’s government, critics say, has exploited a genuine terrorist threat to further empower its repressive state-security apparatus. It is, they say, invoking the dangers of violent extremism to justify and expand an already harsh crackdown on civil rights and to punish foreign information technology companies that refuse to play by its rules.

Human Rights Watch calls the draft law a “recipe for abuses.” President Obama focused his ire on provisions in the law that would affect U.S. technology companies doing business here and force them to hand over the keys to their operating systems to Chinese surveillance.

The new law is symptomatic of the gulf between China and the West over human rights, and it is widening a serious rift between Washington and Beijing over cyberspace.

In an interview with Reuters this week, Obama said he had raised his concerns with China’s President Xi Jinping.

“We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States,” he said.

The state news agency Xinhua called Obama’s criticism “utterly groundless” on Wednesday, adding it was “another piece of evidence of the arrogance and hypocrisy of U.S. foreign policy.”

China blames escalating violence in its far-western province of Xinjiang on Islamist extremists bent on violent jihad; it says terrorists use the Internet to organize and to spread their ideas. It frames the new legislation as part of its efforts to counter that threat and to govern the country according to the “rule of law.” It is asking for international support and approval for its approach.

Julia Famularo, who has been studying the law for the Project 2049 Institute, an Arlington-based think tank devoted to Asian security issues, said every government has to strike a balance between fighting terrorism and citizens’ rights.

“We could argue whether the United States, Britain and other countries have been able to strike that balance — but what we are really concerned about in China is that these measures are incredibly broad, and we are worried they can be used to attack dissidents,” she said.

One of those dissidents, Hu Jia, under house arrest since last June, said the law might appeal to people angry at terrorist attacks, but it was fundamentally designed to extend a comprehensive system of control introduced by President Xi.

Chinese  human rights activist Hu Jia

“Once you want to exercise your political rights as a citizen, you will touch the red line and be caught in the net,” he said in a telephone interview. “According to criminal procedure law, your right to a lawyer will be restricted if you are accused of endangering state security or terrorism. And because the government controls propaganda, if they say you are a terrorist, then you are.”

In Xinjiang, China stands accused of a wide-ranging crackdown on the religious, political and civil rights of the mainly Muslim Uighur people, of torture and enforced disappearances and widespread socio-economic discrimination.

Now, as the arrest and imprisonment of moderate Uighur academic Ilham Tohti demonstrated last year, anyone attempting to criticize government policy or assert an independent Uighur identity runs the risk of a being branded a separatist and, by association, a terrorist.

Indeed, the law offers a broad definition of terrorism that includes not only “activity” but also “opinion” that “generates social panic, threatens public security or coerces a state organ or international organization.”

It conflates terrorism with what China defines as “religious extremism,” including, for example, the forcing of children to take part in religious activities.

Although the Chinese government has a right and responsibility to provide public order, says Sophie Richardson of Human Rights Watch, the law, and the security mind-set it lays bare, “is just as likely to fuel unrest and violence as it is to mitigate it.”

Richardson says an “incredibly broad spectrum of behavior” can be construed as criminal, “with no avenues to challenge it.”

“Even in perfectly ordinary, non-controversial criminal cases, the right to a fair trial in China is a rare thing already,” she said. “Add on that veneer of terrorism, and you have very little hope of a meaningful opportunity to defend yourself.”

The first draft of the law also demanded that IT companies operating in China hand over encryption codes, install security “backdoors” in their products to Chinese authorities, and keep servers within the country.

Obama said it would essentially force foreign companies “to turn over to the Chinese government mechanisms where they can snoop and keep track of all users of their services.”

In China, it is not only Xinhua that accuses Obama of hypocrisy. Beyond the lack of due process at Guantanamo Bay or the extended government powers granted under the Patriot Act, China points out, Western governments often request that tech companies hand over encryption codes.

Western free-speech advocates counter that China lacks effective constraints to state power, in the form of an independent judiciary, a feisty legislature, a business sector willing to stick up for itself or an independent media.

That, they say, makes government over-reach in China potentially much more dangerous.

At a news conference Wednesday, Fu Ying, spokeswoman for the National People’s Congress, China’s largely rubber-stamp parliament, said the law had been modified to reflect some of those concerns during a second round of drafting last month.

In particular, she said, there were “hot discussions among legislators” on how to “better balance the relation between counterterrorism measures and safeguarding human rights.”

She said the articles relating to IT companies had been “improved” to include “strict conditions and limits” on when data could be obtained. In particular, the law would only be used to prevent or investigate terrorist activity, she said, and after “a strict review and approval procedure.”

Richardson, of Human Rights Watch, says the only revision worth making to the first draft would be “to rip it up and start again.”

As a crackdown on nongovernmental organizations has intensified under Xi’s presidency, the new counterterrorism law also includes a section mandating the central bank and civil administration to supervise and inspect financial flows into foundations, social organizations and foreign NGOs.

[Read: Hong Kong erupts even as China tightens screws on civil society]

“Everyone is very concerned,” said a manager at an international NGO, who requested anonymity for fear of inviting problems. “This puts us into a very different purview. We are no longer civil society, now we are potential terrorists.”

Gu Jing, Xu Yangjingjing, Liu Liu and Xu Jinglu contributed to this report.


China ‘drops US tech giants’ from approved list

February 27, 2015

From the BBC

Cisco stand at trade show

About 60 Cisco products have been removed from the state-approved list of hardware

Cisco, Apple, McAfee and Citrix have all been dropped from China’s official list of approved products, according to the Reuters news agency.

The change means the companies’ products are no longer on a list used by government departments to equip offices and data centres.

Instead of the US tech firms, the approved list now recommends home-grown alternatives including Huawei and ZTE.

The move is seen as a way for China to boost its native tech industry.

Router maker Cisco is one of the biggest losers in the purge. In 2012, the hi-tech firm had about 60 separate products on the Central Government Procurement Centre’s list. Now, it has none.

Analysis by Reuters suggests that the number of foreign firms on the list as a whole has dropped by about a third. Companies making security-related hardware and software seem to have fared the worst.

Some speculated that one reason for the cull was ongoing allegations from National Security Agency whistle-blower Edward Snowden about the extent of surveillance that US had been carrying out.

“The Snowden incident, it’s become a real concern, especially for top leaders,” Tu Xinquan, associate director of the China Institute of World Trade Organization Studies, at Beijing’s University of International Business and Economics, told Reuters.

In addition, by favouring indigenous firms, China could be seeking to bolster the prospects of its tech sector, he said.

The change comes soon after China introduced rules governing tech firms selling products to banks, which, in some cases, required them to hand over the source code for their products.

US industry and technology groups have lodged official objections to the rules and have sought clarification of how they will work.


China draft counterterror law strikes fear in foreign tech firms

February 27, 2015


BEIJING/WASHINGTON Fri Feb 27, 2015 7:30am EST

(Reuters) – China is weighing a far-reaching counterterrorism law that would require technology firms to hand over encryption keys and install security “backdoors”, a potential escalation of what some firms view as the increasingly onerous terms of doing business in the world’s second largest economy.

A parliamentary body read a second draft of the country’s first anti-terrorism law this week and is expected to adopt the legislation in the coming weeks or months.

The initial draft, published by the National People’s Congress late last year, requires companies to also keep servers and user data within China, supply law enforcement authorities with communications records and censor terrorism-related internet content.

Its scope reaches far beyond a recently adopted set of financial industry regulations that pushed Chinese banks to purchase from domestic technology vendors.

The implications for Silicon Valley companies, ranging from Microsoft to Apple Inc, have set the stage for yet another confrontation over cybersecurity and technology policy, a major irritant in U.S.-China relations.

“It’s a disaster for anyone doing business in China,” said one industry source. “You are no longer allowed a VPN that’s secure, you are no longer able to transmit financials securely, or to have any corporate secrets. By law, nothing is secure.”

The Obama administration has conveyed its concerns about the anti-terrorism draft law to China, according to a U.S. official.

Although the counterterrorism provisions would apply to both domestic and foreign technologies, officials in Washington and Western business lobbies argue the law, combined with the new banking rules and a slew of anti-trust investigations, amount to unfair regulatory pressure targeting foreign companies.

“The true test will come with implementation,” said Scott Kennedy, the Director of the Project on Chinese Business and Political Economy at the Center for Strategic and International Studies in Washington.

“Given the recent spate of AML-related (anti-monopoly law) cases against foreign firms, the regulations about the banking sector, and the reduction of foreign firms’ products on government procurement lists, there is good reason for foreign firms to be highly concerned,” Kennedy said.


To be sure, Western governments, including in the United States and Britain, have for years requested tech firms to disclose encryption methods, with varying degrees of success.

Officials including FBI director James Comey and National Security Agency (NSA) director Mike Rogers publicly warned internet companies including Apple and Google late last year against using encryption that law enforcement cannot break.

Beijing has argued the need to quickly ratchet up its cybersecurity measures in the wake of former NSA contractor Edward Snowden’s revelations of sophisticated U.S. spying techniques.

In December, China’s banking regulator adopted new rules that outlined security criteria that tech products in 68 categories must meet in order to be considered “secure and controllable” for use in the financial sector, according to a version of the regulations seen by Reuters.

To attain the designation, source code powering operating systems, database software and middleware must be registered with the government if they are not domestically developed.

U.S. Trade Representative Michael Froman issued a statement on Thursday criticizing the banking rules, saying they “are not about security – they are about protectionism and favoring Chinese companies”.

“The Administration is aggressively working to have China walk back from these troubling regulations,” Froman said.

A U.S. official confirmed a letter was sent by Froman, America’s top trade negotiator, and other senior officials to Chinese counterparts expressing their concerns.

James Zimmerman, Chairman of the American Chamber of Commerce in China, said the latest rules, if implemented, would likely limit opportunities for U.S. companies, but could also backfire on China.

“One unfortunate consequence of over-broad anti-terrorism policies is to potentially isolate China technologically from the rest of the world, and the end result of that may be to limit the country’s access to cutting-edge technology and innovation,” Zimmerman said.

But several U.S. technology executives and industry sources who spoke on condition of anonymity said they feared the security law would be more stringent than the bank regulations – and more sensitive to discuss – because it was rooted in public security considerations.

The vague, open-ended requirements for cooperating with law enforcement appeared the most worrying, as well as the possibility of steep penalties or jail time for non-compliance, according to one executive.

“It’s the equivalent of the Patriot Act on really, really strong steroids,” said one U.S. industry source, referring to the anti-terrorism legislation enacted under the George W. Bush administration following the Sept. 11, 2001, attacks.

The National People’s Congress did not respond immediately to a request for comment.

Apple and Google declined to comment on the proposed law, while Microsoft was not immediately available for comment.

China is drafting the anti-terrorism law at a time when Chinese leaders say the country faces a serious threat from religious extremists and separatists. Hundreds of people have been killed over the past two years in the far western region of Xinjiang in unrest the government has blamed on Islamists who want to establish a separate state called East Turkestan.

(Writing by Gerry Shih in Beijing; Additional reporting by Paul Carsten and Matthew Miller in Beijing and Joseph Menn in San Francisco; Editing by Alex Richardson)


In China, Suspicions Cloud Trade Dispute Involving Tech Companies

BEIJING — At an elegant guesthouse here recently, China’s top Internet regulator entertained ambassadors and diplomats with platters of tempura and roast on a spit, unusual lavishness in an era of official austerity in China, to celebrate the Chinese New Year.

But the graciousness came with a warning: Foreign companies had to behave if they wanted to stay in China’s $450 billion technology market.

In Washington on the same day, more than two dozen American tech industry executives and trade association officials gathered at an emergency meeting at the pre-Civil War building of the Office of the United States Trade Representative. They told the deputy trade representative that it was time for the United States to get tough with Beijing.

The stern words at the dueling gatherings underscored how a routine trade disagreement had quickly escalated into a complex political fight. On Friday, the battle lines became even more clear, when a top United States official criticized China for the new regulations on American tech companies.

The conflict has escalated sharply for months. Now, it pits a confident Chinese leadership, alarmed by evidence of online espionage by the United States, against an awkward alliance between the Obama administration and Silicon Valley — which itself is wary of Washington but is also salivating over the huge Chinese market.

And what makes this trade dispute different from others is that traditional concerns of market share and protectionism have become intertwined with the thornier issues of national security and espionage.

“We are at a bad point in a triangular drama,” said Peter Cowhey, director of the University of California Institute on Global Conflict and Cooperation and a former counselor for the United States Trade Representative. “The Chinese government is suspicious of American spying, and it wants to advance Chinese leadership in digital markets. Washington suspects the worst of Chinese commercial policy and is equally suspicious of Chinese digital espionage.”

The latest chapter in the dispute began when China said American tech companies had to submit to invasive audits and create back doors into hardware and software. The Chinese say the rules are a matter of national security, necessary to protect state and business secrets.

The rules, which will go in effect in coming weeks, apply only to banking technology for now but are expected to spread to other sectors. Other proposed regulations in China, like an antiterror law still in draft form, go even further and could force tech companies to hand over encryption keys — the passcodes that help protect data from prying eyes — to the Chinese government.

The tech companies say the new rules and the proposals are untenable. But their hands are somewhat tied.

The companies have called on the Obama administration for help, a move made with hesitation. Silicon Valley companies are also leery of the Obama administration using their technology for espionage, particularly after the spying revelations made public by Edward J. Snowden, the former American intelligence contractor.

Read the rest:

Amid Nuclear Talks With Iran, U.S.-Iran Cyber War Escalates

February 23, 2015

By Lauren Webster
Huffington Post

U.S.-IRAN CYBER WAR ESCALATES DESPITE TALKS “A newly disclosed National Security Agency document illustrates the striking acceleration of the use of cyberweapons by the United States and Iran against each other, both for spying and sabotage, even as Secretary of State John Kerry and his Iranian counterpart met in Geneva to try to break a stalemate in the talks over Iran’s disputed nuclear program.”

Iranian Foreign Minister Mohammad Javad Zarif shakes hands on January 14, 2015 with US State Secretary John Kerry in Geneva. AFP/Getty Images


Cyber war heating up between Iran, US

The Hill

By Elise Viebeck – 02/23/15 09:27 AM EST

The United States and Iran are battling online in an increasingly intense cyber war that is taking place against the backdrop of high-level talks on Iran’s nuclear program.

An internal National Security Agency document revealed new details of the conflict, including the acknowledgment that U.S-led cyber attacks on Iran’s nuclear facilities were the catalyst for the online war.

Starting in 2012, the United States and Britain began working together to defend against Iranian cyberattacks, including offensives launched against U.S. banks. The cyberattacks had overwhelmed the websites of Bank of America and JPMorgan Chase with traffic, preventing users from accessing their accounts.

Iran had never been officially confirmed as being behind those attacks, according to The New York Times, which covered the NSA document in a story on Sunday. The document also stated that Iran was behind a cyberattack on Saudi Aramco, the oil company, in 2012.

The NSA memo was originally published by The Intercept this month, and revealed the degree to which Iran might have gained knowledge of cyber warfare after becoming the target of repeated hacks, presumably by the United States.

The document illustrates the day-to-day warfare that is taking place online between the United States and Iran, even as Secretary of State John Kerry works to negotiate an agreement with Tehran to accept limits on its nuclear program.

The talks resumed Monday in Geneva, as parties seek to meet a March 31 deadline for a preliminary deal.


Secretary of State John Kerry walked along Lake Geneva before talks on Iran’s disputed nuclear program. Credit Salvatore Di Nolfi/European Pressphoto Agency

Document Reveals Growth of Cyberwarfare Between the U.S. and Iran

WASHINGTON — A newly disclosed National Security Agency document illustrates the striking acceleration of the use of cyberweapons by the United States and Iran against each other, both for spying and sabotage, even as Secretary of State John Kerry and his Iranian counterpart met in Geneva to try to break a stalemate in the talks over Iran’s disputed nuclear program.

The document, which was written in April 2013 for Gen. Keith B. Alexander, then the director of the National Security Agency, described how Iranian officials had discovered new evidence the year before that the United States was preparing computer surveillance or cyberattacks on their networks.

It detailed how the United States and Britain had worked together to contain the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons. That was more than two years after the Stuxnet worm attack by the United States and Israel severely damaged the computer networks at Tehran’s nuclear enrichment plant.

Read the rest:


Australia and Terrorism: Attorney General Says Trust Spies and Police on Metadata to Fight Terrorism and Crime

February 22, 2015

By Ben Grubb
Sydney Morning Herald

George Brandis says data retention will come into force in Australia.

George Brandis says data retention will come into force in Australia. Photo: ABC TV

George Brandis has dismissed evidence disputing the usefulness of mandatory internet, email and phone metadata retention, saying he trusts Australian intelligence and policing agencies when they say they need the data stored for two years in order to fight terrorism and crime.

It comes as a police whistleblower told ABC Radio National’s Download This Show program that the proposed regime would be easily abused and more oversight was needed. It also comes despite mounting evidence showing little evidence to support similar schemes overseas.

Speaking on ABC TV’s 7.30 program on Friday night, the federal Attorney-General also dismissed criticism by Richard Clarke — of US President Barack Obama’s National Security Agency review panel — who said after the Edward Snowden leaks that the US government didn’t need to be retaining data when it came to fighting terrorism.

“There’s absolutely no point in quoting to me a number of random individuals because as I’ve … acknowledged, there is a variety of views about this,” Senator Brandis said, speaking from Washington, DC, where he attended the White House summit to counter violent-extremism.

“The views the Australian government will be taking most seriously are the views of our own intelligence community and policing agencies, and their advice to government … is unambiguous and it is emphatic.”

Senator Brandis also dismissed others who have raised concerns about the regime, saying that there was “a lot of special pleading going on here by people who don’t want to see this reform”.

“But the … Abbott government and I as the Attorney-General, are absolutely determined to do what we need to do to keep Australians safe…,” Senator Brandis said.

Overseas examples of how data retention had been proven ineffective were then put to Senator Brandis by Friday’s 7.30 host Steve Cannane. In one example, Senator Brandis was told that the Dutch Data Protection Authority said this week that in the 4.5 years of having data retention in place, law-enforcement authorities there had not been able to demonstrate why they needed it.

In another example, before the laws were ruled to be unconstitutional, a Germany parliamentary study found that crime clearance rates due to data retention increased by just 0.006 per cent.

And in Denmark, Mr Cannane told Senator Brandis that a Ministry of Justice report found that five years of data retention had proven to be almost of no use to the police. “Where is the hard evidence that data retention helps reduce crime and fights terrorism?” Cannane asked.

But Senator Brandis was having none of it, instead asking the Australian public to trust him and Australian agencies.

“There are a variety of views about this, but I can assure you … that the overwhelming view of the policing and law-enforcement authorities is that this [metadata] is an essential tool in relation to crime, in relation to particularly ugly crimes like paedophilia,” Senator Brandis said.

“Data retention was an essential tool in a major Europol paedophile investigation the year before last and in tracking down and breaking down terrorist networks,” Senator Brandis added, before quoting former ASIO director-general David Irvine, who, shortly before he retired last year, described the capacity of intelligence agencies to access metadata as “absolutely crucial”.

“Now any responsible government is going to take the advice of its policing authorities, is going to take the advice of its national security authorities [seriously],” Senator Brandis said.


It was also pointed out by the 7.30 host that in a recent Senate inquiry, Attorney-General’s Department officials acknowledged that data retention could be circumvented just by using offshore-based email providers like Gmail, or by using public Wi-Fi and overseas messaging apps.

“Doesn’t that mean there are lot of loopholes in this legislation?” Mr Cannane asked.

“Well our job is to have a suite of measures in place which will be as effective as possible in identifying and breaking down terrorism networks and it is absolutely no answer to that proposition that it may be possible in some circumstances that measures can be avoided,” Senator Brandis said.

Senator Brandis said he expected bipartisan support from Labor in supporting the passage of the Data Retention Bill in order “to do what is necessary to fill that gaping hole in our intelligence and policing capability”.

Prime Minister Tony Abbott has indicated he wants the bill passed by March 19, and recently revealed that the scheme would cost about $400 million to set up. There has been no word on how much money the Abbott government will reimburse of the industry’s costs, although Fairfax Media has been told a 50-50 cost-sharing arrangement is being contemplated.

But whether there remains bipartisan support between the Coalition and Labor on national security remains unclear, with Fairfax revealing on Monday that Opposition Leader Bill Shorten told the Prime Minister he was disappointed with the way the Abbott government had sought to politicise debate about national security and data retention legislation.

Senator Brandis’ comments on 7.30 came as a police insider who spoke on the condition of anonymity told ABC Radio National’s Download This Show program on Thursday afternoon that Australian people were “being sleep walked into a system the attorney general cannot even articulate”.

“Right now it would be so easy for me to slip my ex-girlfriend’s number in the current process under any investigation,” the insider said. “No one would pick it up because there is no detail.”

Phone call data retained under the scheme would include who you have called, who has called you, the start and finish time of the call, and the duration – but not the content. The IP address allocated to your internet connection would also be stored so that agencies can trace those who breach laws.

Prominent people and organisations who have raised concerns about the data retention regime include Australia’s Privacy Commissioner Timothy Pilgrim, Human Rights Commissioner Gillian Triggs, the Law Council of Australia, telecommunications industry bodies the Communications Alliance and the Australian Mobile Telecommunications Association, media organisations including Fairfax Media and News Corp Australia, councils for civil liberties across Australia, Blueprint for Free Speech, Australian Lawyers for Human Rights, the Institute of Public Affairs, the Australian Privacy Foundation, online rights groups Electronic Frontiers Australia and Privacy International, and University of New South Wales professor George Williams and Dr Keiran Hardy to name just a few.

Their concerns centre on there being no judicial oversight to access the data, exactly what data is stored, the length of time the data is stored, which agencies have access, the secure storage of the data so that it isn’t hacked, journalists’ sources potentially being revealed by it, and the shadow attorney-general Mark Dreyfus’ own belief that the attorney-general of the day should not be allowed to alter without parliament’s approval what data is stored.



Get every new post delivered to your Inbox.

Join 1,061 other followers