Posts Tagged ‘Snowden’

Hillary Clinton’s Damning Emails — Democrats Don’t Seem To Care

May 1, 2016

Before the Democrats lock in their choice for President, they might want to know if Hillary Clinton broke the law with her unsecure emails and may be indicted, a question that ex-CIA analyst Ray McGovern addresses.

Then-Secretary of State Hillary Rodham Clinton preparing to testify before the House Foreign Affairs Committee in 2012.  (Photo: House Committee on Foreign Affairs/flickr/cc)


A few weeks after leaving office, former Secretary of State Hillary Clinton may have breathed a sigh of relief and reassurance when Director of National Intelligence James Clapper denied reports of the National Security Agency eavesdropping on Americans. After all, Clinton had been handling official business at the State Department like many Americans do with their personal business, on an unsecured server.

In sworn testimony before the Senate Intelligence Committee on March 12, 2013, Clapper said the NSA was not collecting, wittingly, “any type of data at all on millions or hundreds of millions of Americans,” which presumably would have covered Clinton’s unsecured emails.

But NSA contractor Edward Snowden’s revelations — starting on June 5, 2013 — gave the lie to Clapper’s testimony, which Clapper then retracted on June 21 – coincidentally, Snowden’s 30th birthday – when Clapper sent a letter to the Senators to whom he had, well, lied. Clapper admitted his “response was clearly erroneous – for which I apologize.”  (On the chance you are wondering what became of Clapper, he is still DNI.)

I would guess that Clapper’s confession may have come as a shock to then ex-Secretary Clinton, as she became aware that her own emails might be among the trillions of communications that NSA was vacuuming up. Nevertheless, she found Snowden’s truth-telling a safer target for her fury than Clapper’s dishonesty and NSA’s dragnet.

In April 2014, Clinton suggested that Snowden had helped terrorists by giving “all kinds of information, not only to big countries, but to networks and terrorist groups and the like.” Clinton was particularly hard on Snowden for going to China (Hong Kong) and Russia to escape a vengeful prosecution by the U.S. government.

Clinton even explained what extraordinary lengths she and her people went to in safeguarding government secrets: “When I would go to China or would go to Russia, we would leave all my electronic equipment on the plane with the batteries out, because …they’re trying to find out not just about what we do in our government, they’re … going after the personal emails of people who worked in the State Department.” Yes, she said that. (emphasis added)

Hoisted on Her Own Petard

Alas, nearly a year later, in March 2015, it became known that during her tenure as Secretary of State she had not been as diligent as she led the American people to believe. She had used a private server for official communications, rather than the usual official State Department email accounts maintained on federal servers. Thousands of those emails would retroactively be marked classified – some at the TOP SECRET/Codeword level – by the department.

During an interview last September, Snowden was asked to respond to the revelations about highly classified material showing up on Clinton’s personal server: “When the unclassified systems of the United States government, which has a full-time information security staff, regularly gets hacked, the idea that someone keeping a private server in the renovated bathroom of a server farm in Colorado is more secure is completely ridiculous.”

Hillary Clinton. Credit Andrew Burton, Getty Images

Asked if Clinton “intentionally endangered US international security by being so careless with her email,” Snowden said it was not his place to say. Nor, it would seem, is it President Barack Obama’s place to say, especially considering that the FBI is actively investigating Clinton’s security breach. But Obama has said it anyway.

“She would never intentionally put America in any kind of jeopardy,” the President said on April 10. In the same interview, Obama told Chris Wallace, “I guarantee that there is no political influence in any investigation conducted by the Justice Department, or the FBI – not just in this case, but in any case. Full stop. Period.”

But, although a former professor of Constitutional law, the President sports a checkered history when it comes to prejudicing investigations and even trials, conducted by those ultimately reporting to him. For example, more than two years before Bradley (Chelsea) Manning was brought to trial, the President stated publicly: “We are a nation of laws. We don’t let individuals make decisions about how the law operates. He [Bradley Manning] broke the law!”

Not surprisingly, the ensuing court martial found Manning guilty, just as the Commander in Chief had predicted. Though Manning’s purpose in disclosing mostly low-level classified information was to alert the American public about war crimes and other abuses by the U.S. government, Manning was sentenced to 35 years in prison.

On March 9, when presidential candidate Clinton was asked, impertinently during a debate, whether she would withdraw from the race if she were indicted for her cavalier handling of government secrets, she offered her own certain prediction: “Oh, for goodness sake! It’s not going to happen. I’m not even answering that question.”

Prosecutorial Double Standards

Merited or not, there is, sadly, some precedent for Clinton’s supreme confidence. Retired General and ex-CIA Director David Petraeus, after all, lied to the FBI (a felony for “lesser” folks) about giving his mistress/biographer highly classified information and got off with a slap on the wrist, a misdemeanor fine and probation, no jail time – a deal that Obama’s first Attorney General Eric Holder did on his way out the door.

We are likely to learn shortly whether Attorney General Loretta Lynch is as malleable as Holder or whether she will allow FBI Director James Comey, who held his nose in letting Petraeus cop a plea, to conduct an unfettered investigation this time – or simply whether Comey will be compelled to enforce Clinton’s assurance that “it’s not going to happen.”

Last week, Fox News TV legal commentator Andrew Napolitano said the FBI is in the final stages of its investigation into Clinton and her private email server. His sources tell him that “the evidence of her guilt is overwhelming,” and that the FBI has enough evidence to indict and convict.

Whether Napolitano has it right or not, it seems likely that Clinton is reading President Obama correctly – no profile in courage is he. Nor is Obama likely to kill the political fortunes of the now presumptive Democratic presidential nominee. Yet, if he orders Lynch and Comey not to hold Hillary Clinton accountable for what – in my opinion and that of most other veteran intelligence officials whom I’ve consulted – amounts to at least criminal negligence, another noxious precedent will be set.

Knowing Too Much

This time, however, the equities and interests of the powerful, secretive NSA, as well as the FBI and Justice, are deeply involved. And by now all of them know “where the bodies are buried,” as the smart folks inside the Beltway like to say. So the question becomes would a future President Hillary Clinton have total freedom of maneuver if she were beholden to those all well aware of her past infractions and the harm they have done to this country.

One very important, though as yet unmentioned, question is whether security lapses involving Clinton and her emails contributed to what Clinton has deemed her worst moment as Secretary of State, the killing of Ambassador Christopher Stevens and three other U.S. personnel at the lightly guarded U.S. “mission” (a very small, idiosyncratic, consulate-type complex not performing any consular affairs) in Benghazi, Libya, on Sept. 11, 2012.

Somehow the terrorists who mounted the assault were aware of the absence of meaningful security at the facility, though obviously there were other means for them to have made that determination, including the State Department’s reliance on unreliable local militias who might well have shared that inside information with the attackers.

However, if there is any indication that Clinton’s belatedly classified emails contained information about internal State Department discussions regarding the consulate’s security shortcomings, questions may be raised about whether that information was somehow compromised by a foreign intelligence agency and shared with the attackers.

We know that State Department bureaucrats under Secretary Clinton overruled repeated requests for additional security in Benghazi. We also know that Clinton disregarded NSA’s repeated warnings against the use of unencrypted communications. One of NSA’s core missions, after all, is to create and maintain secure communications for military, diplomatic, and other government users.

Clinton’s flouting of the rules, in NSA’s face, would have created additional incentive for NSA to keep an especially close watch on her emails and telephone calls. The NSA also might know whether some intelligence service successfully hacked into Clinton’s server, but there’s no reason to think that the NSA would share that sort of information with the FBI, given the NSA’s history of not sharing its data with other federal agencies even when doing so makes sense.

The NSA arrogates to itself the prerogative of deciding what information to keep within NSA walls and what to share with the other intelligence and law enforcement agencies like the FBI. (One bitter consequence of this jealously guarded parochialism was the NSA’s failure to share very precise information that could have thwarted the attacks of 9/11, as former NSA insiders have revealed.)

It is altogether likely that Gen. Keith Alexander, head of NSA from 2005 to 2014, neglected to tell the Secretary of State of NSA’s “collect it all” dragnet collection that included the emails and telephone calls of Americans – including Clinton’s. This need not have been simply the result of Alexander’s pique at her disdain for communications security requirements, but rather mostly a consequence of NSA’s modus operandi.

With the mindset at NSA, one could readily argue that the Secretary of State – and perhaps the President himself – had no “need-to-know.” And, needless to say, the fewer briefed on the NSA’s flagrant disregard for Fourth Amendment protections against unreasonable searches and seizures the better.

So, if there is something incriminating – or at least politically damaging – in Clinton’s emails, it’s a safe bet that at least the NSA and maybe the FBI, as well, knows. And that could make life difficult for a Clinton-45 presidency. Inside the Beltway, we don’t say the word “blackmail,” but the potential will be there. The whole thing needs to be cleaned up now before the choices for the next President are locked in.

Did An NSA Backdoor Bring Down Security of U.S. Government and Corporate Computer Systems?

December 23, 2015


By Kim Zetter

Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper’s devices.

The researchers’ findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company’s source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.

Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday.

They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.

Weinmann says the Juniper backdoor is a textbook example of how someone can exploit the existing weaknesses in the Dual_EC algorithm, noting that the method they used matches exactly a method the security community warned about back in 2007.

The new information about how the backdoor works also suggests that a patch Juniper sent to customers last week doesn’t entirely fix the backdoor problem, since the major configuration error Juniper made still exists.

“One [more] line of code could fix this,” Weinmann says. He’s not sure why Juniper didn’t add this fix to the patch it sent to customers last week.

Although the party behind the Juniper backdoor could be the NSA or an NSA spying partner like the UK or Israel, news reports last week quoted unnamed US officials saying they don’t believe the US intelligence community is behind it, and that the FBI is investigating the issue. Other possible culprits behind the sophisticated attack, of course, could be Russia or China.

If someone other than the US did plant the backdoor, security experts say the attack on Juniper firewalls underscores precisely why they have been saying for a long time that government backdoors in systems are a bad idea—because they can be hijacked and repurposed by other parties.

How the Backdoor Works

According to Weinmann, to make their scheme work, the attackers behind the Juniper backdoor altered Juniper’s source code to change a so-called constant or point that the Dual_EC algorithm uses to randomly generate a key for encrypting data. It’s assumed the attackers also possess a second secret key that only they know. This secret key, combined with the point they changed in Juniper’s software, the inherent weaknesses in Dual_EC, and the configuration error Juniper made, would allow them to decrypt Juniper’s VPN traffic.

The weaknesses in Dual_EC have been known for at least eight years. In 2007, a Microsoft employee named Dan Shumow gave a five-minute talk at a cryptography conference in California discussing discoveries that he and a Microsoft colleague named Niels Ferguson had made in the algorithm. The algorithm had recently been approved by the National Institute of Standards and Technology, along with three other random number generators, for inclusion in a standard that could be used to encrypt government classified communication. Each of the four approved generators are based on a different cryptographic design. The Dual_EC is based on elliptic curves. The NSA had long championed elliptic curve cryptography in general and publicly championed the inclusion of Dual_EC specifically for inclusion in the standard.

Random number generators play a crucial role in creating cryptographic keys. But Shumow and Ferguson found that problems with the Dual_EC made it possible to predict what the random number generator would generate, making the encryption produced with it susceptible to cracking. But this wasn’t the only problem.

The NIST standard also included guidelines for implementing the algorithm and recommended using specific constants or points—static numbers—for the elliptic curve that the random number generator relies on to work. These constants serve as a kind of public key for the algorithm. Dual_EC needs two parameters or two points on the elliptic curve; Shumow and Ferguson referred to them as P and Q.

They showed that if Q is not a true randomly generated point, and the party responsible for generating Q also generates a secret key, what they referred to as “e”, then whoever has the secret key can effectively break the generator. They determined that anyone who possessed this secret key could predict the output of the random number generator with only a very small sample of data produced by the generator—just 32 bytes of output from it. With that small amount, the party in possession of the secret key could crack the entire encryption system.

No one knew who had produced the constants, but people in the security community assumed the NSA had produced them because the spy agency had been so instrumental in having the Dual_EC algorithm included in the standard. If the NSA did produce the constants, there was concern that the spy agency might have also generated a secret key.

Cryptographer Bruce Schneier called it “scary stuff” in a piece he wrote for WIRED in 2007, but he said the flaws must have been accidental because they were too obvious—therefore developers of web sites and software applications wouldn’t use it to secure their products and systems.

The only problem with this is that major companies, like Cisco, RSA, and Juniper did use Dual_EC. The companies believed this was okay because for years no one in the security community could agree if the weakness in Dual_EC was actually an intentional backdoor. But in September 2013, the New York Times seemed to confirm this when it asserted that Top Secret memos leaked by Edward Snowden showed that the weaknesses in Dual_EC were intentional and had been created by the NSA as part of a $250-million, decade-long covert operation to weaken and undermine the integrity of encryption systems in general.

Despite questions about the accuracy of the Times story, it raised enough concerns about the security of the algorithm that NIST subsequently withdrew support for it. Security and crypto companies around the world scrambled to examine their systems to determine if the compromised algorithm played a role in any of their products.
In an announcement posted to its web site after the Times story, Juniper acknowledged that the ScreenOS software running on its NetScreen firewalls does use the Dual_EC_DRBG algorithm. But the company apparently believed it had designed its system securely so that the inherent weakness in Dual_EC was not a problem.

Juniper wrote that its encryption scheme does not use Dual_EC as its primary random number generator and that it had also implemented the generator in a secure way so that its inherent vulnerabilities didn’t matter. It did this by generating its own constant, or Q point, to use with the generator instead of the questionable one that had been attributed to the NSA. Juniper also used a second random number generator known as ANSI X.9.31. The Dual_EC generated initial output that was supposed to then be run through the ANSI generator. The output from the second random generator would theoretically cancel out any vulnerabilities that were inherent in the Dual_EC output.

Except Juniper’s system contained a bug, according to Willem Pinckaers, an independent security researcher in the San Francisco area who examined the system with Weinmann. Instead of using the second generator, it ignored this one and used only the output from the bad Dual_EC generator.

“What’s happening is they managed to screw it up in all the firmware, such that the ANSI code is there but it’s never used,” Weinmann told WIRED. “That’s a catastrophic fail.”

This put the output at risk of being compromised if an attacker also possessed a secret key that could be used with the Q point to unlock the encryption.

Weinmann and others discovered that the attackers altered Juniper’s Q and changed it to a Q they had generated. The attackers appear to have made that change in August 2012—at least that’s when Juniper started shipping a version of its ScreenOS firmware with a Q point that was different than previous versions used.

So essentially, although Juniper used its own Q point instead of using the one allegedly generated by the NSA, in an effort to make the Dual_EC more secure, the company hadn’t anticipated that attackers might break into Juniper’s network, gain access to critical systems used to build its source code, and change the Q again to something of their own choosing. And presumably, they also possess the secret key that works with the Q to unlock the encryption, otherwise they would not have gone to the trouble of changing Q. “It stands to reason that whoever managed to slip in their own Q [into the software] will also know the corresponding e,” Weinmann says.
This would not have been enough to make the backdoor work, however, if Juniper had indeed configured its system the way it said it did—using two random number generators and relying only on the second one, the ANSI generator, for the final output. But we now know it failed to do that. The backdoor remained undetected for at least three years, until Juniper recently discovered it during a code review.

Matthew Green, a cryptographer and professor at Johns Hopkins University, says that the ANSI failure raises additional questions about Juniper. “I don’t want to say that Juniper did this on purpose. But if you wanted to create a deliberate backdoor based on Dual_EC and make it look safe, while also having it be vulnerable, this is the way you’d do it. The best backdoor is a backdoor that looks like a bug, where you look at the thing and say, ‘Whoops, someone forgot a line of code or got a symbol wrong.’ … It makes it deniable. But this bug happens to be sitting there right next to this incredibly dangerous NSA-designed random number generator, and it makes that generator actually dangerous where it might not have been otherwise.”

The evidence that someone intentionally changed the Q parameter in Juniper’s software confirms what Shumow and Ferguson had warned: The inherent weaknesses in Dual_EC provide the perfect backdoor to the algorithm. Even if the algorithm was not intended to create a backdoor for the NSA, it made it possible for someone to piggyback on its weaknesses to turn it into a backdoor for themselves.

Even more worrisome is that Juniper systems are still essentially insecure. Juniper didn’t patch the problem by removing Dual_EC altogether or by altering the configuration so that the VPN encryption scheme relies on output from the ANSI generator; instead Juniper patched it simply by changing the Q point back to what the company originally had in the system. This leaves the firewalls susceptible to attack again if attackers can change the points a second time without Juniper detecting it.

The company, Weinmann says, should at least issue a new patch that makes the system use the ANSI generator and not the Dual_EC one.

“It would take one line of code to fix this,” he says.

And there’s another problem, he notes.

Juniper admitted that it had generated its own Q for Dual_EC, but it has not revealed how it generated Q—so others can’t verify that Juniper did it in a truly random way that would ensure its security. And in generating its own Q, it raises questions about whether Juniper also generated its own secret key, or “e” for the generator, which would essentially give Juniper a backdoor to the encrypted VPN traffic. This should worry customers just as much as the NSA holding a key to the backdoor, Weinmann says.

“It now depends on whether you trust them to have generated this point randomly or not. I would probably not do that at this point,” he says, given the other mistakes the company made.

Green says because of the weakness inherent in Dual_EC, Juniper should have removed it back in 2013 after the Times story published and should do so now to protect customers. “There’s no legitimate reason to put Dual_EC in a product,” he says. “There never was. This is an incredibly powerful and dangerous code and you put it in your system and it creates a capability that would not have been there otherwise. There’s no way to use it safely.”


Juniper Networks announced a serious security flaw on 17 December but said there was ‘no way to detect that this vulnerability was exploited’. Photograph: Oliver Berg/DPA/Corbis

Juniper Networks security flaw may have exposed US government data

Secure networking devices used by the US Defense Department and the FBI could have been targeted by a vulnerability that lay undetected for three years

Two security flaws that lay undiscovered in Juniper Networks’ widely used corporate virtual private network (VPN) software for three years could have exposed sensitive informative to foreign governments or criminal groups, researchers have said.

The vulnerabilities were in the form of “unauthorised code” discovered during a recent internal code review and announced on 17 December. One of the flaws could have allowed hackers to decrypt information passing through Juniper’s devices, including equipment for a secure network used by companies internally.

“Whoever planted it would have access to all the VPN traffic,” said Seth Rosenblatt, managing editor of the security and privacy site the Parallax. “Data that the VPN user thought was protected from prying eyes may have been spied on.”

The FBI is reportedly investigating the breach, which could be the work of a foreign government, though the investigation is ongoing.

German security researcher Ralf-Philipp Weinmann suggested the hack took advantage of weaknesses in the password encryption algorithm “Dual_EC” that were reportedly engineered by the NSA, which then promoted the tool as a standard.

“Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” said Bob Worrall, SVP and chief information officer at Juniper Networks.

Read the rest:


Former CIA Director Says Edward Snowden “Has Blood on His Hands,” Should Be Hanged

November 21, 2015

By Bradford Richardson
The Hill

James Woolsey
A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris.

“It’s still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he’s dead, rather than merely electrocuted,” James Woolsey told CNN’s Brooke Baldwin on Thursday.

Woolsey said Snowden, who divulged classified in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured.
“I think the blood of a lot of these French young people is on his hands,” he said.

Woolsey, who served as the head of the CIA from 1993 to 1995, said the Snowden leak was “substantial.”

“They turned loose not only material about some procedural aspects of something, they turned loose, for example, some substantial material about the Mexican intelligence service and law enforcement working together against human trafficking,” he said.

Woolsey wondered if Snowden were “pro-pimp.”

Current CIA Director John Brennan has recently echoed his predecessor’s sentiments, arguing that Snowden’s disclosures make it harder for intelligence officials to track terror plots.

“I think any unauthorized disclosures made by individuals that have dishonored the oath of office, that they have raised their hand and attested to, undermines this nation’s security,” Brennan said about Snowden at the Overseas Security Advisory Council’s annual meeting on Wednesday.

Snowden fled the country after stealing classified information and disclosing the extent of U.S. surveillance programs. He currently resides in Russia, where he has been granted temporary asylum.

China Daily: China, US gradually move to manage cyber dispute

September 14, 2015


By Chen Weihua in Washington(China Daily USA)

While cybersecurity has been a thorny issue between China and the United States in the last few years, there are signs in the past days that both sides do not want it to spill into the overall bilateral relationship and impact negatively on the upcoming state visit to the US by President Xi Jinping.

A high-level Chinese delegation, led by Meng Jianzhu, Xi’s special envoy and a member of the Politburo of the Communist Party of China (CPC), concluded a four-day talk on the issue in Washington last Saturday with senior US officials.

“The two countries have reached important consensus on combating cyber crimes,” was how Xinhua News Agency described the meeting.

During the visit, Meng, also head of the Commission for Political and Legal Affairs of the CPC Central Committee, exchanged in-depth views on tackling outstanding issues of law enforcement and security, including cyber crimes, with US Secretary of State John Kerry, Secretary of the Department of Homeland Security Jeh Johnson and US National Security Advisor Susan Rice.

The Chinese delegation included officials from the ministries of public security, state security, justice and information technology.

China and the US are both countries with highly developed Internet technology. Against a backdrop of frequent incidents and ever-increasing security threats in cyberspace, it is especially important for the two to enhance mutual trust and cooperation in the sphere of cybersecurity, Xinhua quoted Meng as saying.

Meng reiterated China’s firm stand against cyberattacks and commercial cyber espionage. He said anyone who conducts such acts in the Chinese territory violates the laws of China and will be subject to legal liability.

Meng said China-US dialogue and cooperation on combating cyber crime serve the common interest of both countries and the international community.

A White House statement said Rice had a “frank and open exchange about cyber issues” in her meeting with Meng.

Before Meng’s trip, Zhang Yesui, Chinese executive vice-minister of foreign affairs and several other senior Chinese officials have visited the US, while Rice, Daniel Russel, assistant secretary of state for East Asian and Pacific Affairs, and other senior US officials have visited China to prepare for Xi’s trip late this month.

These visits have been seen as indications that both sides want to make Xi’s trip a success despite issues such as cyber hacking and tensions over the South China Sea having cast a shadow over the bilateral relationship.

White House and State Department spokesmen have both spoken positively about Xi’s trip.

In a statement after Rice’s trip to Beijing in late August, the National Security Council spokesman Ned Price said that Rice in her meeting with Xi reaffirmed US commitment to develop and deepen practical cooperation in areas of overlapping interest and to address disagreements forthrightly and effectively.

There has been widespread concern that tensions over cybersecurity could escalate after a Washington Post report on Aug 30 saying that the Obama administration is considering applying sanctions against Chinese companies and individuals it believes have benefited from hacking of US trade secrets. It said the sanctions could come as quickly as the coming two weeks.

Both White House and State Department spokesmen have downplayed the report, describing such sanctions as a tool in the toolbox and dismissing that the US has decided to retaliate on alleged Chinese cyber theft.

Many observers have seen the Post report as a message deliberately leaked by the White House to call for more attention for the Chinese side.

On Friday, Obama said during his visit to Fort Meade, Maryland, that “we have made very clear to the Chinese that there are certain practices that they’re engaging in that we know are emanating from China and are not acceptable”.

“And we can choose to make this an area of competition — which I guarantee you we’ll win if we have to — or, alternatively, we can come to an agreement in which we say, this isn’t helping anybody; let’s instead try to have some basic rules of the road in terms of how we operate,” Obama said at Fort Meade, also home to the National Security Agency (NSA).

China has long claimed to be a victim of cyberattacks, many of which originated from the US. Revelations made by former NSA contractor Edward Snowden have shown that the US has been conducting aggressive and wide-ranging cyber espionage in the world, including against the Chinese government, universities and corporations.

Targets of US cyber espionage also have included leaders and corporations in Germany, France, Japan and Brazil, most of which are US allies.

Most countries, including China, have regarded such US cyber surveillance activities as unacceptable.

As a result, US technology companies, which have been willingly and unwillingly collaborative with NSA, also have become victims of US government activities.

A June report by the Washington-based Information Technology and Innovation Foundation said the NSA’s pervasive digital surveillance will likely cost US companies more than $35 billion in foreign business in 2016 after Snowden’s revelations pushed foreigners away from US-made technologies.

Contact the writer at



Big Brother Is Watching: U.S. Government Compiles Largest Consolidation of Personal Data On American Citizens in US History

July 18, 2015

By Paul Sperry

A key part of President Obama’s legacy will be the fed’s unprecedented collection of sensitive data on Americans by race. The government is prying into our most personal information at the most local levels, all for the purpose of “racial and economic justice.”

Unbeknown to most Americans, Obama’s racial bean counters are furiously mining data on their health, home loans, credit cards, places of work, neighborhoods, even how their kids are disciplined in school — all to document “inequalities” between minorities and whites.

This Orwellian-style stockpile of statistics includes a vast and permanent network of discrimination databases, which Obama already is using to make “disparate impact” cases against: banks that don’t make enough prime loans to minorities; schools that suspend too many blacks; cities that don’t offer enough Section 8 and other low-income housing for minorities; and employers who turn down African-Americans for jobs due to criminal backgrounds.

Big Brother Barack wants the databases operational before he leaves office, and much of the data in them will be posted online.

So civil-rights attorneys and urban activist groups will be able to exploit them to show patterns of “racial disparities” and “segregation,” even if no other evidence of discrimination exists.

Housing database

The granddaddy of them all is the Affirmatively Furthering Fair Housing database, which the Department of Housing and Urban Development rolled out earlier this month to racially balance the nation, ZIP code by ZIP code. It will map every US neighborhood by four racial groups — white, Asian, black or African-American, and Hispanic/Latino — and publish “geospatial data” pinpointing racial imbalances.

The agency proposes using nonwhite populations of 50% or higher as the threshold for classifying segregated areas.

Federally funded cities deemed overly segregated will be pressured to change their zoning laws to allow construction of more subsidized housing in affluent areas in the suburbs, and relocate inner-city minorities to those predominantly white areas. HUD’s maps, which use dots to show the racial distribution or density in residential areas, will be used to select affordable-housing sites.

HUD plans to drill down to an even more granular level, detailing the proximity of black residents to transportation sites, good schools, parks and even supermarkets. If the agency’s social engineers rule the distance between blacks and these suburban “amenities” is too far, municipalities must find ways to close the gap or forfeit federal grant money and face possible lawsuits for housing discrimination.

Civil-rights groups will have access to the agency’s sophisticated mapping software, and will participate in city plans to re-engineer neighborhoods under new community outreach requirements.

“By opening this data to everybody, everyone in a community can weigh in,” Obama said. “If you want affordable housing nearby, now you’ll have the data you need to make your case.”

Mortgage database

Meanwhile, the Federal Housing Finance Agency, headed by former Congressional Black Caucus leader Mel Watt, is building its own database for racially balancing home loans. The so-called National Mortgage Database Project will compile 16 years of lending data, broken down by race, and hold everything from individual credit scores and employment records.

Mortgage contracts won’t be the only financial records vacuumed up by the database. According to federal documents, the repository will include “all credit lines,” from credit cards to student loans to car loans — anything reported to credit bureaus. This is even more information than the IRS collects.

The FHFA will also pry into your personal assets and debts and whether you have any bankruptcies. The agency even wants to know the square footage and lot size of your home, as well as your interest rate.

FHFA will share the info with Obama’s brainchild, the Consumer Financial Protection Bureau, which acts more like a civil-rights agency, aggressively investigating lenders for racial bias.

The FHFA has offered no clear explanation as to why the government wants to sweep up so much sensitive information on Americans, other than stating it’s for “research” and “policymaking.”

However, CFPB Director Richard Cordray was more forthcoming, explaining in a recent talk to the radical California-based Greenlining Institute: “We will be better able to identify possible discriminatory lending patterns.”

Credit database

CFPB is separately amassing a database to monitor ordinary citizens’ credit-card transactions. It hopes to vacuum up some 900 million credit-card accounts — all sorted by race — representing roughly 85% of the US credit-card market. Why? To sniff out “disparities” in interest rates, charge-offs and collections.

Employment database

CFPB also just finalized a rule requiring all regulated banks to report data on minority hiring to an Office of Minority and Women Inclusion. It will collect reams of employment data, broken down by race, to police diversity on Wall Street as part of yet another fishing expedition.

School database

Through its mandatory Civil Rights Data Collection project, the Education Department is gathering information on student suspensions and expulsions, by race, from every public school district in the country. Districts that show disparities in discipline will be targeted for reform.

Those that don’t comply will be punished. Several already have been forced to revise their discipline policies, which has led to violent disruptions in classrooms.

Obama’s educrats want to know how many blacks versus whites are enrolled in gifted-and-talented and advanced placement classes.

Schools that show blacks and Latinos under-enrolled in such curricula, to an undefined “statistically significant degree,” could open themselves up to investigation and lawsuits by the department’s Civil Rights Office.

Count on a flood of private lawsuits to piggyback federal discrimination claims, as civil-rights lawyers use the new federal discipline data in their legal strategies against the supposedly racist US school system.

Even if no one has complained about discrimination, even if there is no other evidence of racism, the numbers themselves will “prove” that things are unfair.

Such databases have never before existed. Obama is presiding over the largest consolidation of personal data in US history. He is creating a diversity police state where government race cops and civil-rights lawyers will micromanage demographic outcomes in virtually every aspect of society.

The first black president, quite brilliantly, has built a quasi-reparations infrastructure perpetually fed by racial data that will outlast his administration.

Paul Sperry is a Hoover Institution media fellow and author of “The Great American Bank Robbery,” which exposes the racial politics behind the mortgage bust.


America’s global standing has been diminished — Can greatness again be found?

July 10, 2015

America’s global standing has been diminished


Washington Monument at the turn of the millennium

Standing on the Washington Mall at the turn of the new millennium, it was impossible not to be struck by America’s power and global pre-eminence.

Victory in the Cold War made it the hegemon in a unipolar world.

Few argued when the 20th Century was dubbed the “American Century”, a term first coined in the early 1940s when the country was still overcoming its isolationist instincts.

Even the New Year’s fireworks, which illuminated the obelisk of the Washington Monument in a way that made it resemble a giant number one, projected the country’s supremacy as the world’s sole superpower.

Over the past 15 years, America’s fortunes have changed with dizzying speed.

First came the tremors: the dot-com bust and a disputed presidential election in 2000. Then came the massive convulsions: the destruction of the Twin Towers in 2001 and the collapse of Lehman Brothers in 2008.

Long wars in Afghanistan and Iraq have exacted an enormous blood price – the lives of 6,852 American military personnel – not to mention immense financial expense, estimated to be as high as $6 trillion (£3.9tn).

The detention centre at Guantanamo Bay has undermined American ideals, just as the NSA and Wikileaks spying scandals have undercut American diplomacy.


George W Bush, a president with a Manichean worldview, was widely seen as over-eager to project America’s military might, without adequately considering the long-term consequences.

Barack Obama, who campaigned in 2008 on a platform of extricating America from its unpopular and exhausting wars, has drawn criticism for disengaging too much.

Under both presidents – the first an impulsive unilateralist, the second an instinctive multilateralist content sometimes to lead from behind – America’s global standing has been diminished.

Lost fear factor

Polls regularly show that Americans recognise that their country’s international standing has waned.

Among the young, this trendline has fallen sharply. Only 15% of 18-29-year-olds believe that America is the “greatest country in the world”, according to Pew, down from 27% in 2011.

Tellingly, however, there has been no great public outcry.

No longer is there much appetite for America playing its long-standing role of global policeman, even in the face of the rise of the group calling itself Islamic State.

The cost, human and financial, is considered too great. Americans increasingly think that other countries should share the burden.


Obama, while continuing to trumpet “American exceptionalism”, regularly prefaces remarks on foreign affairs by acknowledging the limits of US power, again with little public outcry.

The upshot is that the United States is no longer so keen to exert leadership in an increasingly messy world.

Yet one of the reasons why the world has become so disorderly is because America is no longer so active in imposing order.

Over the course of this century Washington has lost its fear factor.

Ignoring the White House

World leaders nowadays seem prepared to provoke the wrath of the White House, confident that it will never rain down on them.

It explains why the Syrian President Bashar al-Assad, after unleashing chemical weapons against his people, continues to bombard them with barrel bombs.

Why Vladimir Putin annexed Crimea, and also offered a safe haven for the NSA whistleblower Edward Snowden.

And also why Benjamin Netanyahu thumbed his nose at the Obama administration, by accepting an invitation from the Republican congressional leadership to address a joint session of Congress, a platform he used to lambast the Iran nuclear deal.

Assad’s flouting of American warnings is especially noteworthy.


Rebel-held Douma was hit hard by Syrian government forces in February

In killing so many civilians with chemical weapons, he flagrantly crossed the “red line” imposed by Obama, but escaped punishment.

The president was unwilling to carry through on an explicit threat, in what was the biggest foreign policy climbdown of his presidency and also one of the most significant in the past 50 years.

Even supporters of Barack Obama believe he made a fatal strategic mistake, because it demonstrated endless flexibility and a lack of American resolve.

Needless to say, despots around the world took note.

Weak hand

America’s reluctance to launch new military actions has also had a major bearing on the nuclear negotiations with Iran.

Tehran has managed to extract notable concessions, such as the ongoing ability to enrich uranium, hitherto ruled out by the Americans.

It has played a weak hand strongly, because it knows that America has what the foreign affairs columnist Thomas Friedman calls “an empty holster”.

Nor is it just America’s enemies who no longer fear the White House to the extent they once did.

In recent months, two close allies, Britain and Australia, have defied the Obama administration byjoining the Asian Infrastructure Investment Bank.

By signing up to the AIIB, they are effectively endorsing Beijing’s effort to establish financial rivals to the Bretton Woods institutions, the World Bank and International Monetary Fund (IMF), which are dominated by America.

Ambiguous language

By seeking improved commercial and diplomatic relations with China, Britain and Australia are also hedging.

They suspect that America will not be the dominant Pacific military power indefinitely, nor the world’s foremost economic powerhouse.


Other American allies would complain that the “dependability factor” has also gone.

Israel feels badly let down by the Obama administration over the Iran deal, and relations between Benjamin Netanyahu and Barack Obama are poisonous.

The president, by using deliberately ambiguous language, has even signalled that his administration might end its traditional protection of Israel at the United Nations.

Like Israel, Saudi Arabia has been enraged by the prospective nuclear deal with the Iranians.

Riyadh also knows that America is no longer so dependent on its oil, the cornerstone of the relationship since the end of World War Two.

Egypt was angered in 2012 when Obama said Cairo was neither an ally nor an enemy.

Later, the State Department issued an embarrassing correction, and reinstated Cairo as a “major non-Nato ally.”

No massaging

Maybe Obama’s Egyptian error, and the slight it conveyed, was truly a Freudian slip.

After all, he hasn’t invested the same energy nurturing alliances as his predecessors. The detached air that has been a hallmark of his presidency also extends to foreign affairs.

America’s diplomacy has also been complicated by the dysfunction and hyper-partisanship in Washington

Here, I gather, Obama recognises intellectually that he could do far more in terms of massaging the egos of world leaders, but cannot quite bring himself to do so.

Indeed, a common complaint is that the Obama administration has prioritised normalising relations with its one-time enemies, Iran and Cuba, at the expense of fostering longstanding friendships.

Realising that America is no longer so supportive, and no longer so engaged in the Middle East, the Saudis have recently taken military action of their own in Yemen.

There’s also been a warming of relations between Riyadh and Moscow.

And Egypt launched airstrikes in February against the Islamic State group in Libya.

America’s standing in the Middle East has unquestionably waned, along with its ability to shape events.

Unexpected stats

More surprising has been its slippage in Africa, Obama’s ancestral home, and Asia, the focus of his much vaunted pivot.

In Asia, America’s median approval rating in 2014, as measured by Gallup, was 39%, a 6% drop since 2011.

In Africa, the median approval went down to 59%, the lowest since polling began, despite Obama hosting the US-Africa Leaders’ Summit in Washington in August, last year.

It even dropped in Kenya, his father’s birthplace.

America’s diplomacy has also been complicated by the dysfunction and hyper-partisanship in Washington.

Republican lawmakers actively sought to derail the Iran nuclear deal by sending a letter to the supreme leader Ayatollah Ali Khamenei.

President or Congress?

House speaker John Boehner invited Netanyahu to address Congress, knowing it would infuriate the White House.

Democrats with reservations about free trade have tried to sabotage the Trans-Pacific Partnership, the biggest trade deal since Nafta.

There’s also been strong congressional opposition to one of the big plays of Obama’s second term, the rapprochement with Cuba.

Should countries listen to the president or Congress?

America cannot even lay claim any more to its great, uncontested boast since 1872, of being the world’s largest economy.

The IMF now estimates that China’s economy is fractionally bigger.

Yet it would be a mistake to exaggerate the downsizing of American influence.

US military spending continues to dwarf its rivals, and up until last year amounted to more than the next 10 countries combined.

In 2014, America spent $731bn, compared to China’s $143bn.

Even though China’s economy is now larger, America’s per capita spending power is in a different league – $53,000 to $11,868.


Though America is contending with the rise of the rest – China, India, Brazil, Germany and Russia – it has not yet been overtaken by emergent rivals.

Indeed, there are foreign policy thinkers here who predict that America will preserve its pre-eminence for at least another 20 years.

Yet the unipolar moment ushered in by the fall of the Berlin Wall has proved to be just that: momentary.

Moreover, hopes of a new world order following the collapse of the Soviet Union have given way to widespread pessimism about the spread, even the contagion, of global disorder.

Gone are the certainties of America’s Cold War thinking, when the containment of communism governed its international actions.

Gone are the doctrines that gave US foreign policy such a rigid frame, throughout the Cold War and in the aftermath of 9/11.

Gone, too, is the notion that every fight is an American fight and along with it a redefinition of what constitutes the US national interest.

Barack Obama has instead advocated pragmatism and diplomatic dexterity, trying to steer a path between America being overextended and undercommitted.

Maybe the overriding challenge for US diplomacy over the next 20 years is to strike the proper balance.

Washington Post: President Obama Must Get Action From China on Cyber Attacks — or Retaliate

July 6, 2015

The washington Post

THE OTHER shoe is expected to drop this week on the disastrous loss of confidential information from the databases of the Office of Personnel Management. The agency is expected to reveal the extent to which information from security investigations of current, former and prospective federal employees and contractors was compromised. The background checks often unearth sensitive and intimate matters, and the loss may put many at risk of blackmail. The agency is expected to reveal this week how many dossiers were taken, but reports suggest it was in the millions. The breach comes on top of a separate intrusion in which personally identifiable information on 4.2 million federal workers was filched from the OPM databases.

President Obama ought to be far more steamed about the break-ins than he appears. The OPM director, Katherine Archuleta, knew as well as anyone how sensitive the data was, yet the door to her agency was apparently left ajar. Thieves walked out with an intelligence goldmine, the most intimate details about U.S. public servants, including those who handle the most highly classified secrets of the United States. This was an unforgivable failure of stewardship that should lead to firings for incompetence. Ms. Archuleta,confronted with questions on Capitol Hill, refused to shoulder any blame. “I don’t believe anyone” at the agency “is personally responsible,” she said. “If there is anyone to blame, it is the perpetrators.”

The director of national intelligence, James R. Clapper, said China is the “leading suspect” in the breach. The FBI has issued a “flash” alert that did not specify China as the origin, but identified some malware — including a remote access tool called Sakula — that has previously been associated with Chinese cyberattacks. A Reuters report has pointed out that Sakula was also used in an attack on the mammoth health insurer Anthem this year. The report quotes sources saying that the perpetrators did not seem to be the usual Chinese outfits that try to steal military and industrial secrets through espionage, but another group affiliated with China’s Ministry of State Security. This is a worrisome prospect. The Chinese security service may be attempting to use the stolen personal data from Anthem and from OPM to build a directory of Americans who work in sensitive government positions and who can be targeted for further espionage.

Spying is a constant in international relations, but this particular theft is not business as usual. The Chinese would like to have a smooth, harmonious summit when presidents Xi Jinping and Obama meet in September. Mr. Obama should put China on notice today that such theft is inconsistent with harmony at the table — and he’s mad as hell about it. If that doesn’t get Beijing’s attention, the United States should begin preparations for retaliation aimed specifically at the alleged Chinese attackers. Not all of the broad U.S.-China bilateral relationship needs to be put at risk, but the thieves must feel the heat. It is the only way to deter future attacks.



Two years after Snowden, NSA revelations still hurting US tech firms in China

July 3, 2015

By James Griffiths
South China Morning Post

Edward Snowden began leaking information two years ago that could cost US firms tens of billions of dollars in lost business overseas. Photo: AFP

Revelations of digital surveillance by American spy agencies could end up costing US firms billions of dollars in lost business and lawmakers in Washington are falling short in their duty to address the issue, a US think tank has said.

Tech firms, in particular, have underperformed in foreign markets following the leaks by former National Security Agency contractor Edward Snowden, according to a paper published by the Information Technology and Innovation Foundation.

“Our original thought was once policy makers realised this was having an impact on business interests, they would take more aggressive action to address the concerns,” Daniel Castro, ITIF vice president, told the South China Morning Post. He helped author the report.

The ITIF predicted in 2013 that “even a modest drop” in the foreign market share for cloud computing could cost the US economy up to US$35 billion by 2016.

That now looks like a conservative estimate as the revelations of cyber-snooping have negatively affected “the whole US tech industry,” the report said.

READ MORE: UK and US spy agencies targeted Russian and Chinese anti-virus firms: Snowden leaks

Cloud computing firms and data centres have been some of the worst hit, with foreign companies choosing to avoid storing their data in the US following revelations about the NSA’s digital surveillance programmes.

A 2014 survey of British and Canadian businesses by Vancouver-based Peer 1 Hosting found that 25 per cent of respondents planned to pull data out of the US due to fears relating to data privacy.

In February, Beijing dropped a number of major American tech firms from its official state procurement list, including network equipment maker Cisco Systems, Apple, and security firm McAfee.

Brazilian President Dilma Rousseff recently met with her US counterpart Barack Obama after a long period of estrangement triggered by US spying claims. Photo: AP

“The Snowden incident, it’s become a real concern, especially for top leaders,” Tu Xinquan, associate director of the China Institute of WTO Studies in Beijing, told Reuters in April.

“In some sense, the American government has some responsibility for that. [China’s] concerns have some legitimacy.”

The White House and US International Trade Administration declined to comment on the matter, when contacted by the Post.

IBM, Microsoft and Hewlett-Packard have all reported diminished sales in China as a result of the NSA revelations, which first emerged in the summer of 2013.

The NSA was found to have tapped into the servers of major internet players like Facebook, Google and Yahoo to track online communication, among other forms of digital surveillance.

Chinese firms have also suffered due to security concerns, particularly in the US.

In 2012, a Congressional committee said that smartphone makers Huawei and ZTE were a national security threat because of their alleged ties with the Chinese government.

READ MORE: Ex-CIA chief Hayden claims Huawei spies for Chinese state

In April, US officials blocked technology exports to Chinese facilities associated with the Tianhe-2 supercomputer project, a blow to Intel and other hardware suppliers.

Even political parties in Germany have begun lampooning the US in response to its covert digital surveillance of key search engines and anti-virus software. Photo: AFP

“Both countries are looking into restrictions because of security, that’s not a good idea for either of them,” said Castro.

The ITIF paper recommends establishing international legal standards for government access to data, and developing what it terms a “Geneva Convention on the Status of Data”.

“We need to take certification out of the national level and move it to the international level. We don’t want each country to set security standards,” Castro said.

He warned that China’s pursuance of “protectionist” policies in the name of security could backfire if other countries follow suit and adopt standards that favour domestic over foreign firms for key infrastructure projects.

“China doesn’t want every other country to say ‘We have security concerns about you and refuse to buy your products,’” he added.

Castro pointed to China’s new security legislation, passed by the country’s top legislature on Wednesday, to shore up his argument that Beijing is “still going down that path”.

The sweeping law defines the scope of national security in far-reaching terms, ranging from finance, economy, politics, the military and cybersecurity to culture, ideology and religion.

One clause deals with establishing systems “for the protection of cyber and information security”.

Washington must respond if China keeps pursuing such protectionist policies but this will be problematic until concerns about NSA spying have been addressed, Castro said.

“At the end of the day, it is very hard to say with a straight face that you should buy US tech products, if the [US] government is not willing to stand up and say ‘We will not use this as a way to conduct surveillance in your countries.’”

China’s Cyber Attack on OPM “Just the beginning of the U.S.’s cybersecurity problems”

July 1, 2015


By Peter Roff

The end of the week before a long weekend is always a good time to get rid of a nettlesome employee without anyone taking very much notice. Most people are headed out of town, newspapers operate with skeleton staffs and bloggers are at the beach.

Knowing this, it would probably be a good idea if Katherine Archuleta, the director of the U.S. Office of Personnel Management, started polishing her resume and getting her affairs in order. In her current position, she’s probably not long for the world.

Congressional Republicans are calling for her head. The media is asking penetrating questions. Most ominously, for her anyway, the White House is making a point of standing behind her. White House Press Secretary Josh Earnest defended her last week saying “the administration and the president continue to believe that she’s the right person for the job.”

If anyone has yet to figure it out, Archuleta is being set up to take the rap for the hack, probably by the Chinese, of sensitive U.S. computer systems that let the unredacted records of millions, if not tens of millions, of federal employees out into the open.

[SEE: Chinese Hacking Cartoons]

There are a lot of reasons this is bad, most of them obvious. Some are not. According to one former senior U.S. government official with expertise in cybersecurity with whom I spoke, the hack may have exposed the covert identities of intelligence officers working undercover as U.S. government employees in non-security related agencies.

According to the Government Accountability Office, the number of “information security incidents” in which federal data was compromised – which is a softer way of saying stolen – has risen from 5,503 in 2006 to 67,168 in 2014. That information was conveyed to the U.S. House Homeland Security committee by Gregory Wilshusen, the GAO information security director, who, according to the Washington Times, also said the National Cybersecurity Protection System may just not be effective at keeping intruders out of government data.

What happened on Archuleta’s watch is as damaging as the leaks coming from Edward Snowden and others who have managed to penetrate America’s cybersecurity shield. Someone has to be held accountable, and it’s probably going to be her. But there’s a more outrageous problem that very few have heretofore noticed: Federal, state and local governments are already doing business with the Chinese in the cybersecurity arena.

ChinaSoft is a Chinese-owned company that provides a plethora of IT services including strategic consulting to over 60 industries. According to its website, these services include e-government. In November 2013, it merged with a company called Catapult Systems. The combined company has a client base that includes the United States Air Force Space Operations Center, ERCOT (which runs the Texas electric grid), the Federal Reserve Board, the U.S. Department of Treasury, the U.S. Army and the U.S. Department of Education.

[SEE: Congress Cartoons]

Does it matter that a Chinese-owned company is performing work on U.S. government systems? The short answer, especially in light of the most recent hack, is almost unambiguously yes. Hiring a foreign owned firm increases the risk that insiders with access to some parts of the system may acquire the information necessary to hack the rest.

This is the debate surrounding Huawei, a Chinese-owned telecommunications company that wanted to supply the government with telecommunications equipment and services. In October 2012, the U.S. House Permanent Select Committee on Intelligence went so far as to issue a report on the threat this Chinese company posed to our national security. The report went so far as to recommend that private sector companies steer clear of it. ChinaSoft and Catapult Systems aren’t Huawei, but it doesn’t take a great leap to be concerned about the risk to the integrity of U.S. systems in cyberspace posed by foreign-owned companies.

It is a mistake, one that Congress should look into, to have critical cyberspace infrastructure responsibilities protecting personal information and sensitive data run by companies that are not owned and based in the United States. Otherwise it’s like asking Willie Sutton to not just guard the bank but to design its security measures to boot.

Peter Roff is a contributing editor at U.S. News & World Report. Formerly a senior political writer for United Press International, he’s now affiliated with several public policy organizations, including Let Freedom Ring and Frontiers of Freedom. His writing has appeared in National Review, Fox News’ opinion section, The Daily Caller, Politico and elsewhere. Follow him on Twitter @PeterRoff.


China’s New Security Law: Internet Controls get Tougher

July 1, 2015

Wall Street Journal

China on Wednesday enacted a broad security law that covers everything from national sovereignty to network infrastructure and IT systems. The law raises fears among some businesses, who wonder if they will be required to give up their source code if they want to do business in the massive Chinese market, according to Reuters. “A core component of the law, passed by the standing committee of the National People’s Congress (NPC), is to make all key network infrastructure and information systems ‘secure and controllable,’” Reuters said.

Foreign business groups and diplomats have expressed fear that the law could require “that technology firms make products in China or use source code released to inspectors, forcing them to reveal intellecutual property” Reuters said.

New laws in China, along with tougher tech regulations and enforcement emerging in Europe, follow revelations from former NSA contractor Edward Snowden about the U.S. practice of embedding code in tech exports, to facilitate its own snooping. “The fact that these different pieces of legislation are all moving forward in tandem indicates the seriousness of Beijing’s commitment as well as the growing influence of hardliners shaping China’s technology policy agenda,” Samm Sacks, an analyst at Eurasia Group, said in an email cited by Reuters.

Longtime McKesson MCK +0.44% CIO says focus shifted to Business From IT. Heading into his final weeks as CIO and CTO at the pharmaceutical distributor before he transfers power to Kathy McElligott next month, McKesson Corp.‘s Randy Spratt says the role has evolved to become more business-centric and less concerned with operating complicated technologies. “The job becomes more about brokering and managing your partners just as marketing might broker and manage their partners,” Mr. Spratt tells CIO Journal.

Attacks lead boards to call for centralized security approach. Companies need to centralize cybersecurity policy and not leave it up to business groups in various countries, Richard Goodman, board director and chair of the audit committee at several Fortune 500 companies, tells CIO Journal. “You can’t give people in the field decision-making authority about whether you decide to do something or not on cybersecurity,” said Mr. Goodman, who is on the boards of Johnson Controls Inc JCI +1.41%.Kindred Healthcare Inc KND +0.30%.Western Union Co. and Toys ‘R’ Us Inc.

A matter of degrees. Companies, and IT departments in particular, need to move beyond requiring a four-year college degree for open job positions, says CIO Journal Columnist Gary Beach. “I have yet to hear a chief information officer articulate a rational explanation of what value a college degree brings to their team. Not one,” he writes.


Members of the European Parliament, with papers on their desks with the word “Roaming” crossed, take part in a vote at the European Parliament in Strasbourg, France, in March.Reuters


EU backs diluted net neutrality law. The European Union agreed to a final version of a law that would enshrine the equal treatment of Internet traffic starting next year and would scrap cellphone roaming costs starting mid-2017, the WSJ’s Natalia Drozdiak reports. But the law is milder than one recently introduced in the U.S. because it would allow operators to enter into agreements that ensure a minimum Internet quality for special services, such as video conferencing or surgery, as long as they don’t impede Web access for other users. Blocking or restricting Web traffic would also be allowed in some cases, such as to counter cyberattacks or ease the flow of traffic.

Uber execs in France face trial. French prosecutors on Tuesday ordered Uber Technologies Inc. executives Pierre-Dimitri Gore-Coty and Thibaud Simphal to stand trial on a raft of charges that could bring fines and jail time. French officials have said since last autumn that Uberpop, a service that connects unlicensed drivers with passengers, is illegal, but so far have cracked down mainly on Uberpop drivers, not Uber itself, the WSJ’s Sam Schechner and Inti Landauro report.

Europeans seek shelter in gold, bitcoin. Following fears of a Greek exit from the eurozone, demand for both age-old commodity gold and new virtual currency bitcoin has risen, the WSJ’s Michael J. Casey reports.


A Tesla charging station in Nephi, Utah. Free charging is one of the incentives the firm offers to Tesla owners.George Frey/Bloomberg News


The ultimate first world problem. Free charging at company-run stations is one of a handful of unique incentives aimed at owners of Tesla Motor Inc. vehicles, the WSJ reports. But even as Tesla has poured millions of dollars in creating a global network of free charges, owners of the $76,200 and up luxury sedans feel there still are not enough. It can take over 30 minutes to charge a Tesla and the lines at charging stations are getting longer.

FBI investigates attacks on fiber optic cables. The Federal Bureau of Investigation said it is investigating a string of attacks against fiber optic cables in the San Francisco Bay Area dating back a year, the WSJ’s Drew Fitzgerald reportsMicrosoft Corp.MSFT +0.75% on Tuesday reported a slowdown in its Azure cloud computing service in the western U.S. linked to cut fiber after several cables in Livermore, Calif. were cut in the latest attack.

VMware VMW -1.19% pays $75.5 million to settle federal government lawsuit. VMware Inc. and a reseller partner will pay the federal government $75.5 million to settle a lawsuit that said the virtualization software firm overcharged the General Services Administration, Business Insider reports. The suit was orginally filed in 2010.

Former Obama campaigners automate Big Data. Some of the data scientists behind President Obama’s successful 2012 campaign have started their own company, Civis Analytics, which taps the computing power of Amazon Web Services to help automate big analysis tasks such as pattern finding, the New York Times NYT +1.54% reports.Airbnb Inc. and The Boeing Co. are among the customers.

H-P ‘sHPQ +0.93% enterprise chief is moving on. Bill Veghte, Hewlett-Packard Co.’s Enterprise Group chief, is leaving the company to ”pursue a new opportunity,” the WSJ’s Robert McMillan reports. The departure comes as H-P plans to split into two companies, including one focused on enterprise technology. The former Microsoft Corp. executive was hired by Mark Hurd in 2010 to build H-P’s software business

Cisco CSCO -0.42% to buy network security company OpenDNS. Cisco Systems Inc. said it agreed to buy OpenDNS, the latest move by the networking giant to boost its security business, says the Journal’s Don Clark and Lisa Beilfuss. OpenDNS, which maintains a network of domain name servers to help route Web traffic, says its services can help block computer attacks from particular Internet domains and can encrypt Web traffic in ways that limit eavesdropping and other threats.

Goldman to pay $7 million over options glitch. Goldman Sachs Group Inc.GS +0.31% agreed to pay $7 million to settle charges that it failed to prevent a technical glitch that sent out thousands of erroneous trades in August 2013, the WSJ reports. In its order, the Securities and Exchange Commission said Tuesday that Goldman lacked the safeguards to stop a software program from sending 16,000 mispriced options orders in less than an hour.

Apple AAPL +0.66% loses federal appeal in e-books case. A federal appeals court upheld a 2013 decision finding Apple Inc. liable for conspiring with publishers to raise the price of e-books, the WSJ’s Joe Palazzolo reports. The iPhone maker is expected to pay $450 million, most of it to e-book consumers, as part of a November agreement with private plaintiffs and 33 states that joined the Justice Department’s 2012 lawsuit accusing Apple of violating civil antitrust law.

Sprint S -0.00% hangs up on throttling policy. Sprint Corp. said it would end a policy of slowing video speeds for unlimited data customers, after an outcry over the practice undermined the carrier’s attempt to promote a new phone plan Tuesday, theWSJ’s Ryan Knutson reports. The company said it has engaged in practice known as throttling for two years, but only recently began disclosing it more prominently after the U.S. implemented new net neutrality rules that took effect June 12.


Greece defaults on IMF loan. Greece became the first advanced economy to default on loans from the IMF, despite a last-minute push by Athens for emergency aid. As Greece missed its deadline to pay back $1.7 billion, many economists pointed tomissteps by the fund itself when it failed to demand immediate debt restructuring and relied on far-too-optimistic growth forecasts. At home and in the streets, Greeks areweighing the monumental choice they have to make on Sunday: more financial pain to stay with the euro, or the uncertainty of being cut loose.

Why U.S. banks won’t suffer big hits after Greek default. U.S. lenders in recent years have reduced the amount of Greek debt they held on their books. Still, analysts said it could disrupt financial markets enough to weigh down future results.

Bosses reclassify workers to cut costs. As scrutiny into the relationship between businesses and independent contractors rises, employers find ways to take workers off the formal payroll and lower costs. The moves include setting up workers as franchisees or owners of limited liability companies, which helps to shield businesses from tax and labor statutes.

The Morning Download comes from the editors of CIO Journal and cues up the most important news in business technology every weekday morning. Send us your tips, compliments and complaints. You can get The Morning Download emailed to you each weekday morning by clicking


Get every new post delivered to your Inbox.

Join 1,017 other followers