Forgot your password?
typodupeerror

Lenovo Banned by U.S. State Department 474

Posted by Zonk
from the somebody's-watching-me dept.
chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."
This discussion has been archived. No new comments can be posted.

Lenovo Banned by U.S. State Department

Comments Filter:
  • Cry Wolf (Score:5, Insightful)

    by TripMaster Monkey (862126) * on Friday May 19, 2006 @10:18AM (#15365258)

    From TFA:
    Mr Wolf, Republican chairman of the committee that oversees the department's funds, told reporters that China's spying efforts were "frightening".

    It was "no secret that the US is a principal target of Chinese intelligence services", he said, adding: "No American government agency should want to purchase from them".
    This is just plain stupid. Apparently, Representative Wolf's [house.gov] former crusades against meth [lasvegastribune.com] and medical marijuana [stopthedrugwar.org] no longer have the punch needed, especially in an election year, so he stirs up some ridiculous FUD about Lenovo laptops.

    Never mind that the State Department would probably be wiping the default software load on these laptops in favor of its own custom software load (frankly, if they don't, they're idiots). Never mind that the State Department itself (as well as any other networks these systems will be connecting to) should be adequately protected by firewalls to prevent any unauthorized phoning-home by these systems (again, idiots if they don't). Never mind that someone at least halfway competent should be able to analyze packets exiting these systems to determine conclusively, one way or another, if they are trying to compromise security (again...well, you get the idea).

    Trouble is, none of these measures will provide Rep. Wolf with the political ammo required in a year divisible by 2. By denouncing the Lenovo laptops as a 'security risk', he insures that his constituents (at least the less-technically minded of them) perceive him as 'fighting for America'.
  • Old News (Score:5, Insightful)

    by eldavojohn (898314) * <eldavojohn@nOspAM.gmail.com> on Friday May 19, 2006 @10:19AM (#15365265) Journal
    This is old news to anyone who works in Defense.

    In fact, if you want to use hardware/software in a classified area, it has to be from a United States based company and passed through a rigorous investigation as to whether or not it is safe to use. Even things like Java or C++ libraries have to undergo this for the simple fact of the matter that the US government is over-cautious.

    Do you blame them? Can you strip down a Laptop and really ensure that there's nothing like a keystroke logger or a very very low-level chipset process running on a side processor or microcontroller that captures choice information and automatically sends it out the NIC to a Chinese agency?

    You have to remember that there are conspiracy theorists out there that are paid and unpaid. The paid ones are simply better at controlling their imagination to realistic limits and are hired by governments to think & fear.

    Now, do you remember when certain Chinese conspiracy theorists decided that China's government suspected Windows SP2 [newamerica.net] of foul play? This is more of the same kind of thinking ...
  • Re:Dumb (Score:5, Insightful)

    by just_another_sean (919159) on Friday May 19, 2006 @10:23AM (#15365286) Homepage Journal
    Not to mention every other PC manufacturer who's PCs are made in China. Dell, HP, Gateway, Acer, show me one PC manufacturer who doesn't have at least some of their PCs assembled in China by Chinese.

    Seems kind of arbitrary for them to pick on one company over this.
  • by ZSpade (812879) on Friday May 19, 2006 @10:24AM (#15365305) Homepage
    Exactly when have computer components been made in America. Most, in fact, are not. thinkpads were made in China before, the only difference now is that they are not supervised by a US company.

    Somebody should show this guy the label on the pen he uses, on his reading glasses, on most of the small electronics he owns. Odds are they aren't made in America either. Does that mean his cellphone is a threat to national security!? This kind of ignorance really makes no sense whatsoever.
  • Re:Dumb (Score:3, Insightful)

    by archen (447353) on Friday May 19, 2006 @10:25AM (#15365309)
    Actually I'd like to know where they are going to get these PC's that are not made in China. And why stop at China anyway? Ban all foreign PCs (which isn't going to make much of a difference since they're all made in China anway). Oh, the U.S. doesn't make any anymore? Guess that's too bad for us. Most companies don't even bother hiding where it comes from. My iBook shipped directly from China to my address.
  • Re:Cry Wolf (Score:5, Insightful)

    by TripMaster Monkey (862126) * on Friday May 19, 2006 @10:25AM (#15365312)

    I didn't say there was no risk. I did say:
    • By following proper security procedures, any risk could be effectively managed.
        - and -
    • Rep. Wolf isn't interested in avoiding risk. He's interested in acquiring political clout.
  • by digitaldc (879047) * on Friday May 19, 2006 @10:26AM (#15365319)
    All other computer equipment manufactured in China must be removed too, by this reasoning.

    This includes keyboards, mice, USB hubs, and other PC equipment.

    Thank GOD the Blackberries are manufactured in Mexico!
  • by CosmeticLobotamy (155360) on Friday May 19, 2006 @10:32AM (#15365368)
    "A little box on the keyboard wire"? I'm sorry, but do you imagine Chinese intelligence to be run by 14-year-old pranksters that get their spy supplies at ThinkGeek?
  • by Frumious Wombat (845680) on Friday May 19, 2006 @10:36AM (#15365396)
    Digital Equipment Corporation PDP-8s, probably. The State Department should be finalizing the procurement procedures for 2 or 3 of those any day now.

    In all seriousness, unlike our 80s Moscow Embassy (which did have microphones embedded in the cement), a laptop phoning home is pretty easy to detect. Don't do anything serious on it, hook it up to the network, start typing while someone watches your packets. It's not like the Chinese have their new MagicNet(tm) which doesn't require wires, or emit electromagnetic radiation detectable by standard instruments.

    OTOH, one could make the distinction between (for example) HP or Dell, which are built by Taiwainese companies, and Lenovo, which is Mainland Chinese, if you're really worried about embedded tracking devices, etc, but that's still a political, rather than a technical argument. Of course, someone at State could simply decide that auditing every 30th laptop for phoning home is too much work and risk, but even then they'd probaby only find a standard set of phishing tools and DOS zombie installs, rather than hostile foreign government spyware.

    Any congresscritter proposing legislation involving technology should have to show credit from MIT for a recent course in computing/electrical engineering.
  • Re:Old News (Score:1, Insightful)

    by Anonymous Coward on Friday May 19, 2006 @10:37AM (#15365401)
    Do you blame them?
    No, not at all. I'm reminded of typical adulterer behavior where they often suspect their spouse is as unfaithful as they are.

    Theres a better example than the SP2 scare. Like say 27 covert listening devices [wikipedia.org] planted in a Boeing 767 sold to China and to be used by their president.
  • by John_Booty (149925) <johnbootyNO@SPAMbootyproject.org> on Friday May 19, 2006 @10:38AM (#15365418) Homepage
    It seems rather shortsighted to single out Lenovo. It would make a lot more sense for government computers to pass some sort of actual security audit, rather than simply singling out a single manufacturer. Most IBMs were probably manufactured in China anyway, even before the sale to Lenovo.

    A large percentage of consumer eletronics are produced in China - if we're truly worried about the Chinese government spying on us through consumer electronics, why only care about a single brand?

    That was a rhetorical question, of course. Obviously the answer is: "political grandstanding in an election year"

    Still, this thing isn't totally without merit. After all, do we really want our government using computers manufactured by a company owned in part by the Chinese government? The American government has sabotaged other countries with software Trojan horses before [msn.com]. While I certainly don't believe that Lenovo Thinkpads have anything malicious lurking in the firmware, it's not totally impossible or anything.
  • by denissmith (31123) * on Friday May 19, 2006 @10:40AM (#15365431)
    I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it. Remember, Lenovo assembles these in this country and in Mexico, and the company has moved its headquarters here, and hired American executives, etc. If they got caught doing this HEADS WOULD ROLL. These people would all be guilty of spying or treason, so it wouldn't be quietly hidden away, they would face arrest, possible execution. These aren't products from a company where the Chinese government has direct control of operations, and design, specification and manufacture is worldwide.
  • 28% a minority? (Score:5, Insightful)

    by dkone (457398) on Friday May 19, 2006 @10:40AM (#15365437)
    I don't trust them.

    The article claims that the Chinese government owns a 28% stake in the company. At the end of the article a Lenovo spokesman says that the "government is only a minority stakeholder"

    Well call me naive, but look at the power our government has over influencing companies where they own 0%. ie.. the whole NSA call monitoring thing, DOJ over MS, etc... Not to mention we have a much 'nicer' government then Chinas.

    So I would hardly classify a government that owns 28% of a company a "minority stakeholder". Can you imagine the board meeting where the Lenovo CEO tell the "minority" stakeholder no.

    DK
  • by simonjp (970013) on Friday May 19, 2006 @10:42AM (#15365452) Homepage Journal
    I was going to write a long(-ish) reply, but decided against it - after all - it can be summed up easier: surely there are much weaker security issues than who made a laptop -- such as the user for example. Others have commented about windows. I say they should worry about education of their users rather than who made it.

    And surely the US can't talk back at people for spying on others considering recent news.
  • Re:Good policy (Score:5, Insightful)

    by Homology (639438) on Friday May 19, 2006 @10:47AM (#15365481)
    I believe US companies should be given preferential treatment by the US government for the following reasons:

    But when other states does the same, we hear outraged yapping from US about undermining "free market". Go figure.

  • Re:I Agree (Score:5, Insightful)

    by gatkinso (15975) on Friday May 19, 2006 @10:53AM (#15365518)
    While I would love to agree with you, I have to regretfully point out the fact that we long ago handed virtually any manufacturing capability to the Chinese and now have no choice but to buy from them and hope that they continue to fund our debt.

    However, they don't really have a choice anymore in the debt funding dept. They have to in order to insure the viability of their own investments.

    House of cards? Or is it a house of cheap plastic goods, motherboards, and US govt issued bonds? Either way....
  • by Opportunist (166417) on Friday May 19, 2006 @10:54AM (#15365526)
    Let's be reasonable here.

    The US government, in theory, should do what is beneficial to the US citizens. They're, after all, their employers, their reason to exist. Without them, they're as superfluous as the RIAA to music.

    So, the government should need no reason to reach for US manufactored goods and prefering them over foreign ones. For the simple sake of national commerce. Security aside, the US government is a non profit thing. Their "profit" is the well being of the US. And that isn't buying the cheapest products, the best deal for the US is their government buying at US companies.

    Just stand up and proclaim that you won't buy the Chinese laptops and instead buy (insert something that at least partly could be possible manufactured at least at SOME areas within the US). Not because China is evil, not because you don't trust them, simply 'cause the US government should first and foremost aid (and thus buy from) US based enterprises.
  • "Especially since all new Thinkpads have a fucking TCPA chip. Can you trust a chinese fabbed uber security module for critical national security purposes?"

    Wherever that TCPA chip was fabbed, it is almost guaranteed to come from the same source as those found in laptops from any other manufacturer.

    If there were ANY chips in the Lenovo that were built in China without a clear paper trail leading back to a non-Chinese supplier (or a Chinese supplier that isn't also selling chips to manufacturers that the government ISN'T freaking out about) then this would be justified. But it's an Intel CPU with an Intel northbridge/southbridge, Intel/ATI/NVidia graphics, the LCD is probably Japanese or South Korean just like nearly every other LCD on the market. The only place where Lenovo could backdoor the machines is in the BIOS (easy to audit) and in the OS (hire a sysadmin to nuke and repave).
  • by pivo (11957) on Friday May 19, 2006 @11:31AM (#15365822)
    Dells are manufactured in China, are they banned too? Lenovo has been making IBM laptops for years under the IBM name. Does the security risk depend on who's name is glued to the outside?

    "In politics, absurdity is not a handicap."
          - Napoleon Bonaparte
  • Domestic PCs ? (Score:3, Insightful)

    by Just Jeff (5760) on Friday May 19, 2006 @11:31AM (#15365823) Homepage
    For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!

    Does anyone really think that these PCs are "domestic?" They may not be made in mainland China, but they are certainly not made in the United states either.

  • by enjahova (812395) on Friday May 19, 2006 @11:32AM (#15365831) Homepage
    If you want to be reasonable you should take an introductory course in economics. Just because you are buying from the US does not mean you are automatically doing the best thing for the US economy.

    The concept is called relative advantage. Due to the situations being what they are, The US has been a leader in science and education for a while now, and China has lots of cheap labor. So the computer was first made by a handful of scientists in America, it was expensive as hell and there were very few of them. As the scientists better understood the computer and were able to commoditize its production it became cheaper and more accessible. Computers have now gotten to the point where they are pretty much a commodity, and manufacturing them at the cheapest cost is important inorder to meet the demand.

    So China has the relative advantage of manufacturing, while Americans are still the leader in business and software. If you really want to do something good for the US stand up and proclaim that you want better education systems! If we are going to lose status in the world economy it wont be because we are buying foreign products, it will be because we got fat and lazy.

    Just google Comparative Advantage if you want to know more about it.
  • Re:Dumb (Score:2, Insightful)

    by WindBourne (631190) on Friday May 19, 2006 @11:46AM (#15365945) Journal
    I am guessing Sun and Apple. This is a good opportunity for them to push not only secure systems, but perhaps secure OSs. Sadly, in the last 5 years, the feds have moved hard core to Windows.
  • by Anonymous Coward on Friday May 19, 2006 @11:46AM (#15365947)
    China should then cancel Boeing aircraft purchases because the US may plant bugs to spy. The whole word should stop using Windows OS because there are backdoors built in so the US can access foreign governments PCs. The list can go on...

  • by WebCowboy (196209) on Friday May 19, 2006 @12:24PM (#15366284)
    All other computer equipment manufactured in China must be removed too, by this reasoning.

    As I read this you're modded 5/insightful...Moderators on crack again...

    This reasoning means nothing of the sort. The distinguishing factor is that Lenovo is PARTLY OWNED BY THE CHINESE GOVERNMENT. Apple makes computers in China, as does Dell. However, in those cases there is NO owenership by ANY foreign governments, China or otherwise. This is important because since a foreign government can control the latter companies to disrupt supply of sensitive goods (cutting them off, or sabotaging them).

    This is standard Military policy: sensitive equipment of ANY kind cannot be supplied by ANY company that is partly or wholly owned by a foreign GOVERNMENT, and even private foreign ownership is restricted somewhat. As I mentioned in another post AMC had to sell AM General when Renault bought part of AMC because Renault was owned by the French GOVERNMENT, because the military wouldn't stand for relying on its supply of Hummers being influenced by the government of a foreign company.

    This includes keyboards, mice, USB hubs, and other PC equipment.

    Well although many are made in China, they are not made by companies owned by the Chinese government. If it really matters, a sizeable amount of this stuff is made in Taiwan (NOT recognised as part of Communist China) and other asian countries.

    Thank GOD the Blackberries are manufactured in Mexico! ..by a Canadian company ;) This is not an issue becasue RIM is not a Crown Corporation, not because it is not Chinese. If RIM was a Crown Corporation (government) then I'm sure use of blackberries by US government or military agents wouls also be restricted, or a special agreement would've had to be established.
  • by mpapet (761907) on Friday May 19, 2006 @12:37PM (#15366420) Homepage
    All comments I've seen fail to address the following:

    1. Securing Gov't contracts is a dirty business. If you don't have the resources, (people, money) to do the dirty work, then you are out. IBM has these things and they know better to keep them.

    2. I'd be very interested to hear some feedback on Lenovo's service levels versus IBM's. Based on my knowledge of Chinese tech industry, I predict there was a great deal less satisfaction. Along the way this fine specimen of a politician gets to make a little hay on their misfortune and inexperience. That's predictable and accepted human behavior.

    This has nothing to do with protectionism. It's about a once-venerated public agency brand (thinkpad) failing spectacularly.
  • Re:Old News (Score:3, Insightful)

    by SillyNickName4me (760022) <dotslash@bartsplace.net> on Friday May 19, 2006 @12:42PM (#15366470) Homepage
    The DOD has a nice series of books related to this subject, often called the rainbow series. You are specifically interested in the 'orange book' from it if you want to know a bit more about guidelines for building secure systems.

    Verifying the origin and production of hardware and software are definitely a part of those guidelines.
  • by WindBourne (631190) on Friday May 19, 2006 @12:50PM (#15366549) Journal
    Not really; They are pissed at him for treason (outing an active undercover agent), lieing(the coverups on the fact that it with the suggestion that he declassified the data; of course that was AFTER he said that he would throw the full force of the law at those responsible), and cowardice(finally, trying to allow others to take the fall as well as suggesting that he declassified it).

    It is obvious that he is the same person that he was in the 70's and 80's.
  • by LunaticTippy (872397) on Friday May 19, 2006 @01:25PM (#15366887)
    Nobody can look at an IC chip and read the traces inside.
  • by radtea (464814) on Friday May 19, 2006 @01:27PM (#15366909)
    On a more serious note, this is obviously a purely political step - but why?

    Because the U.S. is in the grip of a fairly major bout of xenophobia just now. This is something that overtakes all human groups every once in a while, where suddenly anyone who is remotely outside the mainstream is automatically suspect and "other".

    This kind of thinking can be seen all over the current immigration reform in the U.S., as well as border security generally. It creates massive distortions in thinking--for example, President Bush's proposal for a "tamperproof" ID for foreigners working in the U.S. only makes sense if you somehow mentally categorize outsiders in such a way that they are inherently different from Americans. Otherwise the obvious work-around of foreigners using fake American IDs is, well, obvious. Without this kind of unconscious mental distortion it is clear that foreigners are indistinguishable from Americans.

    We see the same kind of thinking amongst the people who say that various illegal and unconstitutional measures will only be used against "terrorists", as if that was an unabiguously distinct, knowable category of person. By reconceptualizing terrorists as inherently "other" they are able to perform this nasty mental trickery of reassuring themselves that only bad people will be affected by the draconian powers being granted spies and miliary officials, despite the glaring epistemological problems with such beliefs.

    In such a social climate, xenophobia has a lot of political value, and gestures of solidarity with the group (flag waving, declarations of patriotic feeling, signs posted on businesses declaring they hire only documented legal workers) are highly valued. Those things by themselves are relatively benign, but the flip-side is the tendency to demonize anyone outside of the group.

    Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.
  • by stinky wizzleteats (552063) on Friday May 19, 2006 @01:30PM (#15366932) Homepage Journal
    Did you ever have a kid in class when you were in elementary school who always complained that everyone was stealing his pencils? I bet that if you'd looked in his desk, you'd find stacks and stacks of stolen pencils.

    Perhaps the reason the State Department is concerned about sabotaged computers from overseas is because they are doing it.
  • by packeteer (566398) <packeteerNO@SPAMsubdimension.com> on Friday May 19, 2006 @01:40PM (#15367034)
    These computers DO pose a security risk and this is nothing new. The issue is not trojan software or keyloggers installed. What the state department does not want is to have to speak with someone in China for support. If you need to go to China for support then someone in china might know your network topology and what kinds of other security features are or are not in place. This also has nothing to do with it being from China and everything to do with it not being American. If the computers were made in France and you needed to call France for support they would not allow it.

    Remember that when they want security they dont just want security on a random 500 computers. Usually if they do any type of check it is to ALL the computers on a network. These systems are too critical to even let 1 key logger slip by.

Uncompensated overtime? Just Say No.

Working...