How US businesses arm China with cyberweapons
American companies are giving Chinese authorities access to hacking know-how
Ten years ago, while visiting International Business Machines' software research lab in Beijing, I observed dozens of Chinese employees moving about seemingly free of any securityrelated limitations.
I asked the lab's manager two questions:
"Do you have any way of knowing whether any of your Chinese staff is also working for the Chinese government?
"Do you have any way of knowing whether any of your Chinese staff is a spy?"
The manager unhesitatingly answered "no" to both.
He hastily added: "But you can be sure that we at IBM work very hard to protect our core intellectual property."
This episode could occur at any of the many US corporate facilities in China. It highlights an underreported feature of recent cyberattacks: much of China's hacking power was Made by the USA. For decades, US-owned technology giants have set up state-of-the-art factories, laboratories and training programmes in China. Their aim was to use a super-cheap, lightly regulated production base to supply Chinese and world markets, and to harness Chinese scientific talent.
Chinese authorities demanded some technology as the price of access to their market. Yet most transfers were made voluntarily to Chinese partners. China's hacking prowess made clear that, as critics warned, the government and military benefited from widespread sharing of know-how directly applicable to spying, sabotage and theft of business secrets.
Paradoxically, the first known victims of China's US-enabled cybercapacities were Chinese citizens. These include dissidents who were tracked with technology sold by Cisco Systems and Yahoo, as well as ordinary people whose online content has been censored with products provided by Microsoft and Google.
Those four companies, and many others, still supply official Chinese customers with capabilities easily used against US government or business targets. These companies also continue to strengthen the technology base of a country designated by the US defence department as the greatest potential foreign threat to US security.
Cisco, for example, says its goals include maintaining "close relationships with government" and notes that the regime's "goodwill" is important for operations, "enforcement", sales and policy. IBM touts its capacity to "improve the way government" works, "solve problems and challenges in public administration". Microsoft considers itself "a partner in developing the local IT ecosystem with the Chinese government".
Like IBM, companies such as Cisco, Hewlett-Packard, Intel, Google, Microsoft, Oracle and Yahoo have established large research centres in China. Thousands of engineers are working to develop capabilities that could easily be used for cyberwarfare.
Finally, US-owned companies have nurtured Chinese talent.
US President Barack Obama's new cyberdefence programme can help safeguard US security and commercial secrets. But its effects will be limited if American companies continue to shower China with hacking-related know-how. Significant new restrictions must replace today's failed security controls.
Bloomberg Alan Tonelson is a research fellow at the US Business and Industry Council.