Are commie cybersnoops watching us?

CNET News.com's Charles Cooper says the latest row over Lenovo speaks volumes about how politics can trump common sense.

Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
Charles Cooper
4 min read
An interesting story crossed the wires earlier this week.

The Pentagon reported that the U.S. government has underestimated China's defense spending. The Defense Department now believes Beijing's military expansion is two to three times greater than the official estimates--a sign that military analysts interpret to mean China is working to change Asia's strategic balance.

Maybe so. As the world's fasting-growing economic superpower, China has the wherewithal to equip itself with the best military money can buy. None of this comes as a shock to Washington, where the political elites long ago recognized that America's historic dominance in the Asia-Pacific region would come under challenge. It's a manageable and still-profitable relationship, but the tensions sometimes bubble to the surface when you least expect it.
From the get-go, it was clear that Lenovo's Chinese connection was politically radioactive.

Case in point: the recent uproar that forced the State Department's retreat on plans to deploy personal computers made by Lenovo, the Chinese-owned company that last year acquired IBM's PC operations. The way this episode played out speaks volumes about how easily politics and paranoia can trump common sense, as well as computer science.

From the get-go, it was clear that Lenovo's Chinese connection was politically radioactive. Shortly after Big Blue announced the sale of its computer business to Lenovo in December 2004, Congressmen Henry Hyde, Duncan Hunter and Don Manzullo pressured the U.S. government to begin a review on national security grounds. That puzzled me. Didn't these guys read the papers? Nearly all U.S. computer companies outsource a big portion of their manufacturing to China. I suspect Messrs. Hyde, Hunter and Manzullo knew exactly what they were doing. What they wanted was attention, and they succeeded. Meanwhile, the deal eventually went through with Uncle Sam's blessing. But the story didn't end there.

Lenovo made the news again after Virginia Rep. Frank R. Wolf warned that the State Department's purchase of 16,000 desktops from Lenovo posed a security risk. In a letter he sent to Secretary of State Condoleeza Rice, Wolf warned against Chinese espionage programs stealing American secrets if the State Department used the Lenovo machines on its classified networks.

Wolf is not a politician to be trifled with. As chairman of the House subcommittee that funds the State Department--as well as the Commerce Department and the Justice Department--he has the clout to make life difficult for obstinate bureaucrats. The State Department decided it made no sense to pick a fight over this one issue. Besides, Rice already has enough on her plate and it's just as easy to use a computer from Dell, Hewlett-Packard or Acer (the "good Chinese"). The State Department still plans to use the Lenovo computers, just not in operations that it considers sensitive.

"It sounds to me like some Cold Warrior holdovers are just now discovering that computers are no longer made in the U.S., but that they mostly come from Asia," said computer security expert Richard Smith, who took a dim view of the supposed threat.

"Since spyware is easy to detect," he said, "it seems unlikely to me that anyone at Lenovo would cooperate in any way with efforts to spy on the U.S. government. The financial risks to the company would be too great."

The larger issue for security watchers like Smith is that the "AutoUpdate" feature, which is used to patch bundled software on Windows PCs, constitutes a back door. Any government agency doing classified work needs to devote extra effort to locking down Windows and reducing the network attack surface vulnerable to assault. But that's not as sexy as the bogey image of a commie cybersnoop.

When I called Wolf's office, his press spokesman said the congressman had no specific knowledge about compromised Lenovo computers. He said Wolf based his assessment of "the depth of the Chinese government's spying in the U.S." on security concerns raised by the U.S.-China Economic and Security Review Commission. Congress set up the commission six years ago to report on the national security implications of the bilateral trade and economic relationship between the two countries.

So I got in touch with Michael Wessel, one of the commission members, who offered a more nuanced picture. Wessel said the bigger problem centered on the sequence of the purchase announcement. Prior to shipment, the State Department revealed that the Lenovo computers would be earmarked for use on a security-sensitive network. And that set off red flags for the commission.

"These computers were identified in terms of where they would be located," Wessel said. The State Department "is an identifiable intelligence target. The fact that it's Lenovo, with its (connections to the Chinese government), raises questions."

China does fund an ongoing effort to infiltrate U.S. computer networks. But that's a different story. For the record, Wessel acknowledged the commission had no proof that Lenovo had rigged its machines with spyware or any other sort of security back door. The concerns about Lenovo still remain theoretical. In fact, if the government changes its procurement process, Wessel believes Lenovo computers might find their way into networks now considered off-limits.

After all the phony Sturm und Drang around this issue, that would be a headline I'd one day love to see.