China Threat to Telecoms Cited in EU Parliament Draft Resolution

• European assembly plans to warn about risks to 5G networks
• Initiative reflects growing Western concerns about Chinese Huawei spying

By Jonathan Stearns and Alexander Weber

The European Parliament plans to add its voice to growing concerns in the Western world about alleged security threats posed by Chinese telecommunications companies such as Huawei Technologies Co. and ZTE Corp.
The European Union assembly will stress the need for the bloc to protect the next generation of wireless networks, known as 5G, from intruders and to bolster cybersecurity defenses in general, according to the draft of a resolution slated for a vote on Tuesday in Strasbourg, France.
In the draft, the 28-nation Parliament “expresses deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorized access to private and personal data and telecommunications from the EU.”
The assembly “is equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years,” according to the text.
The EU’s increasing alarm about technology-related security risks from China follows U.S. revelations that Huawei enables Chinese espionage and calls for European allies to avoid partnering with the company.
Western jitters have mushroomed since a 2017 Chinese law requiring organizations and citizens to support national-security investigations.
The draft EU Parliament resolution, drawn up by four of the assembly’s main political groups including the No. 1 Christian Democrats and second-ranking Socialists, says European authorities should develop a certification system for 5G equipment to enhance its security.
“If there’s the slightest suspicion that Trojan horses end up in critical infrastructure due to Chinese technology, all alarm bells should ring,” Markus Ferber, a German member of the assembly’s Christian Democratic faction, said by email on Monday. 

“The EU has to make sure it becomes more independent from third countries when it comes to infrastructure and central technologies.”

China grabbed American as spy wars flare

A focus on Russia overshadows Beijing's aggressive tactics, including the kidnapping of a suspected American operative.
By ALI WATKINS


Both Chinese and U.S. officials kept quiet about the previously unreported incident, described to POLITICO and confirmed by multiple U.S. officials.

The sun was setting over Chengdu when they grabbed the American.
It was January 2016.
The U.S. official had been working out of the American consulate in the central Chinese metropolis of more than 10 million.
He may not have seen the plainclothes Chinese security services coming before they jumped him.
In seconds he was grabbed off the Chengdu street and thrown into a waiting van.
The Chinese officials drove their captive — whom they believed to be a CIA officer — to a security facility where he was interrogated for hours, and, according to one U.S. official, filmed confessing to unspecified acts of treachery on behalf of the U.S. government.
It wasn’t until the early morning hours of the following day that other U.S. officials — who were not immediately informed by their Chinese counterparts of the consular official’s capture — arrived to rescue him.
He was eventually released back to their custody and soon evacuated from the country.
Both Chinese and U.S. officials kept quiet about the previously unreported incident, described to POLITICO and confirmed by multiple U.S. officials.
But it threatened to spill into an international incident in the early days of the 2016 presidential campaign.
U.S. officials strongly protested the abduction to their Chinese counterparts and, according to one official, issued a veiled threat to kick out suspected Chinese agents within the U.S.
U.S. officials consider the abduction an unusually bold act in a long-simmering spy game between Washington and Beijing, one recently overshadowed by a newly aggressive Russia.
But U.S. officials and China experts say the two countries are engaged in an espionage battle that may be just as fierce, if far less publicized.
“The Chinese have not gone away,” one counterintelligence official who recently left government said.
“The things going on with Russia right now really have distracted from China.”
POLITICO spoke with more than half a dozen current and former national security officials for this story.
Almost all requested anonymity to more freely discuss sensitive intelligence matters.
China’s ongoing espionage within the U.S. was clear at a July pre-trial hearing at a Washington courthouse for former CIA officer Kevin Mallory, charged in June with passing at least three top secret U.S. government documents to a Chinese intelligence operative in exchange for $25,000 in cash.
“Your object is to gain information, and my object is to be paid for it,” prosecutors said the 60-year-old Mallory, then a government contractor, wrote in a message to a Chinese agent.
During the packed hearing, Mallory, who sat quietly in a dark jumpsuit, showed little emotion as prosecutors played a recording of a phone call he made to his family in which he frantically directed his children to find a device on which he stored information, including CIA material, for his Chinese contacts.
On the recording, Mallory can be heard worriedly shushing his son as the boy begins to describe the device—perhaps out of well-grounded fear that federal investigators might be listening.
Government witnesses testified that data Mallory allegedly stored on the device was sensitive enough to compromise critical U.S. intelligence gathering inside China—and specific enough to reveal and gravely endanger U.S. sources there.
The CIA and State Department declined to comment.
Some officials and China experts said Beijing uses a softer touch in its espionage.
Where Moscow stomps, Beijing tiptoes — focusing heavily on the theft of economic secrets and making no known effort to influence U.S. electoral politics.
China is an uneasy partner for the U.S. — particularly as Donald Trump seeks Beijing’s help in taming North Korea’s nuclear program.
And American corporations that care little about Russia’s stunted economy want good relations with China’s potential market of more than 1 billion consumers.
“It’s a much more sophisticated effort than Russia’s,” Daniel Blumenthal, a China expert at the American Enterprise Institute and a former commissioner of the U.S.-China Economic and Security Review Commission, said of Chinese spying.
“They’re stronger, they’re more ambitious, they’re more powerful. And there are more U.S. stakeholders who want a positive relationship with China.”
Mallory is just one of two U.S. government employees charged this year with passing U.S. state secrets to China.
The other, 60-year-old Candace Marie Claiborne, was a State Department veteran whose postings included Beijing and Shanghai.
A March federal indictment charged her with accepting tens of thousands of dollars in cash and gifts from Chinese officials, including a laptop computer and international vacations, in return for U.S. government documents on U.S.-China economic relations.
U.S. officials interviewed by POLITICO said that, while visiting China, their colleagues are often “pitched,” or approached by Chinese intelligence operatives trying to recruit them.
Chinese efforts to recruit spies expand far beyond U.S. government employees. 
In a 2014 counter-recruitment video, titled “Game of Pawns,” the FBI tells the story of Glen Duffie Shriver, who as a U.S. student in Shanghai struck up a relationship with a woman he eventually discovered was a Chinese government operative.
Shriver took $70,000 from the woman as he sought a U.S. government job that would give him access to secret information he could pass to his handlers. 
He was sentenced to four years in prison.
“We live in a very sheltered society," Shriver says in the video.
"And when you go out among the wolves, the wolves are out there."
One former U.S. official said the cases show the way Chinese intelligence services, which long sought to appeal mainly to Chinese-Americans, are now recruiting from a far broader pool.
“The way the Chinese have gotten more aggressive is, they’ve looked at recruiting more than just ethnic Chinese,” one Obama-era National Security Council official said.
Officials and experts are especially concerned about China’s 2015 hack of the Office of Personnel Management, which saw the theft of personal data from millions of U.S. federal workers.
That information went well beyond Social Security numbers or birthdays—officials confirmed that China-linked hackers accessed troves of “SF-86” forms.
That extensively detailed document—required for government employees seeking a security clearance—includes everything from relationships to the month-by-month minutia of a personal history.
The scope and detail of the files may serve as a kind of recruitment road map for years, Michelle Van Cleave, former director of the Office of the National Counterintelligence Executive, said at a U.S.-China Economic and Security Review Commission hearing this summer.
“The threat will grow as a result of their successes against us, because of the integration of those cyber successes and their human espionage capabilities,” Van Cleave said.
“I'm looking at what was lost through the OPM breach ... and I'm saying this is, this is staggering. This is staggering.”
The snatching in Chengdu is an extreme illustration of current and former officials' description of intense surveillance of Americans by Chinese security authorities in China.
The officials described how their rooms or belongings were “tossed” — searched by Chinese operatives — while they were staying in the country.
“They were as fundamentally aggressive in their activity [as the Russians],” one former U.S. diplomatic official told POLITICO.
Calling China’s approach more “subtle” than Russia’s, he added: “They always knew what we were doing and where we were.”

U.S. 3.8 Million Chinese Spies

This Is How Chinese Spying Inside the U.S. Government Really Works
By Peter Mattis

The Department of Justice on March 29 unsealed a criminal complaint against Candace Claiborne, an office-management specialist with the U.S. Department of State, who is now facing charges related to concealing a relationship with Chinese intelligence. 

The extended fifty-nine-page affidavit catalogues Claiborne’s relationship with the Ministry of State Security, or MSS, China’s civilian intelligence service.

The MSS is a sprawling organization centered in Beijing. 

It has provincial departments and municipal bureaus all over the country. 

The central ministry does run intelligence operations, but the subnational departments and bureaus almost certainly include most of the ministry’s personnel. 

The main task of these departments is to protect state security inside their operational jurisdiction. However, some of them also run operations against foreign targets to support national policymakers.
The MSS unit with which Claiborne became involved was the Shanghai State Security Bureau (SSSB). 

Largely unknown outside of the small group of people who look at Chinese intelligence operations, the SSSB has surfaced only a few times in public. 

In 2009, the SSSB raided the China offices of Australian mining firm Rio Tinto. 

The office director, Stern Hu, came under investigation, because his aggressive approach to investment cost the Chinese government and state-owned enterprises several hundred million dollars. A year later, the FBI arrested Glenn Duffie Shriver, who applied to work at the State Department and CIA in exchange for $70,000. 

The SSSB recruited Shriver in Shanghai when he responded to an essay contest on U.S.-China relations and encouraged him to take a position in the U.S. government.
The affidavit reveals that the SSSB can operate all over China and the world, not just in Shanghai. 

In communications with Claiborne, her SSSB contacts—identified only as Co-Conspirator B and Co-Conspirator C—offered to meet her in Beijing as well as any third country if and when she left the United States. 

Co-Conspirator B also made references to business trips in Italy and Africa.
Despite the possibility of meetings anywhere, the case still exhibits the China connection that is distinctive of nearly every espionage case. 

The SSSB’s spotting and assessing work most likely took place in China. 

The affidavit states that Claiborne knew the SSSB officers at least since 2007 if not before. 

In 2007, Claiborne was stationed in Buenos Aires and had been away from China for two years. 

Her second tour in China was at the U.S. Consulate General in Shanghai from 2003–05.
The SSSB also operates with some unusual cover arrangements that suggests in some cases individual officers develop their own cover. 

Some of the normal MSS covers inside the country include unnamed, numbered government offices (e.g. Shanghai Municipal Government Office number seven), think tanks and businesses. 

Co-Conspirator B operated an import-export company, and he also owned a spa and a restaurant. 

In addition to allowing Co-Conspirator B to appear as ordinary businessman, these businesses were used to provide employment to Co-Conspirator A. 

The affidavit does nothing to describe Co-Conspirator C apart from his SSSB affiliation.
A caveat on Co-Conspirator B’s cover arrangements perhaps is in order. 

He may be what the affidavit calls a “cut out” or a “co-optee” of the SSSB. 

The affidavit describes this role in some detail as part of the background but it is mentioned nowhere else. 

The affidavit states “A cut-out or co-optee is a mutually trusted person or mechanism used to create a compartment between members of an operation to enable them to pass material and/or messages securely. A cut-out or co-optee can operate under a variety of covers, posing as diplomats, journalists, academics, or business people both at home and abroad. These individuals are tasked with spotting, assessing, targeting, collecting, and running sources.” 

Co-Conspirator B could easily be a co-optee from the description of him and his business activities. His role in handling Claiborne fits completely within the above definition, and the affidavit contains nothing to clarify his position.

Co-Conspirator A and his relationship with Claiborne illustrates the creative ways in which the MSS will develop emotional leverage over an agent. 

The affidavit does little to describe Co-Conspirator A apart from making it clear that the young man is someone important to Claiborne, probably a relative, because he lived with her in China from 2001–05. 

Her relationship with the SSSB was not simply an exchange of money for information, of dollars for documents. 

Much of the money dispensed by the SSSB went to pay for Co-Conspirator A’s college tuition, provide him with work, a furnished apartment, and pay for his travel rather than Claiborne directly. 

In several different emails, she told Co-Conspirator A to extricate himself of his relationship with the SSSB, because she did not want herself or him to continue to be indebted to Chinese intelligence.
Building a relationship with an agent almost appears to more important than collecting intelligence information. 

The SSSB paid out “tens of thousands of dollars in gifts and benefits” to Claiborne and Co-Conspirator A, but the return appeared minimal. 

For example, in 2011, at least four years into the relationship, the SSSB tasked Claiborne with gathering internal evaluations of the U.S.-China Strategic and Economic Dialogue. 

They specifically wanted to know about Chinese yuan exchange rates and what pressures Washington would be prepared to bring if China’s adjustments were insufficient. 

The SSSB officers complained of one of Claiborne’s responses that “It is useful but it is also on the Internet. What they are looking for is what they cannot find on the Internet,” believing that the publicly available information was not necessarily representative of U.S. government thinking.
There is little exotic in how the SSSB handled Candice Claiborne if the case ultimately holds up in court as described. 

They built psychological leverage through Co-Conspirator A. 

They exploited Claiborne’s greed through small payments and the promise of more—she believed the SSSB could pay as much as $20,000 per year. 

The only thing strange appears to be the callousness with which the SSSB treated her concerns about security and the seeming absence of any plans to end the relationship productively. 

Countering Chinese intelligence, then, is not about a dramatic departure from past practice, but rather a commitment to counterintelligence fundamentals and professionalism.

Facebook Must Stay Out of China

A Faustian pact with Beijing would almost certainly make user behavior around the world visible to Chinese state security.
BY CLAY SHIRKY, ANDREW MCLAUGHLIN, KAISER KUO

Facebook has reportedly developed software to suppress posts from users’ feeds in targeted geographic areas, a feature created to help the giant social media network gain access to China, where it is blocked. 

Facebook CEO Mark Zuckerberg has long been courting China’s leaders, studying Mandarin, and talking with Chinese internet executives. 

How far should he and his company go in order to grow? 

And at what expense? 

—The ChinaFile Editors

Clay Shirky, global network professor, New York University’s Shanghai campus:
Facebook shouldn’t do this. 

Although the tool, as described, copies some industry norms — Facebook would suppress messages inside China but show them outside — it comes nowhere near what Beijing would demand for re-entry. 

At the same time, those additional conditions would make any deal not worth the cost, either ethical or financial.
Though the U.S. press often writes as if the principal goal of Chinese censorship is blocking information from the United States, the Chinese Communist Party is far more worried about its own citizens. 

This is why seemingly innocuous platforms such as Instagram and Tumblr are blocked; it isn’t what U.S. teenagers would post that worries the Chinese Cyberspace Administration, and those concerns would shape any Facebook deal as well.
Hiding selected posts from outside China would not meet the bare minimum of Beijing’s requirements for citizen surveillance. 

Facebook would have to keep data on those users on servers in Beijing and grant the government direct access. 

Offending posts by Chinese users would have to be suppressed worldwide, not just in China. (Users in Anqing would not be allowed to share posts about corruption with students in Ann Arbor.)
That’s just the geographic controls.
Beijing would demand that censorship follow Chinese citizens internationally.

They do something like this today with SIM cards, which include data headers that identify country of origin. 

Chinese SIMs are subjected to Chinese censorship, whether the user is in Dalian or Dusseldorf. (This is why Chinese mobile plans have such advantageous international rates; cheap roaming means users often don’t bother to get local SIM cards, allowing censorship to follow them worldwide.)
And the situation is not static. 

Under the bland banner of “stability maintenance,” social media regulations have been coordinated, onerous, and monotonically restrictive. 

The chop would not be dry on any contract with Facebook before it had to be renegotiated.
Against these costs, the chance that Facebook would be allowed to succeed in China is zero. 

As tech blogger Ben Thompson wrote about the ride-hailing service Uber’s failure in the country, “I’ve simply seen no way that the government tolerates foreign ownership of something as foundational as transportation infrastructure.” 

That is true of media as well, especially media Chinese citizens use to communicate and coordinate with one another.
Two decades after the ICQ messaging service launched, there is not one example of foreign social media succeeding there — not Google, not Instagram, not WhatsApp, not Twitter. 

The closest example, LinkedIn, is a business service with no threat of wide adoption and has roughly the same number of users in China and the U.K., a market 5 percent its size. 

Even Apple, selling a luxury product whose software cannot be separated from its hardware, has not been able to maintain its online services — China blocks iTunes, iBooks, and News.
The ruling Communist Party appears convinced — correctly, in my view — that freedom of speech and assembly threaten single-party rule. 

In addition, censorship is a good source of mercantile protection. 

The idea that politics differs from economics does not resonate strongly in Beijing; the ability to provide a competitive advantage to local firms is a political tool, offering the very entrepreneurs who might push for global connectivity the consolation prize of the largest market in the world.
I understand why Facebook wants this. 

It has traded as a growth stock since 2012, but user acquisition is slowing. 

Access to China would allow it to postpone that reckoning by a few years. 

But any Chinese presence would be token, negotiated more to reduce an irritant than to allow real access. 

The “some conversation is better than no conversation” argument Facebook has been making for years now simply wouldn’t hold up under the terms demanded by the party.

Andrew McLaughlin, technology executive:
Though it has been evident for years that Mark Zuckerberg really, really wants Facebook to operate in China, I’m genuinely surprised that the company appears, finally, to have made the decision to do it.
I’m surprised for two big reasons:
First, Facebook will have to facilitate Chinese spying on non-Chinese users. 

To operate in China, Facebook will have to comply not only with the party’s onerous censorship demands but also with its user surveillance requirements. 

Through a multi-layered latticework of necessary operating licenses, the Chinese authorities require social networks and providers of messaging services — Facebook is both — to be willing and able to turn over user data, including account details and the contents of posts and private communications.
Doing the bidding of China’s state security apparatus will put Facebook in a position of collaboration that goes far beyond what any prominent U.S. tech company has agreed to. 

The contrast with Google is instructive. 

In 2006, Google entered China as a search engine — an “internet content provider,” in the taxonomy of Chinese regulators — but deliberately excluded from its China-licensed sites any services that entailed individual user data or private communications. 

In that way, Google subjected its China-directed search engine to censorship requirements but avoided any obligation to comply with surveillance requests from a government prone to human rights violations. (Beyond an abstract revulsion at the prospect of assisting political persecution, we had watched with horror the imprisonment of Chinese journalist Shi Tao after Yahoo’s Hong Kong subsidiary handed over to Beijing the contents of his email account.)
But that’s not even the worst of it. 

The very nature of a social network means that updates and communications written by non-Chinese users will become visible to Chinese security services.

A Facebook user’s newsfeed is the set of updates and shares posted by her/his friends, including many written by friends of friends. 

If a non-Chinese user has a Chinese friend — or, given how Facebook works, even a Chinese friend of a non-Chinese friend — anything that non-Chinese user posts to Facebook could be read by Chinese state security. 

Likewise, if a Chinese user likes or comments on a post by a non-Chinese user, that entire thread becomes attached to the Chinese user’s account and thus subject to Chinese governmental examination.
Because of the permeable, fluid, and semi-public sharing dynamics inherent to Facebook, I can think of no technical or policy means by which the company’s Chinese subsidiary could shield non-Chinese users’ posts, comments, likes, and shares from disclosure to Chinese state security.
Second, there is little chance Facebook can actually succeed in China. 

Even if the Chinese government would permit a foreign tech company to win in a space as important as social networking (and past experience strongly indicates it will not), Chinese users have exhibited strong disinterest in local Facebook knockoffs, and there is little reason to think a foreign player will fare any better.
From eBay to Amazon to Google to Uber, the Chinese government’s initial red-carpet welcomes to Silicon Valley companies have invariably morphed into grinding wars of attrition in which local competitors collude with officials and regulators to ensure the foreigners’ long-term market failure. 

Plus, Facebook will have to surrender a large degree of control over its Chinese service to whatever local partner ends up owning 51 percent of the licensed Chinese entity, as required by Chinese law. 

The experiences of other Silicon Valley entrants indicate that those kinds of joint ventures most often end in frustration and acrimony. (It’s plausible, but too early to conclude, that LinkedIn will prove the exception to that rule.)
I’m surprised, in short, that Facebook would risk sparking outrage and reputational damage among its non-Chinese users (for crossing a line of collaboration that would render their posts, comments, likes, shares, and private messages vulnerable to Chinese government spying) in order to take a crack at a market in which it’s highly unlikely to succeed.

Kaiser Kuo, host, The Sinica Podcast:
Given China’s increasingly strict internet censorship, it should surprise no one that any re-entry by Facebook would be conditional not only on the company’s acquiescing to censorship but also on its demonstrating the ability to carry it out to Beijing’s satisfaction. 

Equally if not even more troubling would be the requirement, all but inevitable, that Facebook store Chinese user data on servers in China, making that data accessible to Chinese courts and law enforcement. 

Even if Beijing deigns to allow Facebook a presence in China, Facebook will face a firestorm of criticism from human rights and data privacy activists.
It will defend its decision by invoking the same logic that U.S. proponents of engagement have always deployed. 

Some connectivity is surely better than none, which is essentially what Facebook has today: a tiny, inconsequential handful of China’s more than 700 million internet users are regular users of platforms like Facebook or Twitter. 

Facebook probably won’t make its case by suggesting that connecting China will bring about political change; it was, after all, suspicion of that sort of thing that got it blocked in the first place. 

It may instead point to the inherent good in connectedness and note the evil — mistrust and misunderstanding — that arises in its absence. 

All this justifies compromise.
Google faced a similar dilemma when it decided to enter China in early 2006. 

But the moral calculus has shifted in the intervening decade. 

Google may have been viewed with suspicion even then, but now — after various Color Revolutions and Arab Spring uprisings with the names of U.S. internet properties conveniently appended to them by the U.S. media — Beijing will exact far greater compromise. 

China blocks far more foreign websites, and blocks them more aggressively, than it did then. 

Chinese users have excellent alternatives: social media platforms where their friends already are. 

They aren’t clamoring for Facebook, and those who want it have little trouble hopping the Great Firewall to get to it: Nationalists bent on trolling pro-independence Taiwanese celebs hopped the wall in droves this past summer, after all. 

So Facebook has little leverage to speak of; it will play by Beijing’s rules or not at all.
Indeed, Facebook’s only real card is the public relations value to Beijing of letting the company in: “See? All that nonsense about censorship was clearly overblown.”

But it’s not. 

One of the regrettable effects of our use of the “Great Firewall” as a metonym for Chinese internet censorship is that too many people equate censorship with the blocking of sites such as Google, Facebook, Twitter, and YouTube. 

In fact, the censorship of domestic Chinese sites is far more onerous and impacts a far greater number of users. 

That won’t change with a Facebook entry.
Whatever your posture toward Facebook for its willingness to compromise on freedom of expression in the name of engagement and greater global connectivity, the unblocking of Facebook to users in the People’s Republic of China, should it come to pass, must not be construed in any way as a loosening of censorship.

Sina Delenda Est

U.S. panel urges probe on whether China weakening U.S. militarily
By David Brunnstrom | WASHINGTON

A U.S. advisory commission warned on Wednesday that China's growing military might may make it more likely to use force to pursue its interests and called for a government probe into how far outsourcing to China has weakened the U.S. defense industry.
The annual report of the U.S.-China Economic and Security Review Commission pointed to a growing threat to U.S. national security from Chinese spying, including infiltration of U.S. organizations, and called on Congress to bar Chinese state enterprises from acquiring control of U.S. firms.
The release of the report to Congress comes a week after Donald Trump won the U.S. presidential election. 

Trump, an outspoken Republican who has vowed to take a tougher line in trade and security dealings with China than Barack Obama, will take office on Jan. 20.
The panel is a bipartisan body set up in 2000 to monitor the national security implications of the U.S. trade and economic relationship with China and to make recommendations to Congress for legislative and administrative action.
Its report also called on Congress to back more frequent U.S. Navy freedom-of-navigation operations in the South China Sea, one of the world's busiest trade routes where China's building of artificial islands with military facilities has raised concerns about future freedom of movement. 

Beijing and its neighbors have conflicting territorial claims there.
The commission said ongoing reforms of the People's Liberation Army would strengthen Beijing's hand and noted that China was close to completing its first domestically produced aircraft carrier.
"China’s pursuit of expeditionary capabilities, coupled with the aggressive trends that have been displayed in both the East and South China Seas, are compounding existing concerns about China’s rise among U.S. allies and partners in the greater Asia," the report said.
“Given its enhanced strategic lift capability, strengthened employment of special operations forces, increasing capabilities of surface vessels and aircraft, and more frequent and sophisticated experience operating abroad, China may also be more inclined to use force to protect its interests,” it said.
The panel said that U.S. responses to the threat from Chinese intelligence gathering had suffered from a lack of a coordinated effort by U.S. intelligence agencies.
It said Congress should also direct the U.S. Government Accountability Office to prepare a report "examining the extent to which large-scale outsourcing of manufacturing activities to China is leading to the hollowing out of the U.S. defense industrial base."
"This report should also detail the national security implications of a diminished domestic industrial base (including assessing any impact on U.S. military readiness), compromised U.S. military supply chains, and reduced capability to manufacture state-of-the-art military systems and equipment," it said.
The commission's report also recommended that Congress call on the U.S. State Department to produce educational materials to alert U.S. citizens overseas and students going to China to the dangers of recruitment efforts by Chinese agents.

Chinese Spying

Secret Backdoor in Android Phones Sent Data to China

By MATT APUZZO and MICHAEL S. SCHMIDT

Security contractors recently discovered preinstalled software in Android phones that monitors where users go, whom they talk to and what they write in text messages. 

WASHINGTON — For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.
Security contractors recently discovered preinstalled software in Android phones that monitors where users go, whom they talk to and what they write in text messages. 

The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.
International customers and users of disposable or prepaid phones are the people most affected by the software. 

But the scope is unclear. 

The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. 

One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature.
Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. 

The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. 

“Even if you wanted to, you wouldn’t have known about it,” he said.
Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. 

It was not a bug. 

Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said.
“This is a private company that made a "mistake",” said Lily Lim, a lawyer in Palo Alto, Calif., who represents Adups.
The episode shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers. 

It also offers a look at one way that Chinese government can monitor cellphone behavior. 

For many years, the Chinese government has used a variety of methods to filter and track internet use and monitor online conversations. 

It requires technology companies that operate in China to follow strict rules. 

At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. 

Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. 

Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. 

Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. 

That did not happen with the Adups software, Kryptowire said.
According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. 

Both are based in China.
Samuel Ohev-Zion, the chief executive of the Florida-based BLU Products, said: “It was obviously something that we were not aware of. We moved very quickly to correct it.”
He added that Adups had "assured" him that all of the information taken from BLU customers had been "destroyed".
The software was written at the request of an unidentified Chinese manufacturer that wanted the ability to store call logs, text messages and other data, according to the Adups document. 

Adups said the Chinese company used the data for customer support.
Ms. Lim said the software was intended to help the Chinese client identify junk text messages and calls. 

She did not identify the company that requested it and said she did not know how many phones were affected. 

She said phone companies, not Adups, were responsible for disclosing privacy policies to users. “Adups was just there to provide functionality that the phone distributor asked for,” she said.
Android phones run software that is developed by Google and distributed free for phone manufacturers to customize. 

A Google official said the company had told Adups to remove the surveillance ability from phones that run services like the Google Play store. 

That would not include devices in China, where hundreds of millions of people use Android phones but where Google does not operate because of censorship concerns.
Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. 

“People who have some technical skills could,” Mr. Karygiannis, the Kryptowire vice president, said. “But the average consumer? No.”
Ms. Lim said she did not know how customers could determine whether they were affected.
Adups also provides what it calls “big data” services to help companies study their customers, “to know better about them, about what they like and what they use and there they come from and what they prefer to provide better service,” according to its website.
Kryptowire discovered the problem through a combination of happenstance and curiosity. 

A researcher there bought an inexpensive phone, the BLU R1 HD, for a trip overseas. 

While setting up the phone, he noticed unusual network activity, Mr. Karygiannis said. 

Over the next week, analysts noticed that the phone was transmitting text messages to a server in Shanghai and was registered to Adups, according to a Kryptowire report.
Kryptowire took its findings to the United States government. 

It plans to make its report public as early as Tuesday.
Marsha Catron, a spokeswoman for the Department of Homeland Security, said the agency “was recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies.”

Kryptowire is a Homeland Security contractor but analyzed the BLU phone independent of that contract.
Mr. Ohev-Zion, the BLU chief executive, said he was "confident" that the problem had been resolved for his customers. “Today there is no BLU device that is collecting that information,” he said.