what?

First 2020 Presidential Debate: WTF Was That?

2020-09-30T16:28:00.001-04:00

I am still trying to wrap my American brain around whatever happened last night in the context of the nationally-humiliating circus sadly billed as the first Presidential debate of 2020.

CNN’s Jake Tapper, appearing shaken, aghast even, summed it up immediately after the shameful spectacle ended: "That was a hot mess, inside a dumpster fire, inside a train wreck."

I am embarrassed, even ashamed, for my country, for our people. I am incensed. I am worried, indeed, frightened, for my family and loved ones, for our increasingly-fragile Republic.

I’ll admit to having been unnerved in the early moments of what became a verbal schoolyard mud-fight when Biden declared “I am the Democratic Party.” But that was a gaffe, not a hijacking.

And, as much as I believe a President deserves respect and ought not be called a “fool” or a “clown” or be told to “shut up,” honestly, how many of us watching weren’t thinking the same things?

All in all, I admired Biden’s dignity. It's astounding that he managed to retain his train of thought as Trump blustered, lied, attacked. Indeed, Biden demolished Trump’s spin that he is mentally failing.

Trump was vile. He spewed venom, lied, preened, interrupted, broke debate rules, whined, bullied, vomited insults, endorsed hate, legitimized terrorist supporters, incited violence.

He was disgraceful. He demeaned the Office. He outlined no policies, no platform, no plans, no empathy for the plight of everyday Americans; sick, scared, unemployed, desperate.

Trump seems to have reconciled himself to not gaining a majority of voters. There was zero effort to reach beyond his base, rather, like a tinpot despot, he focused on further radicalizing them.

Indeed, he seems to have no intention of “winning” the vote. He knows he can’t. Rather, he aims to disrupt the election, contest the results, and let the newly-stacked Supreme Court bless his coup.

He displayed his full and gross narcissistic, heartless, deranged persona in rich plumage last night. Our 243-year-old Republic is at stake. Global stability is at stake. Please vote Biden.

Amy Coney Barrett: Put Her to the Test

2020-09-29T16:06:00.004-04:00

Watching the Grifter-in-Chief and his Senate minions jamming a new Supreme Court Justice down America’s collective throat has had me thinking that Senate Democrats should just boycott the whole confirmation hearing charade.

Until today.

With the first 2020 Presidential debate mere hours away, and the future of our nation very much at stake, I’m now thinking that there is perhaps a better approach for Democrats to take in terms of the equally-pivotal Supreme Court confirmation process.

Let’s start by ruling out hearing tactics that might try to sully her character or damage her integrity. And don’t question her Catholic faith or her “People of Praise” membership. Indeed, Dems should acknowledge that, by all or most accounts, she’s a fine human being and a legal scholar.

So, how about plumbing her jurisprudential knowledge; seek her guidance on interpretation of various elements of the Constitution; tap her wisdom related to actual legal definitions, or her opinions on already-public matters and cases? The American people will be watching and learning.

For instance, perhaps ask her to explain the emoluments clause in the Constitution.

Once she has, keeping things matter-of-fact, ask for her legal opinion regarding a real-life situation, such as: If a president refused to divest herself of her properties and, in fact, steered hundreds of millions of taxpayer dollars to her properties, would this violate the emoluments clause?

Drill a little deeper perhaps: Putting aside the obvious compromise of national security, ask: If a President declined to detach herself from a global business empire – leaving her deeply commercially-engaged with foreign governments, including with clear financial gain – would that violate the clause?

The emoluments violations list is endless, but it’s always good to mix things up, so…

Perhaps Barrett could be asked to explain the Hatch Act. You know, the 1939 law that “prohibits civil service employees in the executive branch of the federal government, except the president and vice president, from engaging in some forms of political activity.”

After she does, maybe remind her of the multiple, flagrant violations of Hatch during the recent Republican Convention and seek her legal opinion on these myriad infractions and the impact to the most basic foundation of our democracy - the rule of law – if such violations go unpunished.

Keep mixing it up.

Ask her if she might detail the Constitutionally-defined duties of the U.S. Congress to oversee the executive branch. Again, presuming the hearings will be broadcast live, such a request for Constitutional clarification will be valuable to Americans assessing the Judge’s bona fides.

Then seek the Judge’s legal opinion on the Trump administration’s repeated refusal to respond to subpoenas from the Congress. Does she think such refusals by the executive amount to obstructions of Congressional oversight? Obstructions of justice? If not, why not?

Shift gears.

Why not touch on the impeachment? Ask Barrett to explain collusion. Then, borrow from the recent GOP-led Senate Intelligence Committee report that lists the contacts between the Trump administration and Russians during the 2016 election and ask her opinion whether such amount to collusion.

And so on.

Again, as noted above, by all or most accounts, the Judge is a good person. The questions above are not hypothetical. They're all related to real-world happenings, and, well, they’re all pretty blatant examples of breaking one law or another or multiple laws.

So, if Barrett answer dishonestly, she’ll expose herself as just another Trump stooge. If she answers honestly, as a person or her purported character should, then we will all get to watch Trump and his corrupt administration publicly excoriated by his own chosen Supreme Court Justice nominee.

Fun.

An Apology to Stecklow: Huawei Dissembled About Skycom, to All of Us

2020-09-16T17:06:00.002-04:00

Two years ago, after being laid off by Huawei for questionable reasons, I published a book about my experiences with the company: Huidu - Inside Huawei. I still stand by most of the content in the book.

I stand by my arguments that Huawei has been treated unfairly by the U.S. Government, in some cases for duplicitous cause. I stand by my assertions that, despite its global success, Huawei is remarkably internally dysfunctional, as well as prejudiced in terms of its treatment of and general lack of respect for non-Chinese, whether employees or otherwise.

But, I would like to extend an apology for a section of one chapter in the book, a chapter which re-captures a January 2013 blog post in which I lambast one-time Wall Street Journal, current Reuters investigative journalist Steve Stecklow. The blog post focused on Stecklow’s reporting on Huawei’s alleged circumvention of U.S. sanctions on Iran, specifically Huawei’s relationship with a Hong-Kong company called Skycom.

<Aside: I'm a tad torn on this. Not because I have come to believe that I was misled by my employer and am now in part recanting past positions, but, rather, because Stecklow gave a January 2019 presentation to an Asia Society audience in he which dedicated a snarky half-hour to deriding the blog-post section of the chapter referenced above and yet simultaneously used it to frame his self-congratulatory review of his reporting on Huawei and Skycom>.

Stecklow and I had multiple and substantive conversations related to his reporting on the Huawei-Skycom-Iran topic back in 2011-2012. To the extent that he quoted me in his reporting, it was in the context of for-the-record guidance either developed or approved at Huawei HQ in Shenzhen, including the boilerplate statement that Skycom was an independent company with which Huawei had a normal arms-length business relationship.

The same applies to representations the Huawei D.C. Office may have made to relevant government agencies or office in the Congress. We did not deliver such messaging blithely. Indeed, over my eight-year tenure with Huawei, the Americans in the Washington Office took Iran and export control-related matters very seriously, and we pushed hard to have Legal and Trade Compliance leadership at HQ provide us with proof of Huawei compliance with U.S., EU, UN or other relevant sanctions.

We were skeptical, even deeply so, for instance when we learned that Huawei’s CFO had been a Board Member of Skycom in the late 2000’s. But HQ seemed to have legitimate answers to our questions and genuine in their reactions to our probes, and, well, we could not imagine that Huawei leadership would dissemble about matters as critically important to Huawei’s global business – it’s sustainability writ large – as U.S. export control and sanctions policies.

Neither Stecklow nor the U.S. Government has yet produced – publicly - any evidence that Huawei was indeed selling or has indeed sold sensitive, sanctioned or export-controlled technology to Iran or elsewhere, directly or indirectly. If the U.S. Government had such a smoking gun, given the pattern of their behavior in all matters Huawei-related, they’d have long ago crucified the company

<Notably, Stecklow’s early reporting on Huawei providing network equipment with integrated law enforcement interfaces (not export-controlled at that time) to Iran being somehow uniquely nefarious was silly: As explained to him at the time, global network standards as approved by carriers and governments require vendors to incorporate such interfaces, for instance under the U.S. CALEA law>.

But, Stecklow’s 2011-2012 - and since - reporting on Huawei’s tangled relationships with Skycom seems to have a pretty strong basis in fact, notwithstanding Huawei’s historical denials and attestations that such entities were independent. Indeed, his reporting has been cited as evidence in Iran sanctions-related Canadian and U.S. legal cases against Huawei’s CFO, now two-years detained in Canada pending extradition to the U.S., as well as related and broader U.S. charges against Huawei writ large.

Grossly simplified, the U.S. believes that Huawei leveraged a controlling relationship with Skycom to circumvent U.S. sanctions on Iran. That said, the focus of U.S. criminal charges is that Huawei’s CFO and other executives pursued a conscious scheme to mislead banks about the company’s relationship with Skycom, and based on those misrepresentations, HSBC for one may have inadvertently violated sanctions or export controls by clearing funds related to illegal transactions out of Iran.

Huawei maintains that it sold its interest in Skycom in 2007 and denies any wrongdoing, including in the context of presentations or representations to banks or otherwise.

I have grown to believe that the U.S. may have a strong case.

Today, September 16, 2020, Stecklow and Reuters colleagues ran a piece titled Top Huawei executives had close ties to company at center of U.S. criminal case, prompting this blog post and my apology to Steve for my January 2013 blog post and its re-purposing in a section of a chapter in my 2018 book.

It seems that Stecklow and company have discovered that the Huawei-Skycom relationship that Huawei maintains was severed in 2007 remained alive and well in Brasil from 2007 to at least 2012.

While Skycom was sold off to Canicula Holdings – a holding company registered in Mauritius in 2007 which the U.S. Government has suggested is another Huawei-funded shell – Stecklow reports that previously unknown Skycom shares in Huawei Brasil, dating back to 2002, were not sold until 2012 (and that was to Netherlands-registered Huawei Technologies BV).

The nugget in their reporting that stood out to me was the fact that two of Huawei’s three current CEOs – Ken Hu and Guo Ping – were directors of Huawei affiliate Hua Ying Management Co Ltd that bought 100% of Skycom in February 2007 and transferred those shares to Canicula nine months later. Oh, of note, Huawei’s CFO now under house arrest was Hua Ying’s corporate secretary back in 2007 as well.

What bothered me when reading the article wasn’t that Huawei may or may not (I now lean towards “may") have maintained control of Skycom well beyond 2007 and, related, indirectly contributed to violations of U.S. sanctions whether through Skycom or in the context of the more convoluted path of briefings to banks. No, my concern was much more parochial.

Over my years with the company, particularly in my early years, I had a number of opportunities to interact with both Ken and Guo, one-on-one (separately), whether on their visits to the U.S. or over lunch or coffee during my visits to Shenzhen. Given the importance of the U.S. market, the political environment, and U.S.-China relations more broadly, such meetings were not unusual.

The thing is, I recall – perhaps incorrectly - raising Stecklow/Skycom concerns with one or another or both of them at some point in the 2011-2012 time frame. Iran-related concerns were a big deal for us in the D.C. Office. American emotions related to Iran are always high and any perception of Huawei wrongdoings could have been devastating.

I had no idea at the time that they had both been intimately involved with Skycom, as Reuters has now uncovered.

And yet, I have no recollection of either of them in any way acknowledging having ever heard of Skycom when the topic was raised. Had we in the Washington Office had access to the full Skycom and Iran histories as early as 2011-2012, we could have adjusted our posture in D.C. At the very least, we might have avoided potentially making fools of ourselves briefing U.S. Government officials with details they may well have known to be, at best, “incomplete.”

Sadly, this pattern of behavior – compartmentalization of information essentially based on nationality – is, in my experience, the Huawei norm, not the exception.

Is it any wonder Huawei has always been and remains trust-challenged in D.C.?

Get Ready - November 3rd and the PEAD threat

2020-08-16T17:44:00.004-04:00

Those who know me or have followed my past FB posts or comments might be familiar with my concerns expressed over the last couple of years that Trump will not leave office when he loses the election this November - mere weeks from now.

We all know that he is engaged in a wide range of shenanigans to suppress the opposition vote, most recently by efforts to cripple the U.S. Postal Service. Congressional Members of the former Republican Party (now the Cult of Trump) have unfailingly enabled him along the way.

It is unclear if any of Trump’s anti-Democratic, unconstitutional measures to disenfranchise voters will succeed in preventing the American electorate from throwing him out. Indeed, given the sheer popular disgust at what he has wreaked upon our nation and global reputation, it seems unlikely.

In earlier musings I’ve wondered about the possibility of Trump, post-November 3, declaring martial law on some or another pretext, while he challenges the veracity of the vote, based on bullshit allegations of fraud. I’ve also worried he might unleash his brownshirts again, as he did in Portland.

Worse, I’m genuinely concerned that his well-armed lunatic fringe of supporters – like the so-called Proud Boys, or their extremist right-wing anarchist allies the Boogaloo Bois, or whichever other flavor-of-the-day madfolk – might take it upon themselves to rain terrorist havoc down on our country.

I’ve chuckled at the blue-sky media musings of Trump refusing to step down only to have the Secret Service escort his sorry ass out of the White House on January 20, 2021, and, with no anointed Chief Executive, ushering in Nancy Pelosi in his stead. Yeah, right. Not.

No, Trump knows he’s fucked if he leaves. Too many State-based legal cases stacked up against him that will almost certainly produce adverse results for him and his grifter kin that cannot be undone by Federal pardon, should someone be dumb enough to contemplate such a sin.

Which leads us to what Trump has occasionally referred to as his “secret powers.” As he blathered in March of this year, “I have the right to do a lot of things that people don’t even know about.” Meh, with Trump, we all just assumed he was spewing more bullshit.

Whoops. Someone somewhere (Rudy? That criminal creep?) may have briefed the Idiot-in-Chief-cum-SAT-cheater on the concept of Presidential Emergency Action Documents, also known (sigh) as PEADs. Lord, what a nightmare when it comes to Trump (his supporters are still fixated on “cum”).

There’s been a lot of chatter today and in recent days about PEADs, basically presidential orders that are drafted in anticipation of a range of hypothetical, worst-case scenarios. Okay. Except, uh, no-one knows – not even the Congress – what powers a PEAD might afford a President. It’s classified. FFS.

PEADs were born in and of the Cold War and fears of a nuclear attack that might incapacitate the country. The assumption was that a sitting President (and advisors) would have in mind the best interests of the country and citizenry and act accordingly. Trump? Oh shit.

While there are no publicly available PEADs, they are known to contain provisions allowing, for instance, suspension of the Constitution, you know, martial law, the roundup and detention of people not suspected of any crime, etc. That sort of stuff. Basically, Trump’s abuses in Portland, on steroids.

Oh, it gets worse. Under the National Emergencies Act of 1976, the President can declare a national emergency just by signing a proclamation. Trump? Oh. Shit. Again. And this, now, is how I anticipate he will address his loss in November, or, before, perhaps suspending the elections altogether.

I’ve not been a fan of the gloom-and-doom types predicting a post-election civil war. We’re bigger and better than that, I’ve thought. Well my American friends, in whatever fashion, we cannot let any PEAD-inspired abomination occur. It would be the end of our nation. Stand up.

Forbes/Calhoun: Five Points to Save Huawei? Forgot Localization

2020-07-25T17:36:00.002-04:00

On July 23, 2020, George Calhoun, who I do not know but who seems to have a remarkable pedigree, had a thoughtful contribution published by Forbes titled “How Huawei Could Save Itself: A Five-Point Plan” (linked). Good ideas. But not enough.

(Full disclosure: I worked for Huawei from 2010-2018. I owe them nothing and, frankly, in light of how I was mistreated in my final years, I have zero reason to stump for them. However, I remain engaged in terms of the broader geo-economic and geopolitical policy issues that the Huawei conundrum presents).

George opened with an apt disclaimer: “I have no inside information related to Huawei. I have never done personal business with them, and I have not spent much time in China. I do have a background in the wireless industry, but my proposals here are generic to modern business practice, and/or a sort of common sense, I think. Which is not to say that any of them have a practical chance of being adopted.”

Well said. And his thoughts are valuable. Huawei, however, is unique.

The first of the five points suggests that Huawei should follow and be assessed to its performance according to globally-accepted financial/accounting standards. Now, as I used to parrot when I was with Huawei, George notes that “Huawei currently provides financial statements that comply with international accounting standards (IFRS), audited by KPMG…” He goes on to point out, however, that Chinese companies listed on American exchanges don’t follow the requirement to be reviewed by the Sarbanes-Oxley spawned Public Company Accounting Oversight Board (PCAOB) since the Chinese government has blocked the PCAOB from exercising its function for Chinese companies. Now, Huawei is not listed in the U.S., but George suggests “Huawei should request the Chinese government for a waiver to allow PCAOB to review KPMG’s audit, and, they should also invite an additional audit review by a different firm – not KPMG, and not based in China, and, they should also publicize the waiver request, even in the face of Beijing’s likely disapproval, and actively lobby the government to permit it." Strong idea. Not enough though. And, the current Huawei wouldn’t touch it – they are beyond adamant about not going sideways of the Chinese Government or the CPC.

For his second point, George suggests that Huawei should ask to have its credit rated by the three leading global rating agencies, according to global standards, and not as is the current practice or relying on credit ratings from suspect Chinese credit rating agencies, which operate by credit ratings standards that are not equivalent to global standards. George notes that credit ratings performed by global firms like S&P and Moody’s would amount to “another form of “audit…which is in some ways more demanding and more substantive than an accounting audit, because it also considers the nature and viability of the company’s strategy and the competitive market environment.” He’s correct. This would be an easy thing for Huawei to do and would certainly help their global reputation. It’s been recommended before. It’s unclear why Huawei has balked.

George’s third recommendation, in my opinion, falls quite flat. He points out that “The number one stated concern of most Western governments is the possibility that information passing through Huawei’s networks could be accessed by the Chinese government.” He then cites unspecified Chinese law that says the company like all Chinese companies are subject to “forced cooperation with the Chinese military intelligence service.” This is a constant canard of the U.S. Government, despite the fact that Chinese, international and American lawyers have all pointed out that no such law exists in terms of outside-China data and information. In any event, why would they publish a law in a country lacking a history of the rule of law? That question is what undermines George’s third recommendation, e.g. that “Huawei should construct its own firewall…to interpose between its equipment and the Chinese security apparatus and block the transfer of user information. This firewall should be open to inspection and validation by outside authorities.” This is a pipe dream, absent fundamental overhaul (foreshadowing).

Point number four has George proposing that Huawei jettison it’s historical, militaristic “Wolf Culture.” George mistakenly opens suggesting that “Huawei sprang from a military origin.” This is simply untrue, but he has a point that the culture encouraged by Huawei Founder and still CEO Ren Zhengfei – a former PLA civil, not telecommunications, engineer - is indeed militaristic, rhetorically. Ren still speaks in riddles and analogies that sometimes rely on his military past (and just as often on his love for nature), but, having spent enough time in the organization, albeit as a Westerner, I can say that the “Wolf Culture” has really just become proud company lore at this point. All of that said, should Huawei want a cheap and easy PR campaign, they could do as he suggests and “euthanize the wolf culture,” but died-in-the-wool Huawei adversaries in the West wouldn’t buy it.

George’s point number five is one focused on something that has always been a source of consternation in the West: “Who Owns Huawei?” George says “The company says that Huawei is employee-owned. 100,000 happy capitalists. Probably a lot of millionaires. Just like Microsoft, more or less…” I must admit, that sums up what we were saying when I was with Huawei. And, he points out that in the West the prevailing thought is “that Huawei is either owned or controlled by the CCP.” Of course, there’s no proof offered for this assumption on the part of Western authorities other than “they’re Chinese so they must be.” George offers an “interim” recommendation: “Huawei should invite an international team of business, legal and corporate governance experts to review the current structure in detail, with full access to all the appropriate information, charged with producing a thorough and honest report of the current state of affairs.” Great idea. Huawei has invited same on multiple occasions, but never followed through. And, the U.S., for instance, has offered the same as well, and, yet, in 2012 instead sent a gaggle of ham-handed Congressfolk and staff which ultimately released a pre-cooked report that confirmed their largely groundless preconceptions.

George includes a sixth bonus point, what he calls “Laissez-Faire.” He says that “Huawei’s relationship with the Chinese government has to change. The company needs to stand up to the Chinese authorities and assert its commercial independence from the state’s geopolitical agenda.” He concludes: “It is time for Huawei to become what they say they are. Stand up now. If we take the company’s self-characterization at face value, as they want us to, true to its outward clothing as a private company with a no controlling government ties – then show us! Take the heat. The world will rally to you.”

Now, while I greatly appreciate those heartfelt sentiments, and I truly believe that George’s entire article is reasonable, rational and hopeful, as I said before, Huawei is simply not going to go sideways of the Chinese Government, at least not in China.

Which leads me back to George’s point number five where he also said: “Huawei should consider how to restructure itself so as to bring its ownership arrangements into line with a more comprehensible and transparent structure. Whether this involves creating a public company, or a hybrid with multiple share classes, or a partnership, or a state-owned enterprise...”

Yes.

Over my eight years at Huawei, I spent better than half of them advocating for the company to address its Western nation challenges through organizational change. Specifically, I repeatedly recommended that the company should localize. And I mean truly localize. The company has a mantra that talks about 75% localization. It’s a crock. A) A lot of those folks are Green Card holders from China, and B) Local executives are almost universally not empowered to make decisions or otherwise run the business. And, it’s not hard for local stakeholders – including Government – to recognize this, which makes Huawei more suspect, which reinforces pretty much all of the negative assumptions about the company.

Further, I recommended that the company should make a harmless investment in the U.S. that would require it to go before the Committee of Foreign Investment in the United States (CFIUS) – A who’s who of sixteen U.S. Federal Government agencies charged with assessing foreign acquisitions for potential national security threats. Further, I suggested the company acquiesce to whatever the Committee might demand to approve a transaction. Yet further, I suggested Huawei and the U.S. Government could use the process to birth a truly independent, transparent American subsidiary of the company, including with select Government-appointed Board Members, and other Americans empowered to make real decisions, and appropriate security assurance mechanisms established and monitored to ensure the integrity of American networks and data.

So, in sum, I think George's recommendations were great, with a couple of exceptions in terms of Huawei going domestically (China) sideways of the PRC or CPC, and with the addition of perhaps the most critical requirement – empowering non-Chinese in non-Chinese markets to manage the business and oversee the security of non-Chinese critical infrastructure.

State Paper Promoting Perilous China Decoupling Rehashes Huawei

2020-06-18T14:27:00.002-04:00

China-based Huawei, the world’s leading telecommunications equipment vender, has long suffered strident U.S. Government opposition, both within the U.S. and, increasingly, over the last decade, extraterritorially. The U.S. Government believes that Huawei is effectively or actually an arm of the PRC/CCP and thus presents a national security threat, both in terms of facilitating espionage and in the context of China’s potential dominance of the global information and communications technology industry.

No credible public proof of the U.S. allegations exists. Huawei denies them.

On May 22, 2020, the State Department’s Office of the Undersecretary for Arms Control and International Security released Volume 1, Number 8 in its series of Arms Control and International Security Papers, titled U.S. National Security Export Controls and Huawei: The Strategic Context in Three Framings, authored by Assistant Secretary Christopher Ford, a Trump political appointee. Link to the paper: https://www.state.gov/wp-content/uploads/2020/05/T-Paper-Series-U.S.-National-Security-Export-Controls-and-Huawei.pdf.

The paper purports to discuss “recent U.S. moves to restrict transfers of cutting-edge U.S. technology to Chinese technology company Huawei, explaining these steps and placing them in the strategic context of a great power competition with the People's Republic of China (PRC) brought on by Beijing's geopolitical revisionism, exploitation of such firms to steal and divert foreign technology to support the Chinese military, abuses of human rights in China itself, and employment of companies such as Huawei as tools of strategic influence.”

The “recent U.S. moves” referenced in the paper are changes to the U.S. export control regime – and specifically the so-called “Entity List” - which allow for more broad reaching restrictions and license requirements for U.S. firms that might do or contemplate doing business with foreign firms, with Huawei as an example. At this point, not only can U.S. firms not export (without license) components to Huawei, they are restricted from selling Huawei the gear currently required by the Chinese company to produce, for instance, higher-end semiconductors.

That said, in reality, the paper’s references to Huawei are largely limited to repetition of never-proven accusations, and reiteration of Huawei’s Iran sanctions busting-related sins (the latter which is legitimate in terms of charges that the company engaged in sales of controlled technology). Oddly, inexplicably, Huawei’s Iran debacle is conflated with utterly unrelated allegations of intellectual property theft, spotlighting “source code and user manuals for Internet routers,” a clear reference to an over twenty-year old incident involving Cisco. There is also reference to charges filed this February related to undetailed but alleged intellectual property “misappropriation” from six U.S. technology firms.

The paper’s true focus is on China, not Huawei.

China’s history of intellectual property theft is broadly discussed, with commentary also looking forward in the context of the “Made in China 2025” initiative, characterized as epitomizing “the PRC’s drive to seize a dominant share of global high technology markets as soon as possible;” the paper expresses great competitive concern for China’s strategy of “military-civil fusion” (these are legitimate concerns). There is also a good deal of detail and condemnation of China’s pattern of human rights violations featured in the treatise – “Huawei and it’s siblings” are described as “handmaidens…of oppression” via provision of surveillance technology, notably similar to elements of the “smart cities” technologies and capabilities being developed and marketed by U.S. and other Western firms.

Somewhat diluting its impact, there is an odd pretentiousness to the paper, in terms of its broad and perhaps not-always-necessary use of ill-fit or over-thought or just gratuitous analogies and metaphors. The slightly tortured paragraph on the second page attempting to analogize Chinese landscape painting to the so-called Huawei Policy Landscape is a reach, at best. The reference to Voltaire and 18th century Prussia and its army on page three is gratuitous. And, given China’s rich and long history, page four’s cherry-picking of the fourth century BCE legal framework that allowed for the establishment of the Qin Dynasty as some sort of scene-setter for today’s environment in China seems just filler.

Finally, in terms of over-the-top analogies, the Conclusion section’s references to “Thucydides’ rendering of Pericles famous funeral oration for Athens’ early casualties in the Peloponnesian War” and “Venetian officials who in 1745 actually dispatched an assassination team to pursue two local glass-blowers who had taken the lucrative secrets of their trade abroad” approach the definition of pretentious.

Yet, notwithstanding the misleading title, the parroting of tired or undetailed allegations about Huawei, the all-over-the-place analogies and metaphors, there is value to the paper. On the one hand, it sets the stage for the more recent June 15 Commerce Department announcement and clarification that Huawei’s inclusion on the Entity List does not preclude American companies from engaging with Huawei in 5G standards development. It is the normal course of business in the telecommunications industry for standards to be developed globally and given Huawei’s 5G leadership, not allowing American firms to collaborate in 5G and related standards bodies including Huawei would severely disadvantage those companies. The Commerce ruling is welcome.

But, the announcement should not be interpreted as a loosening of the U.S. stranglehold on Huawei. It is not. It is 100% self-serving on the part of the U.S., and very necessary for U.S. industry to remain viable in the 5G space.

On the other hand, and perhaps the most important takeaway from a macro perspective, the paper highlights that the U.S. seems determined to decouple from China, in the technology arena, and, it would also seem, more broadly. However one might feel about China, from an economic, political, ideological, trade, rule-of-law, human rights or other perspective, decoupling is a dangerous prospect. America has retreated from our global leadership position in recent years, which is worrisome. Meanwhile, China’s profile and influence has grown, which is yet more worrisome. Whether we like it or not, we must accept that China has emerged as a peer of sorts on the global stage, clearly not in terms of democratic values, but certainly from a political and economic perspective.

On the technology front, we should – we must – recognize that the information and communications technology industry has become global, interdependent, borderless. Supply chains and networks coexist and overlap. There is no putting this genie back in its bottle. While we have bits and pieces, and primarily at the high end, the U.S. cannot hope to midwife a full-blown telecommunications industry. China, however, has the financial, human and technological resources to verticalize their own. This is not in our economic or national security interest. Indeed, our goal should be to remain integrated so that technology solutions and products remain intrinsically global. It is arrogance to believe that we can go it without China. Strategic re-coupling should be the path we follow, and urgently.

So, Huawei (v2)...

2019-01-31T17:29:00.001-05:00

I am no apologist for Huawei.

My tenure with the company damaged my reputation and career.

That aside, let’s face it, the company has proven itself unequipped to master its own global destiny, to own its own narrative.

Sure, Huawei will dominate China in terms of information communications technology (ICT).

And Africa.

Success in that latter market is almost certainly a result of collaboration with China’s government to develop and deploy the energy, transport, communications and financial infrastructure for the next generation source of low-cost labor.

(C’mon America, we used to do the same thing all over the planet, back when we had money and respect).

But, Huawei will be shunned elsewhere (well, maybe not their phones).

Why?

Because America.

The American jihad to crucify the company is unjust and, ultimately, will result in terribly bad tidings for the U.S. ICT industry.

I’ve blogged for years about the hypocrisy of the American assault on the company, given that all ICT firms operate outside old-world geographic borders and are all equally subject to penetration and compromise.

The most recent Huawei development? The comical “criminal” investigation of the “Tappy” case that was settled in civil court years ago.

Did $100 billion dollar company Huawei really conspire to “steal” T-Mobile USA’s silly little robot technology that, literally “tapped” on cell phone screens to quality-test their functionality?

Please.

Did Huawei screw up?

Yeah, a couple of linear-minded engineers apparently “borrowed” the robot’s “finger” to determine why it produced results different than the Huawei robot finger.

Dumb.

Crime of the century? Hardly.

Proof of Chinese theft of American “intellectual property?” Oh for f*ck’s sake, of course not. It’s a robot finger that taps on phone screens. It ain’t rocket science.

So, what’s America doing? And why? I mean, it’s not like there’s a domestic industry to protect (sure, Cisco builds bits and pieces, but not full networks).

Is the U.S. so tight with Finland and Sweden that they need to nurture their ICT industries? Nah.

So, WTF is going on?

Hard to tell, but, if I had to guess…

The Tappy case is just a momentum-builder.

The early December detention of a Huawei executive (CFO Sabrina Meng) in Canada – and the more recent formal extradition request – have saturated the media, with daily updates, and as people have become numb to the Meng media overload, the Government needed to goose the Huawei witch-hunt again.

Hence reviving the Tappy case.

The Government needs to keep the momentum hot because the next step, I believe, is almost certainly a conclusion to the two-plus year-old Commerce Department’s Bureau of Industry and Security (BIS) investigation of Huawei’s purported illegal activities conducted through alleged shell partners in Iran ten years ago.

Timing is key.

The annual Mobile World Congress (MWC) in Barcelona is scheduled for the end of February. MWC is the show to end all shows when it comes to the global wireless industry.

My guess (again): Between now and MWC, the U.S. will wrap up the BIS investigation with a negative finding and issue an order placing Huawei on the “Designated Entity” list, precluding U.S. companies from exporting to Huawei without license, requests for which can be expected to be denied.

In other words, if I’m right, they plan to humble and hobble Huawei going into the annual event in which many if not most major mobile industry deals are struck.

It’ll likely be a temporary measure, as it was with ZTE two years ago, but, again, timing is key, and it will hurt.

Or maybe I’m wrong…

So, Huawei...

2018-12-29T16:22:00.001-05:00

I served this company for nearly 8 years. I even wrote a book about the experience.

Huawei is getting a raw deal in the U.S., and globally, as a result of U.S. Government machinations.

Yet, Huawei bears not-insignificant fault for the situation.

Western intelligence services have yet to provide the slightest evidence of any untoward Huawei activity on behalf of the Chinese Government. And, Huawei has done next to squat to prove them wrong.

I am, have always been, an internationalist.

I believe in interdependence as those Westerners did - led by the U.S. - in the wake of the Second World War. Those that birthed the Bretton Woods Institutions: The World Bank, the IMF, the GATT (now WTO).

Their goal was to create a global system for stable trade and finance to ensure against the type of disruption that contributed so greatly to two damning World Wars.

Those visions have been supplanted by time and, now, old-school Cold War thinking rules the day. Indeed, our current President almost certainly has no clue what Bretton Woods might be.

Instead of world stability and prosperity, this President is pushing for destabilizing conflict, and, given that he is compromised when it comes to Russia, he has chosen to focus on China.

There is some truth to U.S. concerns being expressed: Are the Chinese spying on us? Yes. So are Russia and many of our allies. Is China stealing intellectual property? Yeah, but not like 20 years ago - they've emerged instead as technology leaders.

Might China take down our critical infrastructure in times of tension? Sure, but far more likely with high-altitude nuclear bursts which would spawn EMPs to knock out modernity as we know it, rather than clumsily harnessing ICT firms based or doing business in China.

Thanks to Mr. Snowden, we know how American companies were compromised to allow U.S. espionage and exploits - through service providers, a manageable conspiracy - but not through hardware/software players. The latter would have been an unsustainable conspiracy in terms of taking down critical infrastructure, although its been successful in terms of conducting espionage.

So, is the West reeling as they wake up to potential Chinese technology leadership on a global basis?

Yes.

But the American jihad against companies like my former employer date back two-plus decades. It's just that over the last year or two the intelligence and defense careerists have stepped-up their efforts at home and abroad because there is simply no rational leadership coming from the White House or its crumbling Administration.

And yeah, Huawei has done itself zero favors.

Arrogance, hubris, pride, the imagination that Chinese national employees know best even when dealing with matters they frankly don't even begin to understand. They claim to be a global-local company (how trite that has become). They are not.

Until and unless Huawei diversifies its leadership and learns to trust and rely on non-Chinese national employees - both at headquarters and in the field - they will always be suspect, and they will be increasingly challenged, as we are seeing on a daily basis now.

But the U.S. strategy? Blackball China-based vendors when all of the non-Chinese competitors are conducting R&D, coding and building in China? Madness. There is no U.S. industry to do what Huawei, Nokia and Ericsson do. Bits and pieces, sure, but that's all.

The danger inherent in the U.S. strategy is that we may force the only country on the planet that has the human, financial and technological resources to verticalize an information and communications technology (ICT) industry - China.

Wouldn't America want to have Western inputs into such an industry (Huawei procures over $10 billion dollars annually from U.S. suppliers to fuel its supply chain)? Cutting them off is not just a commercial and employment headache, it precludes the U.S. from maintaining their own backdoors.

It's time to inject commercially and technologically and national-security based rational thinking into this debate, before it is too late.

Transitions...

2018-09-05T14:37:00.003-04:00

Well, after just short of eight years with Huawei, they laid me off in April of this year, about five months ago.

Needless to say, getting laid off was a bit of a letdown after having devoted so many years to defending the company against its many detractors.

Some of my experiences are cataloged in the recently published book linked below.

https://www.amazon.com/Huidu-Inside-William-B-Plummer-ebook/dp/B07DHZDSYG/ref=sr_1_1?s=books&ie=UTF8&qid=1536171492&sr=1-1&keywords=huidu

Now it's time to find a new gig.

Is the End Game Approaching? Nah. Or?

2018-01-18T20:31:00.000-05:00

It’s been a while.

For anyone who has historically followed this blog, you may have stopped, as I wearied of posting.

For those who are new to this blog, it began as a series of musings on family and technology, and open markets and an open Internet, and then evolved into an ongoing review of the U.S. Government’s quixotic assault on my employer of the last eight years – China-based Huawei Technologies.

In the last year or two, I’ve gone relatively – not entirely - dormant.

One doesn’t have to read the last eight years of posts to follow this one, but it might help.

Huawei is an almost-30 year-old China-based tech company.

It’s grown from a reseller of other company products, to researching and developing and producing it’s own product – an innovation and intellectual property powerhouse.

It’s now the world’s largest telecommunications equipment provider, the third largest smartphone provider globally, and, pretty much, the world’s leading information and communications technology (ICT) company.

Huawei doesn’t do it alone.

Huawei, like every global ICT company, relies on a global supply chain, conducting R&D globally, partnering globally, procuring over $10 billion annually from U.S.-based suppliers alone.

But this ain’t about that.

This is about the U.S. Government having recently fired up an all-new campaign to block Huawei from the U.S.

Why?

Because Huawei is perceived as a threat to U.S. national security.

Bullshit.

Oh dear, Huawei is based in China and thus must be vulnerable to Chinese Government manipulation.

So too are Cisco, Ericsson, Nokia, Microsoft and on and on, all of the U.S.-based and other Western companies that employ tens of thousands of Chinese in China to code and produce their solutions.

But the U.S. Government knows that.

They also know that they’ve penetrated all of these companies themselves, to compromise their solutions to enable espionage, intellectual property theft, etc. (https://en.wikipedia.org/wiki/Tailored_Access_Operations).

Go figure.

They also know that the ICT industry is global and interdependent. They know that there is no ICT company that is not researching, coding and building in China.

They know this. They mourn this. They want yesterday. But that was then, this is now.

America can choose to embrace the global ICT industry, or reject it and let it all gradually verticalize, likely in China, perhaps the only country which can currently afford to do that in terms of human, capital and technological resources.

That, of course, would NOT be in our national security interests.

But arrogance abounds.

Let’s recap how the U.S. Government has, over the last 10 years, deterred Huawei's market access, and, indirectly, adversely impacted U.S. telecom carriers, investors, suppliers, and consumers.

In early 2010, National Security authorities pressured AT&T executives away from selecting Huawei’s network gear for its 4G upgrade project.
In late 2010, the then-Secretary of Commerce similarly pressured Sprint’s CEO to stop considering Huawei from purchasing Huawei gear for it’s network upgrade. This cost Sprint billions, and factored into its ultimate sale to a foreign-based owner.
In 2011, CFIUS further chilled Huawei’s prospects by unwinding a transaction which posed "national security" concerns due to a "sensitive technology" which the Government later declined accepting as a donation as the technology was of no interest.
In 2012 Huawei suffered humiliation as a result of a sham of a national security Congressional Investigation that The Economist best captured at the time as "written for vegetarians."
The machinations got more clever in 2014-2016, e.g. in the CFIUS approval of Softbank-Sprint, which called for sweeping Huawei from Clearwire, but more importantly requiring Government approval of “new” venders.
The FCC put a similar provision in the Metro PCS-T-Mo spectrum license transfer.
More recently, in December 2017, a passel of Congressfolk wrote to the FCC warning against the sale of Huawei smartphones to AT&T. Nonsense. And they knew it. A PR stunt. It worked, AT&T scuttled the deal rather than risk rejection of its Time Warner acquisition.
In early January, 2018, the House introduced HR4747 which, in part, would ban government entities from contracting with any commercial entity that contracts with Huawei - an effective de facto ban.
And just this week, Reuters reported that unnamed Congressional aides said that the intent on the Hill was to block all AT&T (and presumably other U.S. carrier) dealings with Huawei.

What a load of crap (much of which has been detailed in this blog over the years).

As referenced above, and reflected ad nauseum in this blog over the years, the ICT industry is global, interdependent and transnational – whatever vulnerabilities that may exist are universal, and suggestions otherwise are outright ignorant, and dangerously misleading.

Look, I’m not saying that the Chinese are not spying on us, or us on them, or the Russians on both us, or the Israelis on all of us, or any other State on any other.

I’m just saying that the U.S. Defense and Intelligence community has seemingly abandoned reality.

They are the ones driving this absurdity. They know better.

The U.S. founded a system of fair and open markets and trade in the wake of the second World War, in large part to bolster global security, our national security.

The U.S. is now in the process of undermining the very global and national security we hoped to secure.

But that’s just my opinion.

They're back...(and they're still slinging lies)

2017-11-09T15:05:00.000-05:00

In alignment with the President's visit to China this week, some sino-phobic loon(s) found themselves a new little-known media patsy to pollute the "opinion" pages of the Wall Street Journal with a rehashing of Huawei FUD.

This is the first time in a few years that we've seen someone cram all of the anti-Huawei bullsh*t into one succinct piece. Sadly, the author won't respond to emails, phone calls, Twitter messages, etc., so, for the record (the bits in italics are rebuttal points):

https://www.wsj.com/articles/chinese-telecom-threatens-u-s-security-1510098689

Chinese Telecom Threatens U.S. Security

Wall Street Journal

By Patrick B. Pexton

11/07/2017

Giving Huawei the green light would allow Beijing to spy on Americans.

Why? The modern information and communications technology (ICT) industry is transnational, essentially borderless. Companies like Huawei, Cisco, Ericsson, Nokia, Microsoft, etc. are all global entities. They all conduct research and development, code software, and design and assemble on a global basis. They all rely on common global supply chains, sourcing inputs and labor from and in markets around the globe, including all in China. To the extent that there are threats facing these companies and their products, they are shared. Indeed, by virtue of the globalized nature of the industry, no company is more secure or more vulnerable than any other, regardless of their geography of headquarters. Moreover, public revelations in recent years detailing various State-developed (e.g. NSA TAO, CIA Vault 7) exploits of multiple ICT venders – without their knowledge - have further demonstrated the universality of vulnerability.

When President Trump meets with Chinese leaders this week, he should consider an issue that has worried U.S. lawmakers for years: the possibility of the Chinese telecommunications company Huawei entering the U.S. market.

Huawei is a telecom giant, so naturally part of this worry is about competition. It’s the third-largest smartphone maker worldwide and also makes the back-end switches, routers and other equipment that make cellular networks function.

Competition? With which American companies? Currently the U.S. cellular telecommunications backbone relies primarily on Ericsson and Nokia (including former Alcatel Lucent) as vendors – an effective duopoly that keeps costs high and the pace of innovation slow. And what about the hundreds of American companies that benefit from Huawei’s $10 billion in annual procurements from U.S. suppliers? Should we not care about their commercial success?

But the real concern is national security. Since 2011, when the House Intelligence Committee first began looking at Huawei, members of Congress have been concerned that by using Huawei equipment, Americans could invite the Chinese company to siphon information about them back to the Chinese government.

See the point above about the nature of the ICT industry.

Huawei calls itself an employee-owned company, so its books are opaque to the public; and it’s run by a private board whose members were first disclosed in 2011. Its founder and CEO has longtime ties to China’s military, which is true of many Chinese companies. But U.S. lawmakers think Huawei’s ownership is particularly problematic because of the role telecommunications technology plays in national infrastructure.

Well, the fact of the matter is that Huawei’s books are audited annually by KPMG in advance of Huawei publishing a very detailed and widely publicly available Annual Report.

In 2012 the House Intelligence Committee, after a monthslong investigation, for national security reasons urged U.S. companies not to form partnerships with Huawei and another big Chinese telecom company called ZTE. It also urged the Committee on Foreign Investment in the U.S. to block acquisitions, takeovers or mergers of U.S. companies with Huawei and ZTE.

The House Intelligence Committee report has been widely discredited, perhaps most succinctly by The Economist magazine which labeled it “written for vegetarians.” In brief, the assertions in the Report were premised on perceptions that, despite the extensive information and documentation provided by Huawei throughout the course of the Committee’s exercise, Huawei was deemed not to have disproven unsubstantiated allegations made by others; The Report offered no credible, factual evidence of its own.

In 2012, the Australian government banned Huawei from bidding on equipment for its national broadband network out of security concerns.

Huawei is a leading provider of commercial telecommunications infrastructure equipment in Australia.

In 2013 the U.S. government barred the purchase of Huawei equipment by several U.S. government agencies, citing cybersecurity risks.

Huawei offers commercial telecommunications solutions to commercial operators, not Government entities. That said, Huawei is not aware of any law, regulation or rule that prohibits the purchase or deployment of Huawei equipment in the U.S.

This year, T-Mobile won an industrial-espionage lawsuit against Huawei by showing that the Chinese company had stolen technological secrets from clean rooms at T-Mobile’s testing center.

As one of the world’s leading intellectual property rights holders – ranked number one in terms of patents filed by the World Intellectual Property Organization Patent Cooperation Treaty – Huawei considers respect for and protection of intellectual property a cornerstone value for our company. Huawei continues to believe in the merits of its defense to the allegations made by T-Mobile. Notably, according to the jury's verdict, T-Mobile was not awarded any damages relating to the trade secrets claim and there was no award of punitive damages.

And Commerce Department officials are currently investigating whether Huawei broke American trade controls on Cuba, Iran, Sudan and Syria, according to the New York Times.

Huawei has very sophisticated trade compliance programs in place globally to ensure that the company is always in accord with U.S., EU, UN or other export control or sanctions policies. Huawei is cooperating fully with the U.S. Government in terms of its inquiry.

Lawmakers are also worried because Huawei is a prime bidder for South Korea’s new 5G nationwide cellular network. This matters to the U.S. because in a confrontation with North Korea, the U.S. military may need to use this infrastructure to communicate.

Huawei equipment is deployed, proven and trusted across 170 markets, including virtually every NATO and OECD market, without any reports of security incidents. See also the points above about the nature of the ICT industry and universal vulnerabilities.

Huawei has dismissed American concerns, arguing that it is a legitimate business with the right to compete in the U.S. under WTO rules. This is true.

Yes, it is.

But Congress and Mr. Trump should be vigilant. In the 2016 elections, Russia hacked the Democratic Party, Twitter, Facebook and Google, all without owning a major network provider in the U.S. But giving Huawei a large telecommunications presence could make America an easy target for Chinese spying.

Nonsense. See points above about the nature of the ICT industry.

Congress and Mr. Trump should continue to monitor Huawei and consider taking legal steps to block its entry into the U.S. market.

The U.S. has long been the bastion of free trade and open markets. It would be unfortunate for the U.S. to set market-distorting barriers precedents (which would likely be used against American companies competing abroad) that preclude competition, innovation, and more ubiquitous and more affordable broadband in the name of “security” concerns which – given the nature of the interdependent and global ICT industry (see above) – would be utterly ineffective at securing networks and data. Indeed, they would create a false sense of security.

Here we go again (again)...

2016-09-19T16:47:00.001-04:00

Last week, a contributor to Bloomberg, ran an opinion piece titled “U.S. Spies Think China Wants to Read Your E-Mail” (link: https://www.bloomberg.com/view/articles/2016-09-13/u-s-spies-think-china-wants-to-read-your-e-mail).

The article reports on a supposed new “intelligence community” (so many ironies there) review of “the national security implications of Huawei's potential participation in building the U.S. 5G wireless network.”

Please recall, I currently work for Huawei, but the views expressed on this blog are mine alone.

The article features no shortage of references to Mike Rogers’ 2012 Congressional “Intelligence” (there’s that word again) Committee “investigation" of Huawei, which produced a report which was aptly dubbed by The Economist as “written for vegetarians,” and has been otherwise pretty much soundly discredited by anyone with half a brain, or even less.

What’s really going on?

Well, it seems someone somewhere in the “intelligence” (yet again) community woke up to the fact that the world’s leader in next generation networks is a multinational which happens to be headquartered outside the U.S. (which, of course, today, they ALL are), even, shudder, in China.

It's a titillating story, but it’s about nonsense.

Why?

Let's parse the article.

The grand conspiracy suggested between a government and a globe-straddling multinational to inject “microscopic beacons” into hundreds of thousands or millions of units of hardware is unsustainable.

China-based companies like Huawei that operate globally employ many thousands of non-Chinese, just as multinational American-based tech vendors employ thousands of non-Americans.

Infecting countless units of hardware would be too visible to too many who would clearly object.

This is why we’ve read about American service providers being wittingly (if unwillingly) compromised by the NSA, but we’ve not read the same about U.S. hardware vendors.

“Tapping” a service provider is (or was) as easy as the government telling the C-Suite and the Legal Office that they're going to do it and the company is legally obliged to allow it. A tidy, manageable (until recently) little conspiracy.

Not the same with the hardware vendors.

Indeed, what we've learned instead is that American (and foreign) hardware vendors have been “unwittingly” compromised.

A quick review of the NSA ANT catalog (linked) shows how Dell, Juniper, Cisco, Samsung, Seagate, etc. – and yes, Huawei – have had their gear exploited by the NSA.

Why the exploits?

Why not just ask these companies (at least the American ones) to implant tiny beacons?

Because, again, that is simply not a sustainable conspiracy and, once exposed, it would destroy a company’s global brand and business.

Get it?

The whole premise is nonsense, regardless of where the global vendor may be headquartered, regardless of which government may aim to compromise them.

Compromises may indeed happen, but not with the complicity of the multinational vendor - they simply have too much to lose.

For regular readers of this blog, none of this is new. Sadly, it just doesn’t go away.

So, yet again, U.S. service providers, technology partners, employees, consumers, pretty much everyone, suffers the high cost-low quality result, as opposed to the rest of the world…

Applegate: This is Not Sustainable

2016-02-19T11:31:00.001-05:00

The hoopla this week around Apple’s grand stand against the Feds’ demand that the company compromise the dead phone of a dead man (http://www.wsj.com/articles/tim-cooks-dangerous-game-1455745398?mod=e2fb) evokes a deeper and more important concern.

At first blush, this would seem a no-brainer:

Bad guy terrorist gets offed and leaves behind a pin code-protected phone which might host information important to law enforcement. Why would the maker of that phone not crack the code to enable the government to access whatever intel it might contain?

Simple answer: Because our government has demonstrated that it cannot be trusted not to leverage this particular “one-off” to abuse the privacy of any and all of us, because, well, because they can.

A sad, sad state of affairs.

It’s no surprise that our government (every government) engages in espionage and surveillance. And, to some extent, rightfully so, if appropriately controlled (a BIG if, as we have all learned in recent years).

But, as technology has advanced so rapidly over the last couple of decades, control, reason, judgement and laws have been eclipsed, leading to rampant government abuse – because, again, they can.

Ed Snowden has demonstrated time and again that our government has – perhaps unwittingly (I'm being gracious here) - been overcome by technology run amok.

Lawful intercept, review, storage, etc. have all fallen by the wayside as more and more data is gleaned via more and more arcane methods, all justified by the fear-based culture that our government has nurtured over the better part of the last two decades.

So, is it any surprise that Apple battles back against government demands to crack just this one phone?

No, not at all.

American information and communications technology (ICT) leaders are reeling in the wake of all-things-Snowden – their global sales and brands suffering as trust in their commitment to data integrity has effectively dissolved.

Apple is on the ropes. Others will be.

In the absence of trust, capitulating to this supposed one-off request might well ruin a company. And Apple knows this. Notwithstanding government assurances to the contrary, there is very little reason to believe that the one-off compromise wouldn’t become the norm, or, worse, be used by “bad guys.”

Moreover, governments around the world would almost certainly mimic the U.S. demands, as well as abuse of the output, further shaking everyday individual trust in all things digital.

How did we get here?

Governments have always engaged in what might seem unsavory activities in pursuit of the betterment or protection of society, with at times all-too-ready disregard for the rights and liberties of the governed. The general population simply didn’t know, or perhaps care.

But, today’s remarkable digital world that we have learned is subject to government abuse also facilitates heretofore unheard of transparency – no matter how much the powers-that-be would prefer certain activities to remain in the shadows, they are increasingly frustrated to manage those shadows.

But, knowing that we now know, they still just can’t help themselves. And we, post-Snowden, are very challenged to trust them.

And that’s why Cook has made his stand.

Don’t get me wrong – Cook’s not just all about our privacy, rights, civil liberties, moms and apple (sorry, couldn’t help myself) pies. I believe that he truly worries about these things, but his bottom line has to be preserving sales, particularly overseas sales.

And, in the wake of all-things-Snowden, overseas folk trust our government less than we might.

Sadly, in this context, the government’s true intent isn’t even really a factor...although they could – and should - have more carefully crafted their demands in such a fashion so as to not raise the spectre of universal compromise.

Indeed, if the Feds had simply delivered the phone to Apple with the appropriate legal authorization to crack it, perhaps we'd be in a different situation. Demanding that Apple create an entirely new version of its OS that compromises built in protections to just crack this one phone seems, uh, unreasonable, perhaps unbelievable.

Bottom line: If Apple bows to the pressure this time, they may well be effectively bowing out altogether…

This is NOT a sustainable situation. Government needs to take real steps toward restoring trust, for instance, for starters, publicly reining in defense and intelligence community activities and behaviors - particularly here in the Homeland - that have utterly abandoned the rule of law.

Government needs to rebuild confidence. Incessant fear-mongering has been the backbone of two decades of unbridled abuse of our privacy and liberties - anything and everything has been deemed justifiable, including the revoking of American rights and, yes, lives, to ensure that one or another "they"doesn't somehow prevail at something.

Until and unless trust and confidence are restored, the likes of Cook and Apple have little choice but to stand up to the powers-that-be, unless they are willing to go out of business, which hardly seems a result that would be in our best national - and national security - interest.

Safe Harbor, Jurisdiction, Parallel Construction and Pirate Radio

2015-10-06T13:54:00.000-04:00

In response (in part) to the Snowden Revelations having undone trust in U.S. companies’ ability to ensure data integrity, the European Court of Justice (ECJ) today invalidated a 15-year-old data privacy pact that allowed U.S. businesses to “legally” transfer EU citizen data across the Atlantic,

The EU's Charter of Fundamental Rights guarantees the protection of personal data. In that context, until today, under the so-called “Safe Harbor” agreement, more than 4,000 U.S. companies “self-certified” that they met EU privacy protection laws, thus qualifying them to handle EU data.

As of today, however, the ECJ rendered Safe Harbor invalid, due to, among other things, America’s global approach to digital surveillance and data collection, as well as the lack of adequate privacy protections in the U.S.

Meanwhile, related, the two-year-old Department of Justice (DOJ) case against Microsoft for refusing to surrender an individual’s data stored on a server at a Microsoft center in Ireland continues to wind its way through the U.S. legal system, with the Supreme Court the likely ultimate arbiter.

At issue: The personal emails of an individual suspected by U.S. authorities in a narcotics case.

DOJ contends that emails should be treated as the business records of the company hosting them and that a search warrant should compel access to them no matter where they are stored.

Microsoft argues that the emails are the customers’ personal documents and a U.S. warrant does not carry the authority needed in Ireland - or any foreign jurisdiction - to compel the company to surrender the data.

The Irish government, for its part, maintains that data should only be disclosed on request to the Irish government pursuant to the long standing mutual legal assistance treaty between the U.S. and Ireland.

The case would seem to be a pretty clear no-win all around:

If Microsoft prevails, the global trend towards data localization requirements will almost certainly be accelerated, at the very least undermining the efficiencies of the Cloud, at the very worst Balkanizing the Internet altogether – neither outcome being in anyone’s best interests.

If DOJ carries the day, what little trust may linger in U.S. information service providers will vanish, severely impacting their overseas business prospects and, at the same time, hindering U.S. authorities engaged in legitimate surveillance and data gathering, all the while further setting the precedent for governments worldwide to demand access to data stored in the U.S.

But it’s worse than that.

However the case may ultimately be resolved, uncertainty will reign, piled on top of the chaos echoing in the wake of today’s ECJ Safe Harbor decision, which has left thousands of companies scrambling to sustain businesses and striving for “compliance” with any number of regimes.

Worse yet, governments will not pause their surveillance and data collection. Indeed, two years of Snowden Revelations might suggest (to some) that the U.S. never really gave a fig about privacy anyway (other governments have yet to be as effectively outed, but are equally suspect).

In that context, whichever way the Microsoft case goes, the U.S. authorities who brought the case will be yet more hindered in the future in terms of “legal” access to the information they desire. So, they will do what they have already been doing: They will access the data they want in whatever manner they deem necessary.

Meanwhile, in the law enforcement realm, such illicit gathering of information may lead to the institutionalization of the process of “parallel construction,” a method by which the U.S. “exclusionary rule” which protects those accused can be circumvented to allow illegally gathered evidence to be admissible in court, severely undermining the rule of law.

(Parallel construction is already – reportedly - a popular DEA strategy: link)

At the same time, business and criminal enterprises alike may find themselves considering “Pirate Radio”-like data center services, with server banks housed “offshore” (literally or figuratively) in terms of being subject to no-one’s law enforcement or other jurisdiction, potentially threatening the rule of law (but also possibly fostering unique new business opportunities).

Clearly, while concerns related to the confluent conundrums of the Microsoft case and the Safe Harbor collapse are beyond multi-fold, the complexity of the matters involved dictate that there will also be no easy solutions.

So, what next?

Fitful and frustrating global conversations about very complex concepts - ranging from the definition of jurisdiction in a transnational world, to the harmonization of data protection and data compulsion policies, to balancing personal privacy and national security, and beyond.

The goal?

De-conflicting inconsistent data-related (and other) laws and rules across the globe to allow for fair and open and trusted market access to facilitate continued global growth and prosperity in what is an increasingly-digital and borderless world.

How hard can that be?

Summit Dust Settled; When's the Next Dust-up?

2015-10-05T11:39:00.001-04:00

With the Obama-Xi Summit a comfortable week behind us, it seems timely to dig into some of the rhetoric, particularly in the areas of cyber and national security - matters of critical importance to the global and interdependent information and communications technology (ICT) industry.

Indeed, putting an exclamation point on that critical importance, it is worth noting, that a month in advance of the Summit, on August 11, nineteen major U.S. industry and ICT trade associations wrote to President Obama seeking his strong engagement with President Xi to address growing barriers to ICT trade, and, while not specifically called out, not just in China (link to letter).

The letter appealed (very slightly edited for length):

· The U.S. and China should reaffirm their commitment to open markets, particularly in the ICT sector, recognizing the significant benefits that both countries enjoy from integration into global ICT industry value chains.

· The U.S. and China should confirm…that in pursuing measures to protect national security, they should ensure that measures affecting the ICT sector are: (i) necessary to advance a legitimate security objective; (ii) narrowly-tailored to achieve that objective; (iii) the least restrictive of open trade and competition as possible. In particular, both sides should commit to refrain from embedding in their national security laws, regulations, and policies specific requirements related to economic security that are designed to advance policies that distort markets and restrict open competition.

· The U.S. and China should agree, at the highest levels of government, to ensure that an ongoing high-level consultation mechanism exists and is dedicated to minimize any disruption to mutually-beneficial global ICT trade through the achievement of these goals.

Ah, cyber-motherhood and digital-apple pie. Good stuff.

And, thankfully – and rather impressively – the two Presidents ponied up, at least rhetorically.

Key takeaways from the Summit in terms of ICT: Both sides agreed...

· They would not “conduct or knowingly support” cyber and non-cyber-related theft of intellectual property in order to favor individual companies or sectors.

· They would provide timely responses to requests for information and assistance in addressing cyber-related incidents, and, to facilitate this, they would launch a high-level semi-annual dialogue on fighting cybercrime involving key law enforcement and security agencies on both sides.

· They would work together to identify and promote international norms for government behavior in cyberspace and pledged to establish a senior experts group to discuss these issues further.

· They would limit the scope of national security reviews, and to refrain from restricting investment/business on the basis of economic or public interest concerns.

Bravo. (Polite golf applause).

It will come as a surprise to virtually no-one that the joint announcement was met with a bit of skepticism.

An illustrative example of such sentiment (and by no means am I criticizing any one person or publication in particular), would be the September 25, 2015 article in the Hill, titled “Time for Constructive Confrontation with China” (linked).

The article, which bemoans China’s State-mercantilist approach to world trade, particularly in the IP-intensive ICT industry, and critiques the U.S. for its milquetoast engagement on such concerns, among other things states, in sum:

“In a properly functioning global trading system, countries are supposed to focus on innovating to differentiate themselves in fields where they have comparative advantages, and then trade for things that other countries are better at producing…The United States cannot wait for China's ruling officials to wake up to the error of their ways, however. It must forcefully push back… The strategy should be to put less emphasis on legalistic engagement and more on achieving tangible results…”

Damned straight. Spot on. 100% non-objectionable.

But let’s be sure to make it a two-way process.

Indeed, and specifically borrowing from the September 2015 Obama-Xi commitment to refrain from restricting investment/business on the basis of economic or public interest concerns, as well as the U.S. industry associations' plea for both sides to “refrain from…policies that distort markets and restrict open competition,” let's consider a case in point:

On June 1, 2015, the National Cybersecurity and Communications Integration Center’s National Coordinating Center for Communications (quite a mouthful), overseen by the U.S. Department of Homeland Security (DHS), distributed - across the U.S. ICT industry - an amateurish FBI document slandering China-based Huawei Technologies (my employer, as regular readers will recall).

The aptly-named FBI “SPIN” (“Strategic Partnership Intelligence Note”) document, dated February 2015, which regurgitates four pages of beyond-tired and oft-disproven misinformation, can be accessed here.

This document, prepared by the FBI and broadly circulated by DHS, is very clearly a U.S. Government initiative to very much restrict (effectively "ice") investment/business on so-called “national security” grounds. This fact-challenged document – its genesis, approval and dissemination – very obviously reflects a policy that very much “distorts markets and restricts open competition.”

Yes, China should be held to its commitments, and perhaps most efficiently in the context of “constructive confrontation.”

But, so too must a light be shined on the market-distorting, trade-restricting and – very worrisome – precedent-setting policies of the U.S. Government.

Neither side should expect to have its cake and eat it too. Any myopic attempt by either side to do so will only result in neither side delivering on their promises, preserving a status quo that is in no-one's best interest.

Challenging Cheney's "Exceptionalism" Op-ed

2015-09-13T14:36:00.000-04:00

An August 28, 2015 Wall Street Journal commentary by former Vice President Cheney popped up in my Facebook feed today, titled “Restoring American Exceptionalism.”

Citing select truths, while plucking patriotic heartstrings, the Vice President argues forcefully against the recent multilateral (U.S., UK, Germany, France, Russia, China) accord with Iran that will end decades of economic sanctions against that country in exchange for restrictions on its nuclear program.

Cheney criticizes and labels President Obama as a latter-day Neville Chamberlain, utterly ignoring that the unstable environment in which the President is compelled to operate is the direct result of the duplicitous and failed policies in large part architected by himself.

But first, in fairness, let’s acknowledge the select truths from the Cheney op-ed:

· “America has guaranteed freedom, security and peace for a larger share of humanity than any other nation in all of history.”

· “In the 1940s American leadership was essential to victory in World War II, and the liberation of millions from the grip of fascism. In the Cold War American leadership guaranteed the survival of freedom, the liberation of Eastern Europe and the defeat of Soviet totalitarianism.”

· “For the better part of a century, security and freedom for millions of people around the globe have depended on America’s military, economic, political and diplomatic might.”

· “As citizens, we have another obligation. We have a duty to protect our ideals and our freedoms by safeguarding our history. We must ensure that our children know the truth about who we are, what we’ve done…”

The Vice President is disingenuous in his promotion of that final truth. He ignores the truths of what his Administration did to our country: Waging meaningless wars, sacrificing thousands of young people to false causes, leaving hundreds of thousands more maimed, our economy weakened, our surplus drained, our national reputation and credibility badly tarnished.

For instance, in proclaiming that the President “has abandoned Iraq, leaving a vacuum that is being tragically and ominously filled by our enemies,” he declines to acknowledge that the devastation and lawlessness that defines Iraq today is the direct result of a groundless – senseless - war that he himself engineered.

Cheney’s war fundamentally demolished whatever shaky stability existed in the region at the time, facilitating the rising threats of Iran and Isis, and, we should not forget, obscenely bolstering his own personal wealth.

The Cheney op-ed goes on to make repeated references to the American “supremacy” that defined the bi-polar world that existed before the fall of the Soviet Union, steadfastly ignoring the multi-polar world that emerged in its wake, driven, in part, by the years of American-won (relative) peace and prosperity during the succeeding decade defined by the U.S.-led global Internet boom.

Instead, clinging desperately to yesterday’s concept of American exceptionalism, Cheney rejects the fundamental geopolitical realities inherent in a multi-polar world, demanding that America somehow re-birth Cold War preeminence, cramming yesterday’s two-dimensional square peg exceptionalism into today’s far more complex multi-dimensional round hole.

In this context, he blasts Obama:

“…despite the explosive spread of terrorist ideology and organizations, the establishment of an Islamic State caliphate in the heart of the Middle East, the proliferation of nuclear weapons, and increasing threats from Iran, China, North Korea and Russia, President Obama has departed from this 75-year, largely bipartisan tradition of ensuring America’s pre-eminence and strength.”

Wrong.

President Obama, in the context of the severe damage done to America’s reputation and prestige over the eight years of Bush-Cheney rule, has been working to re-establish America as a credible partner – an exceptional nation in a multi-polar world in which exceptionalism is not confined to our fifty States.

Indeed, Cheney is actually spot on when he writes:

“ As America faces a world of rising security threats, we must resolve to take action and shouldn’t lose hope. Just as one president has left a path of destruction in his wake, one president can rescue us. The right person in the Oval Office can restore America’s strength and alliances, defeat our enemies, and keep us safe. It won’t be easy. There is a path forward, but there are difficult decisions to be made and very little time.”

This is what Obama has been charged with for the last seven years. And, to some limited extent, he has achieved success. America is indeed an exceptional nation, but, in a multi-polar world, we must accept and work with peers on the global stage.

Like the former Vice President, I hope that whichever candidate prevails in 2016 can pick up and carry this standard further forward. Borrowing again from Mr. Cheney, this will be best and perhaps only accomplished if, unlike the Vice President, we “ensure that our children know the truth about who we are, what we’ve done…”

4.5G (Already?): A Contextual Primer

2015-07-16T10:30:00.001-04:00

The first generation of mobility was defined by analog voice technology as commercialized in the late 1980’s and early 1990’s, liberating voice communications, initially for the use of primarily business, government and high net-worth individuals.

The second generation of mobility, leveraging new digital radio technologies, enhanced the quality of the wireless voice experience, and introduced rudimentary messaging (SMS) capabilities. “2G” paved the way for the democratization of mobility in the mid-1990’s.

Transitional 2.5G technologies, such as GPRS (General Packet Radio Service) and the wireless application protocol (WAP) platform, were introduced at the turn of the Millennium, complementing digital voice with early mobile data, laying the groundwork for the blossoming mobile Internet experience.

Third generation mobility, so-called 3G, un-tethered the Internet in the mid-2000’s, introducing richer and faster wireless multimedia functions and services - corporate and social - heralding the evolution of the mobile phone into a mobile companion: truly handheld multimedia computers.

Evolutionary technologies like HSPA (high speed packet access) expanded on 3G. Faster networks and more through-put were naturally complemented by richer devices: faster processing, more memory, “real” cameras, location-based services, etc., enabling new business and lifestyle opportunities.

The advent of Long Term Evolution (LTE), or 4G, networks around the turn of the decade marked the realization of truly mobile Internet experiences, as envisioned at the outset of 3G, delivering what was once a fully-featured desktop-defined online experience to everyday pockets and palms.

The now emerging Internet of Things (IoT) – tens of billions of connections - will demand far more from networks, fixed and mobile alike, and with 5G technologies on a development path for realization in the early 2020’s, 4.5G technologies are being developed to meet those rapidly-developing needs.

HD video, virtual reality (gaming, shopping), distance-solutions (health, education), connected cars, wearables, and real-time-application automation, remote control and machine-to-machine interaction will be a boon to consumers and businesses alike, enabling enhanced lifestyles and productivity.

4.5G technologies under development and to-be-deployed as early as 2016 are designed for managing massive numbers of connections, all-new peak capacity, deeper and more ubiquitous coverage, all-important service continuity and lower latency, the latter essential to automation and remote control.

By 2025, it is anticipated that there will be as many as 100 billion connections reliant on wireless networks – just imagine the demands of a single smart city in enhancing quality and performance of urban services, reducing costs and resource consumption, engaging effectively and actively with citizens.

5G technologies are under development to meet such yet further network demands, as early as the turn of the next decade. In the interim, emerging 4.5G solutions will serve to bridge between current 4G networks and future 5G systems, ensuring an innovative and smooth evolutionary process.

Meanwhile, at the U.S.-China S&ED...

2015-06-26T13:56:00.001-04:00

This week, from June 22-24, senior Government officials from the U.S. and China met in Washington for the seventh round of the “U.S.-China Strategic and Economic Dialogue (S&ED).”

The breadth of the topics covered borders on mind-numbing.

As for the depth, well, they had a healthy 72 hours to cover everything from military relations to anticorruption; from law enforcement to disability rights; from counter-terrorism to humanitarian assistance; from disaster response to maritime matters; from illicit nuclear and wildlife transfers to climate change, energy, the environment and all things green; from Ebola to satellite collision avoidance; from earthquake and volcano studies to Korea, Afghanistan, Sudan, Iran, Syria and Iraq.

Thankfully, they also found some time to chat about commerce and trade-related matters, which took place within the so-called “Economic Track” of the Dialogue, led, on the U.S. side, by the Treasury Department.

Yesterday, Treasury put out a fact sheet detailing the outcomes (link: http://www.treasury.gov/press-center/press-releases/Pages/jl0094.aspx).

Let’s peek at a highlight or two.

With respect to China’s recently introduced and worrisome information and communications technology (ICT) regs in the banking sector (previously blogged about, as linked here), Treasury reported that “China committed to ensure that such bank ICT regulations will be nondiscriminatory, are not to impose nationally-based requirements, and are to be developed in a transparent manner.

Further, per Treasury, “China committed to enhance policy transparency in its governance of the ICT sector, including providing opportunities for comment on draft regulations.”

And, on a related matter, specifically so-called “national security reviews,” Treasury’s Fact Sheet offered that “we stressed our strong concerns that China’s national security review is too broad in scope, considers numerous issues that go well beyond genuine national security concerns and expressly affords third parties an inappropriate role in the review process.”

Nifty.

One can only hope that some Ministry in China will issue its own Fact Sheet confirming that the U.S. too has committed to undo its blatantly discriminatory barriers to select foreign-based ICT vendors, to reform and make more transparent its absurdly opaque development and implementation of such policies, as well as its willy-nilly use of “national security” to stymie market access and investment.

Borscht, 北京烤鸭, and Apple Pie

2015-05-19T13:56:00.003-04:00

Back in September, 2011, I blogged on a joint Chinese-Russian proposal of a voluntary International Code of Conduct for Information Security, as debuted at the 66th session of the UN General Assembly (http://www.williambplummer.com/2011/09/china-russia-et-al-propose-un-cyber.html).

Key provisions of the 2011 joint cyber proposal – which seemingly fell on relatively deaf UN ears – included commitments:

- Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security;

- Not to proliferate information weapons and related technologies;

- To endeavor to ensure the supply chain security of ICT products and services, prevent other states from using their resources, critical infrastructures, core technologies and other advantages, to undermine the right of the countries...or to threaten other countries' political, economic and social security.

- To lead all elements of society, including its information and communication private sectors, to understand their roles and responsibilities with regard to information security, in order to facilitate the creation of a culture of information security and the protection of critical information infrastructures.

As I said at the time, good stuff.

Flash forward three-and-a-half years to earlier this month when the two governments formalized their cyber-alignment with a bilateral agreement (http://blogs.wsj.com/digits/2015/05/08/russia-china-pledge-to-not-hack-each-other/?mod=rss_Technology).

According to the agreement between the two States, in terms of general principles of cooperation: The Parties shall cooperate in the field of international information security in such a way that such cooperation contributes to economic and social development, consistent with the objectives and maintenance of international peace, security and stability, and consistent with generally recognized principles and norms of international law, including the principles of peaceful settlement of disputes and conflicts, non-use or threat of force, non-interference in internal affairs, respect for human rights and fundamental freedoms, and the principles of bilateral cooperation and non-interference.

(I know, I know… This is Russia and China we’re talking about. But, let’s remember that human rights and fundamental freedoms are under increasing assault in countries like the U.S. as well).

The main cyber threats identified in the accord include “the use of Information and communication technologies:

1) To carry out acts of aggression aimed at violating sovereignty, security and territorial integrity of States and which pose a threat to international peace, security and strategic stability;

2) To cause economic and other damage, including by providing a destructive impact on the facilities of information infrastructure;

3) For terrorist purposes, including for the promotion of terrorism and engaging in terrorist activities;

4) To commit offenses and crimes, including related to unauthorized access to computer data;

5) To interfere in the internal affairs of states, to spread public disorder, incite ethnic and racial strife, to spread racist and xenophobic propaganda and theories that give rise to hatred and discrimination, to violence and instability, as well as to destabilize the political and socio-economic situation; and

6) For the dissemination of information prejudicial to political and socio-economic systems, or the spiritual, moral and cultural environment of other States.”

While, as pithily demonstrated by threats 5 and 6, the bilateral agreement is perhaps overly-focused on regime stability, there are elements that other governments might consider multi-lateralizing.

To wit: In addition to the commitment to not conduct cyber-attacks against each other, the Parties agreed to cooperate towards ensuring international information security in multiple ways, including:

- The establishment of communication channels and contacts for sharing responses to threats in the sphere of international information security;

- Cooperation in developing and promoting standards and international law in order to ensure national and international information security;

- The exchange of information and cooperation between law enforcement authorities in order to investigate cases involving the use of information and communication technologies for terrorist and criminal purposes;

- To enhance cooperation and coordination between the Parties on issues of international information security within the framework of international organizations and forums.

Meanwhile, the U.S. Government on May 14 (two weeks after the China-Russia Accord was unveiled) reminded the world of its proposed “cyber norms” via State Department testimony before a Senate Foreign Relations Subcommittee (http://fcw.com/articles/2015/05/18/state-cyber-norms.aspx).

The norms - which the U.S. Administration is reportedly pushing to have adopted by the UN - in brief, would dictate that Nation-states:

- Should not conduct online activity that intentionally harms critical infrastructure;

- Should not prevent national computer emergency teams from responding to cyber incidents;

- Should not conduct cyber-enabled intellectual property theft; and

- Should cooperate with international investigations of cybercrimes.

No doubt, the U.S. version is shorter, clearer, more definitive, and, largely, proscriptive – the latter which is not a bad thing, per se.

Nor, however, are the Chinese-Russian provisions for forward-looking and cooperative and international initiatives to establish global standards, norms and laws (concepts – cyber or otherwise - that the U.S. has historically supported).

Opportunity, it would seem, may be knocking.

Perhaps these complementary approaches might be considered together at the next meeting of the UN's "Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security" (quite a mouthful, I know, but it's gotta start somewhere).

When Worlds Align in Surprising Ways...

2015-03-24T16:02:00.002-04:00

Wildly separated by nationalities, cultures, races, generations, history, personal experiences, and more, people share certain common human emotions that unite them, such as those associated with life's diverse paths from aspiration, through struggle, to achievement and excellence.

Earlier this year, my employer Huawei Technologies launched a global corporate marketing campaign centered around a striking image from famed photographer and ballet enthusiast Henry Leutwyler. That image, featured immediately below, is both emotion- and thought-provoking.

The Huawei ad leveraging this image was the brainchild of the company’s 70-year-old Founder and CEO, Ren Zhengfei, who saw in this image a reflection of the history of the company that he founded in 1987: Aspiration, struggle, pain, hard work, harder work, achievement, and the sublime satisfaction (joy) of delivering excellence to an audience (customers).

The result:

When the ad debuted internally in January, there were a number of Huawei employees who initially reacted with some concern. The image, after all, is truly striking. Graphic.

But, however you may initially perceive the image, it makes you stop. Think. Imagine. Perhaps contemplate the challenges and rewards of any journey, whether artistic, corporate, or personal.

External reactions ranged from thoughtful reviews by marketing professionals – for instance, AdAge’s February 4 piece titled “What a Ballerina's Beat-Up Feet Have to Do With A Chinese Tech Brand” – to not-unexpected tweets from everyday folk who were, for whatever reasons, disturbed by the image, e.g. "I don't know what @Huawei does/sells, but I do know that their ads freak me out. Plz stop showing me wrecked ballerina feet. #marketingfail."

Now, flash forward a month-and-change to late March…

What do a 70-year-old Chinese entrepreneur-CEO and a 34-year-old American hip hop/R&B star have in common?

An understanding, it would seem, of the physical, psychological and emotional path from aspiration, through struggle, to achievement and excellence.

Below is a meme posted on March 21 on the Facebook page of Grammy-nominee and platinum recording artist Keyshia Cole:

The Huawei and Keyshia messages are perhaps as distinct as they are alike, but the underlying emotions are clearly aligned.

In this context, some food for thought:

In a world in which we too often find elements of our lives defined in the context of one or another “us” vs. some other “them,” we should perhaps reflect on unique, quirky - quite remarkable, actually – instances like this one in which the commonality of the human experience and human interpretation and emotion are so classically depicted.

What do a 70-year-old Chinese entrepreneur-CEO and a 34-year-old American hip hop/R&B star have in common?

They are both human beings, each uniquely gifted, each with emotions, aspirations, struggles, achievements, and, at the core of their life journeys, a common desire to experience and share joy.

Firmware Hijacked, No-one Safe… By and From the U.S. - Are we really surprised?

2015-02-16T23:31:00.002-05:00

The New York Times reported February 16, in an article titled “U.S. Embedded Spyware Overseas” (link), that Russia’s renowned and respected Kaspersky Lab has unveiled that the U.S. “Equation Group” (AKA, apparently, the NSA and DoD’s U.S. Cyber Command) have – for more than 10 years – hidden malware and spyware deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers.

Doing this has given the U.S. the means to eavesdrop on the majority of the world's computers, according to Kaspersky, other cyber researchers and, reportedly, former U.S. operatives.

Surprised? You shouldn’t be. This pot’s been calling kettles black for so long you’d have to be idiot-thick not to figure out that they were over-compensating to veil their own transgressions.

So what now, now that we have relative certainty that the entire planet’s been compromised by U.S. intelligence agencies? And, perhaps worse, they’ve been doing so in the context of accusing pretty much any and every other (other?) “bad guy” of doing the same thing while purporting to be holier than all those other “thou’s.”

But wait, the U.S. only conducts espionage to ensure our national security, not, for instance, to gather and store data on its own citizens or, ahem, to gain commercial benefit for American companies.

Nonsense.

I'll leave the former be for now, but as for the latter, while there’s no evidence - yet - to believe the U.S. has stolen intellectual property from foreign firms with the express purpose of transferring such knowledge to domestic firms, that’s – perhaps - only because the need has not yet been perceived.

But have American intelligence agencies eavesdropped on others to leverage benefits for American companies, for instance, in terms of intelligence related to the negotiation of trade agreements, etc.?

Well, yeah. Duh. And, that, yes, confers commercial advantage.

Hey, I’m an American. I get it. I understand. Indeed, I don’t oppose it, per se.

What I oppose is the utter hypocrisy of painting other kettles blacker than our pots.

Look, national governments are national governments, and spies will be spies - humankind has conducted espionage on its neighbors since the first caveperson leaned out to peer into the neighboring hole to see how the “other side” were making their fires. So let’s be intellectually honest about the whole thing.

So, before we let this latest revelation escalate us towards yet more techno-nationalist (nonsensical) market access barriers in one or another country, consider the below instead. After all, none of this is sustainable - we are risking our future, a future largely and increasingly dependent on the global and interdependent information economy.

Manifesto for a post-Cyber Future

Whereas:

- Our societies, businesses and personal lives have become ever more reliant on the Internet and connectivity, on a global and interdependent basis;

- The development of networks has helped to advance social progress. Open networks have encouraged information flow and sharing, provided more opportunities for and lowered the cost of innovation, and have helped improve the world's health, wealth and prosperity.

- Today’s interconnected world is powered by global, intertwined infrastructures built on technologies provided by a wide range of information and communications technology (ICT) vendors sourcing inputs from a vast global supplier ecosystem, enabling networks that span multiple markets;

- This complex, intertwined ecosystem is potentially vulnerable to those that wish to use technology for purposes it was never intended, to steal, corrupt, damage or disable.

- In this context, the integrity of networks and data are essential to our societal and personal well-being, and that integrity is increasingly threatened;

- Maintaining or restoring confidence in network and data security is critically necessary to maintaining and enhancing the global digital economy and our day-to-day lives as individuals;

- Governments have a responsibility to secure the networks their citizens use, and to ensure the integrity of the data within such networks, as well as legitimate law enforcement and national security obligations;

- No longer is technology designed, developed and deployed only in one country; no longer can any country or large company claim to rely on a single sourcing model;

- Physical and digital supply chains fueling the information and communications technology industry eclipse borders;

- Geography-based or otherwise “techno-nationalist” approaches to securing networks and data are inconsistent with commercial and technological realities in what has become a global and interdependent information age;

- Network security and data integrity are not single country or company issues, they are functions of how ICT products are made, used, and maintained, not by whom or where they are made, or by the relationship any vendor may have with any particular government;

- Geographic-based restrictions in any form risk both retaliation, replication and the fragmentation of global ICT supply chains, as well as undermining the advancement of global best practices and standards on network security and data integrity;

Resolved:

- States should seek to agree appropriate conventions among themselves governing acceptable behavior in cyberspace, while refraining from hyperbolic rhetoric and market-distorting policies, laws, regulations and practices in the name of “cyber” or national security;

- Governments should offer additional clarity and transparency in terms of their mandates, regulations and practices related to data monitoring, collection, processing and storage;

- Industry should accelerate initiatives to defining certifiable standards, disciplines and best practices for network security and data integrity; from product conception through research and development; from coding to sourcing; from assembly to shipment; from deployment to servicing to end-of-life.

- Public-private partnerships should cement the results, codified as appropriate, whether through international covenants or global industry standards bodies.

Pots and Kettles, Take 2: As Ye Cyber-Sow…

2015-01-30T15:55:00.001-05:00

Four years ago this week I posted a piece on the remarkably hyperbolic hypocrisy of Western governments' condemnation of Chinese export financing, titled “Export Financing: Pots and Kettles” (linked). A New York Times article two days ago (linked), which reported on a letter from a group of U.S. industry groups to the Chinese Government decrying new “discriminatory” Chinese cyber regulations, prompted me to return to the pots and kettles analogy, albeit in a different context.

The joint-associations’ letter calls for “urgent discussion and dialogue regarding the growing trend of Chinese government policies requiring use of ‘secure and controllable’ or Chinese-developed and/or controlled Internet and information communications technology (ICT) products, solutions, and services based on ‘cybersecurity’ justifications. Internet and ICT.”

The letter, specifically referring to a 22-page regulation approved by the Chinese Government late last year, outlines a number of the offending Chinese “secure and controllable” initiatives: “ICT products and services must undergo intrusive security testing, contain indigenous Chinese intellectual property (IP) (e.g., local encryption algorithms), comply with Chinese national standards, and restrict the flow of cross-border commercial data. The same policies also mandate that vendors file sensitive IP, such as source code, with the Chinese government.”

With repeated reference to the inherently global nature of the ICT industry, the letter makes very solid points, such as: “It is in the interest of the global ICT industry to work with all countries to ensure that the ICT supply chain produces secure and trustworthy products for all our customers around the world.”

Further, the letter informs: “Sovereign interest in a secure and development-friendly cyber economy is best served, in any country, by policies that encourage competition and customer choice, both of which necessitate openness to nonindigenous technologies, as well as close collaboration between industry and government in formal and informal public-private partnerships and other mechanisms.”

Spot. On.

Finally, the letter concludes, reiterating the call for a dialogue “to discuss constructive, alternative approaches toward the goal of enhanced security,” and then hammering home: “…it is of critical importance that policies be developed in a transparent and open manner with adequate public consultation; not interfere with the procurement activity of commercial entities; not discriminate or provide questionable subsidies to domestic products; and not create technical barriers to trade that are more trade restrictive than necessary.”

Damned straight.

Notably, these are not new anti-discriminatory positions for these U.S. trade groups, nor are they limited to China, indeed, they’ve been staked out quite forcefully and on multiple occasions in terms of U.S. development of similarly discriminatory policies masquerading as “cyber-security” initiatives.

In April, 2013, many of the same signatories to the recent joint association letter to the Chinese Government signed on to a letter to the leadership of the U.S. Senate and House of Representatives objecting to a provision included in Appropriations legislation which was later signed into law by the President. That provision bars select Federal Agencies from acquiring information technology (IT) systems unless ‘the head of the entity, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity’ has made a risk assessment of potential “cyber-espionage or sabotage...associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.”

The aligned industry groups warned that the provision set a troubling and counterproductive precedent that could have significant international repercussions and put U.S.-based global IT companies at a competitive disadvantage in global markets.

Further, and very, very straight to the essential point, the associations wrote: Fundamentally, product security is a function of how a product is made, used, and maintained, not by whom or where it is made. Geographic-based restrictions run the risk of creating a false sense of security when it comes to advancing our national cybersecurity interests. At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity.

Yet further, the April, 2013 letter to Congressional leadership warned – presciently – that the provision could fuel potential retaliation, stating, specifically: “The Chinese government may choose to retaliate against U.S.-based IT vendors by enacting a similar policy for screening IT system purchases in China.” More generally, the letter worried further about copycat legislation: “Governments in other countries may seek to emulate this policy, harming U.S. IT vendors who wish to sell in those markets. Similar policies are already being pursued by some foreign governments. We are concerned this provision would severely undermine the U.S. government’s efforts to contain these policies.”

Finally, the letter concluded reminding the recipients that “the global IT sector is committed to working with Congress and the Administration to consider constructive approaches that avoid geographic-based restrictions and focus instead on the appropriate and effective methods to meet our cybersecurity challenges. In the near term, we strongly encourage a meaningful bilateral dialogue between the United States and China to address cybersecurity concerns in a manner consistent with best security and trade practices.”

Great stuff (which you hear echoed in the more recent letter to Chinese authorities, excepting the bits about retaliation and copycatting, for, well, the obvious reasons…).

Then in July, 2013, TechAmerica, a signatory of both the April, 2013 letter and the more recent letter to Chinese authorities, wrote to the leadership of the U.S. House of Representatives Appropriations Committee reiterating opposition to the renewal of the offending Appropriations legislation provision

TechAmerica labeled the proposed legislation “problematic at best” and, indeed, “counterproductive,” in that it would hinder “the ability of these departments and agencies to obtain world-class, state-of-the-art technology innovation and services in a timely fashion while essentially undermining the ability of U.S. based ICT firms to conduct international trade and commerce on a level playing field by facing similar retaliatory localization measures by other foreign governments in markets critical to the U.S. commercial sector.”

Then, in September, 2014, the Information Technology Industry Council (ITI), a signatory to both the April, 2013 letter and the more recent joint industry missive to China, wrote to the Senate and House Armed Services Committees objecting to a Defense Authorization provision that require U.S. intelligence agencies to advise the Congress of every instance in which an ICT component from a company “suspected of being influenced by a foreign country, or a suspected affiliate of such a company” is competing for or has been awarded a contract related to a DoD or Intelligence network or “networks of network operators supporting systems in proximity…”

Per the ITI letter, “in short, we fear the language in Section 1083 will not help the government achieve its security objectives and could have several unintended economic and security consequences.” ITI went into great detail defining faults in the provision, under the following headings: “The language is ambiguous and many terms are not defined.” “Standing alone, a company’s activity in, or relationship with, a foreign country may not be dispositive as to whether its products or services are secure.” “There is strong potential for global backlash on U.S. ICT companies.”

In November, 2014, the Silicon Valley Leadership Group (not a signatory to any of the previous letters, but with some overlapping membership) also wrote to the leadership of the Senate and House Armed Services Committees, worried about the same provision that ITI targeted, sagely borrowing and extending language from the April 2013 letter detailed above: “Product security is a function of how a product is made, used, and maintained, not by whom or where it is made, or by the relationship a vendor has with any particular government. Geographic restrictions are not helpful to improving cybersecurity and at worst could in fact preclude an organization from procuring the best or most appropriate technologies for their mission.”

Like in previous letters from other signatories, SVLG also expressed concern for copycat initiatives: “…this approach invites retaliation against U.S. companies in global markets. Governments around the world closely watch U.S. policies, and a U.S. law (or even proposal) that would discriminate against a vendor based on its relationship with a foreign country (or government) could embolden other governments to enact similar restrictions as a condition of sale into their own markets.”

Are the new Chinese regulations copycat? Yes. Well, in many or most ways, with a couple of exceptions...

First off, the Chinese regulations are also (one might imagine, at least) a partial response to the abysmal treatment that major China-based ICTs have experienced in the U.S., such treatment defined by vague, opaque, “unwritten” policies that have served as quite effective market access barriers.

Secondly, the Chinese provisions are reportedly quite far-reaching, in terms of, such as, according to the joint industry association letter, demands for access to source code and mandatory back-doors.

But otherwise, yeah, pretty much tit-for-tat regulations.

But, there are differences in terms of implementation and enforcement, which are both infrastructural and cultural.

On the U.S. side, notwithstanding the unwritten policy referenced above, the process has been less about promulgating regulation and more about publicly debating legislation that may or may not ever become laws or rules, often as not with the Administration in cahoots with the Congress. The end result, in American culture, is practically the same. With or without enacting a law or rule, American purchasers are “chilled,” dissuaded from buying from vendors of certain geographical heritage even if only because spooked by just the specter of legislation.

The Chinese side doesn’t have the same institutional flexibility, and the culture is almost opposite.

There is no legislature to use as a sounding board and/or to broadcast the informal chill. There’s no public debate. There’s just the government, and then whatever rules emerge. However, unlike in the U.S. the rules are only sometimes enforced, and, generally speaking, ignored – not even a chill - until enforced, and consistently so.

A relevant case in point would be China’s so-called “Multi-level Protection Scheme,” introduced in 2007, which supposedly mandated that core ICT products used by Government and infrastructure companies, such as banks and transportation, must be provided by Chinese companies. But the MLPS wasn’t enforced in pretty much any way until after 2010, and then only sporadically (otherwise we wouldn’t be talking about the new regulations promulgated at the end of 2014).

So, summing up, what we have is an escalating mess. ICT leaders, whether based in the U.S., China or elsewhere, are all suffering, and will likely suffer further if the techno-nationalist trends in both and more countries persist.

How do we take this in a new direction?

Given the nature of the regime in China, it would seem unlikely that any China-based company would engage or have any success should they choose to do so in swaying the Chinese government. And a China-based company having any success talking reason into U.S. law- and policy-makers is, in my personal experience, a not-insignificant long-shot.

But, the U.S. regime does lend itself to that sort of influence, and U.S. companies are historically not shy about voicing their opinions to government (see all of the above). Maybe if the American-based companies want a change in the new Chinese regulations, they might, in a show of good faith to the Chinese authorities, unite their disparate initiatives into one and begin simultaneously championing similarly fair environments in both countries, perhaps even in the context of alignment with their China-based non-members.

Indeed, this would seem a natural threshold to a broader, more rational (commercially and technologically) global conversation about the utterly borderless nature of the ICT industry - and the critical global supply chains that fuel ICT companies - and the irrationality and ineffectiveness of national policies based on old world geographical borders that are largely irrelevant in the digitalized, globalized ICT market.

Should We Worry About a Cyber-Princip?

2015-01-23T15:07:00.000-05:00

This post resurrects a concept I initially proposed almost three years ago, the idea of borrowing from military/diplomatic history to address current and future cyber/diplomatic challenges, a concept that has seemingly become more mainstream over the last couple of years.

In March of 2012, I blogged about the potential model of the arms control treaties that emerged in and around and after the age of Mutually Assured Destruction (link). This time around, I’m going yet further back in time, but to reinforce the same idea.

At the turn of the century, 117 years ago, the world’s great powers gathered in The Hague in 1898 to discuss what would be the first true multilateral treaty focused on the conduct of warfare, the laws of war, methods of arbitration, and, interestingly, for the purposes of this post, arms control.

There were any number of reasons for the Conference, depending on your historian of choice, ranging from commercial and political fears that a Golden Age might fall to war, to a growing global pacifist movement, to Czar Nicholas II’s concern that Russia had fallen so far behind militarily that only an arms accord might freeze the gap (Nicholas convened the conference).

Whatever the case, there were not-insignificant numbers of people of influence within the major nation States that responded to the Czar’s call to assemble that were genuinely worried about the pace of development of military technology.

Indeed, from Napoleon’s war at the turn of the previous century, through the mid-century Crimean and American Civil Wars; from Britain’s colonial conflicts in Africa, to the Franco-Prussian and Spanish-American wars late in the century, it was becoming exceedingly obvious that war was becoming increasingly hellish (although few imagined the technology and mass-army inspired horror and devastation that World War I would bring a mere decade-and-a-half later).

A number of Conventions were agreed when The Hague Conference closed in 1899, ranging from arrangements related to dispute settlement and arbitration, the treatment of prisoners of war, a ban on bombardment of undefended towns, the protection of hospital ships, etc. More intriguing, perhaps, were the conventions focused on arms control, which were as much about “behavior” as anything else, in terms of managing prospective technological threats.

To wit, the “Declaration concerning the Prohibition of the Discharge of Projectiles and Explosives from Balloons or by Other New Analogous Methods,” which provided, for a period of five years, in any war between signatory powers, no projectiles or explosives would be launched from balloons, "or by other new methods of a similar nature."

And then there was the “Declaration concerning the Prohibition of the Use of Projectiles with the Sole Object to Spread Asphyxiating Poisonous Gases,” which provided that in any war between signatory powers, the parties would abstain from using projectiles "the sole object of which is the diffusion of asphyxiating or deleterious gases."

As a final example, there was the “Declaration concerning the Prohibition of the Use of Bullets which can Easily Expand or Change their Form inside the Human Body such as Bullets with a Hard Covering which does not Completely Cover the Core, or containing Indentations,” which called for signatories not to use such munitions.

As a historical note, only the U.S. (joined by the UK in terms of the “bombs from balloons” prohibition) failed to ratify these Conventions – but that is not the point of this post).

From our current vantage point and era of inconceivably rapid technological development, it is perhaps naïve, even quaint, to imagine such Conventions, which in effect were intended to somehow “govern” progress. (In fairness, any modern day perception of naïveté is arguably unfair, given that the Conference attendees were dealing with advanced warfare that was in some cases prospective and unproven, yet all the more fearsome in its strangeness).

Notwithstanding the fact that the second Hague Conference in 1907 was an abysmal failure, and the yet-more-painful fact that some of the 1899 Conventions were tossed aside once WW1 kicked off, the Hague Conference(s) and Conventions and their impetus present an interesting analogy for the not-so-dissimilar situation we face in today’s world when it comes to the militarization of cyberspace.

Without a doubt, today’s powers that be have a pretty solid understanding of the havoc they can (and do) wreak in the realm of cyber, from espionage (pick your favorite Snowden Revelation or Mandiant Report) to disruption (ala Stuxnet). At the same time, there is growing angst about the über-threat of some sort of “cyber-Pearl Harbor” or “cyber-911” or “cyber-[insert alternative bogeymonster here].”

These are very real concerns about very not-yet-fully-real cyber threats, like enemies shutting down electricity grids, crashing stock markets, crippling critical infrastructure, etc. Indeed, these are modern-day concerns quite akin to the late 19^th century worries about bombs dropped from balloons, or projectiles designed to deliver poison gas, or dum dum bullets in the battlefield (all of which came to pass).

Czar Nicholas’s initiative failed. But the model is not a bad one, in terms of managing tensions. The cyber-stage is only getting more crowded, by State and non-State players alike. To the extent that some of the tension can be defused through multilateral agreement between States, why not go there, and in an accelerated fashion as opposed to what seems a pattern of politically-gamed fits and starts.

If governments can take cyber-Armageddon off the table, then industry can more effectively (hopefully with less nonsensical political interference in what should be – largely - a technical and commercial process) work towards the more pedestrian restoration of trust and confidence in the networks that power our digital lives, and in the integrity of the data that flows through them.

If this is cyber-1899, or anything like it, then let’s get it right this time.

Let’s work to ratchet down the tension and set the right rules and limits so that if or when some latter day Gavrilo Princip hacks the National Bank of Austria we don’t find ourselves sucked into a global cyber-maelstrom from which we cannot extricate ourselves, a frightening blend of digital and physical devastation unlike anything the world has heretofore witnessed.

The President Wants Competitive Broadband. Good.

2015-01-19T15:28:00.001-05:00

Over the last year, the “network neutrality” debate has re-emerged with a vigor reminiscent of the fiery rhetoric of 2010.

While the FCC dithers on definition and incumbents battle to maintain either their freedom to tier or their freedom to “ride” (depending on the nature of the incumbent), the President last week entered the fray in a related call for more broadband competition and coverage, particularly in rural and underserved areas.

Summing up the President’s proposed initiatives, The Financial Times quoted the White House: “Every American should have options for better, faster broadband…Broadband is no longer a luxury. It’s a necessity. It’s a necessity for businesses, for families, and for our national competitiveness.”

True. Very true.

Indeed, in 2012, 2013 and 2014, the New America Foundation’s Open Technology Institute released sequential ”Cost of Connectivity” studies, reviewing the cost of consumer broadband services in 24 cities around the world. In each year, the results showed that, in comparison to their international peers, Americans in major cities such as New York, LA, and DC pay higher prices for slower Internet service.

Reports from the Organization of Economic Cooperation and Development (OECD), the International Telecommunications Union (ITU) and other public and private or public-private organizations have made similar findings.

It is widely anticipated that we will hear more about the President’s broadband initiatives in his State of the Union speech tomorrow. But, in short, what he proposed last week, with a special focus on local and community broadband, includes: Eliminating State laws which stymie local broadband competition; Expanding local public-private and R&D-oriented partnerships focused on broadband; Launching a new Commerce Department initiative called BroadbandUSA to promote deployment and adoption; Unveiling new grant and loan opportunities for rural providers; and Removing regulatory barriers and improving investment incentives.

That’s a whole lotta motherhood and apple pie. Don’t get me wrong, I’m all for it. There is no acceptable reason that the nation that once occupied the cradle of the Internet should now be camped out in a lean-to.

But let’s take a closer look at that last one: Removing Regulatory Barriers and Improving Investment Incentives…

According to the White House Fact Sheet on the President’s Broadband plans announced last week, “The President is calling for the Federal Government to remove all unnecessary regulatory and policy barriers to broadband build-out and competition, and is establishing a new Broadband Opportunity Council of over a dozen government agencies with the singular goal of speeding up broadband deployment and promoting adoption for our citizens.”

To these points, speaking in Cedar Falls, Iowa last week at the unveiling of his suite of broadband initiatives, the President said: "In too many places across America, some big companies are doing everything they can to keep out competitors…Today, I'm saying we're going to change that. Enough's enough."

True. Quite true.

Now, let’s take a moment to ensure contextual clarity: The President’s comments about competition, as well as the focus of the broadband agenda he outlined last week, as well as the general gist of the ongoing network neutrality debate at the FCC, are about the provisioning of Internet services and content.

But broadband competition takes place on multiple levels.

Last week I posted on a separate laundry list of Presidential initiatives unveiled last week (it’s that time of year) - a suite of cybersecurity-related policy and legislative proposals. The gist of my January 14 post (linked) was that the success of the proposed activities – all domestically-focused - might be limited in the absence of broader global initiatives to address truly fundamental and global challenges.

Similarly, the President’s broadband initiatives, at least as outlined last week, are also, um, “half-fast” (thanks Verizon – clever campaign, by the way), at least in terms of addressing the establishment of a more competitive market environment for American broadband.

(Regular readers, you know where this is going).

The New American Foundation, OECD, ITU and other reports on the relative cost of broadband across markets at some point or another – conscious or not – end up depicting some sort of juxtaposition of the European situation vs. the American situation.

It seems, fixed data-speeds and 4G wireless deployment schedules notwithstanding, that Europe has the lead over the U.S. in terms of the average cost of broadband to the average consumer. One reason, it would seem, is the fact that consumers, even in rural or far-flung areas, have the option to choose among broadband suppliers, which in turn forces those service providers to competitively price their offerings.

In contrast, as the President said in Iowa last week: "Tens of millions of Americans have only one choice for that next-generation broadband. So, they're pretty much at the whim of whatever Internet provider is around.”

But Europe has had the benefit of other competitive pressures as well, pressures that have had not just an impact in terms of lower cost broadband, but also in terms of more innovative broadband.

In short, Europe has been open to investment and innovative new technologies on a market-based basis, including solutions from world-leading Huawei Technologies, a $47 billion company doing business in over 170 countries, which happens to be headquartered in China.

Such competition has driven innovation and more rational, market-based pricing of telecommunications equipment across Europe, driving down costs and extending broadband to everyday consumers.

(Perfunctory disclaimer, again: Huawei is my employer, but this blog is my own, the content unvetted, uncleared by any third party).

U.S. Internet and telecommunications service providers have been routinely pressured by the U.S. Government to eschew Huawei gear, based on never-substantiated concerns associated with the company’s heritage in China, concerns which fly in the face of a very important pair of facts: 1) Huawei is deployed by nationwide service providers in virtually every OECD country without incident; 2) All of Huawei’s “Western” competitors are, like Huawei, conducting R&D, building and coding on a global basis, including in China. To the extent that such presents potential vulnerabilities, they are commonly shared across the industry.

Now, let’s look at a case study that would seem relevant to the President’s initiative to introduce more competition and more broadband in rural markets:

In October of 2012, 60 Minutes profiled Huawei (not terribly accurate, balanced or even responsible journalism, but I guess that’s a matter of one’s perspective).

During the program, the 60 Minutes correspondent interviewed the President and General Manager of a small local telecommunications carrier who communicated his goal of reaching as far as possible into rural areas, and his observation that “the new Huawei network delivers some of the fastest Internet speeds in the country.”

The carrier President told 60 Minutes that he had been pressured by “federal agents” about Huawei, pressured to buy from someone else.

In answer to a subsequent question from the 60 Minutes correspondent, the carrier President said he was upset by the visit because he “saw it as interference in our operations. If we're not able to buy the very best equipment and deploy it in an efficient manner, then everybody suffers.”

Notably, 60 Minutes concluded this segment of its program asking the obligatory question about American bidders on the project, to which the carrier President replied: “I don't know of any American companies that makes this equipment.”

The intervention featured on this particular news program was not an isolated incident. Indeed, it was an example of a pattern of behavior. It was indicative of a “policy.”

So yes, Mr. President, by all means, and in the words of the White House, let’s call “for the Federal Government to remove all unnecessary regulatory and policy barriers to broadband build-out and competition.”

All of them.

And, if for whatever reason there is someone somewhere within the Administration or otherwise that would purport that market-distorting barriers to preclude competition from select companies based on their country of heritage - in an industry that has eclipsed national borders – is “necessary,” then, in the name of the very competition the President seeks, they should be compelled to justify that finding, and publicly.

Cyber-curing what ails us will demand global remedies

2015-01-14T14:14:00.004-05:00

Earlier this week (January 13, 2015), President Obama unveiled a slew of proposed cybersecurity-related initiatives, ranging from updated cyber-information sharing legislation to empowering and re-tooling law enforcement to battle cyber-crime; from new data breach reporting requirements to a February 2015 White House Summit on protecting consumers online.

These are all laudable initiatives, indeed, necessary initiatives (although, in light of countless Snowden-unveiled tidbits over the last couple of years, I have my worries about overly-broadly better-empowering law enforcement which, in cahoots with U.S. intelligence agencies, seems to have demonstrated a frighteningly consistent pattern of abuse of such power).

But, to some extent, these proposed initiatives all miss the broader and more critical point: Cyberspace is global, borderless. And, so too, is cyber-malice. Thus, until and unless the Administration devotes similar – indeed, more forceful - attention to identifying and agreeing globally-applicable disciplines, domestic remedies such as proposed may be challenged to succeed, at least in the grand cyber-scale of things.

Yes, the proposed information sharing legislation would enable the public and private sector to better exchange information about and better analyze, understand and effectively address cyber threats, as well as better safeguard Americans’ personal privacy through the institution of stricter requirements for private companies that collect or use personal data.

Yes, modernizing the legal ecosystem to allow for the prosecution of the sale of things like spyware used to stalk or commit ID theft, as well as the criminalization of the overseas sale of stolen U.S credit card and bank account numbers, and the granting of authority to courts to shut down botnets engaged in DDOS attacks and other criminal activity, are all good and necessary things.

Yes, simplifying and standardizing existing State laws that require businesses to notify consumers of data breaches and corralling them into one Federal statute should indeed serve to both better incent businesses to upgrade their cybersecurity and, thus, better stem the tide of identity theft, financial compromise, etc.

And, yes, the proposed February 13 “White House Summit on Cybersecurity and Consumer Protection” at Stanford - which will include Administration leaders, CEOs from a range of industries, law enforcement representatives, consumer advocates and technical experts – cannot help but contribute constructively to better educating and protecting American consumers and companies.

These initiatives all seem to acknowledge the need to restore consumer and corporate trust in the networks that power our digital lives and livelihoods, as well as the integrity of the data that funnels through or resides in such networks. This is a good thing (notwithstanding that the initiatives seem to utterly ignore widespread concerns related to U.S. Government domestic surveillance, espionage, etc.).

While a “fortress America” approach to cybersecurity might be a welcome panacea for the masses, it is insufficient to deal with more global and more potentially devastating cyber-threats, whether Government-spawned malware like Stuxnet, massive-scale DDOS attacks, the theft of billions in intellectual property, or, the big fear, the disruption or destruction of critical infrastructure.

Pre-Snowden, the Administration was quite bullish on setting and enforcing global cyber norms and standards. As Snowden’s Revelations have wreaked havoc on America’s cyber credibility, the U.S. seems to have hunkered down, shying away from the lead on global solutions, and, by virtue of that seeming withdrawal, to some extent actually perpetuating global insecurities and vulnerabilities.

This week’s White House announcements were heartening, and, hopefully, will lead to an improved State of the cyber-Union, as well as some level of restored confidence in the integrity of networks and data. However, these initiatives are but domestic pieces of a much bigger global puzzle, the completion of which should remain of the highest priority to U.S. authorities if the domestic initiatives are to be truly meaningful in the long-term.