Showing posts with label technology. Show all posts
Showing posts with label technology. Show all posts

Tuesday, January 1, 2019

Why Chinese government spying is the scariest sort: an explainer

I'm in the US for the holidays, and a segment came on some silly morning show (they're all silly) about how China is "revolutionizing" shopping and payment through cell phone payment apps at a far higher rate than the US. Or, as the silly hosts of this silly program described it, "China is decades ahead of the US in shopping technology".

And I made a remark about how that's actually terrifying, because the Chinese government watches essentially everything you do on your cell phone in China, and can and will use it against you. They don't even try to hide it. That everyone I know who is knowledgeable about cybersecurity in any way uses a second dummy cell in China for all of the apps there that come packaged with nasty spyware.

The person I was watching the program with looked duly horrified - after all, the silly segment by that silly host on that silly TV show was making China out to be this amazing technological wonderland of the future (the tone was similar the one taken in this article, but if anything less critical). What I was saying was totally at odds with that.

She came back with "you know, I'm sure the US government does that too, we just don't know about it."

Sure. I mean...kinda. But it's not at all the same thing. I don't blame her for her reaction, by the way - when your exposure to current affairs in China comes entirely from Western media, and mostly Western media that is uncritical about China but highly critical of domestic affairs, interspersed with ads for Shen Yun (with no context whatsoever pointing out that a.) the Chinese government hates them, which is great but also b.) that they are owned by a wealthy cult-like religious organization which is not great), then this would be your natural reaction.

But there is a world of difference, and it's important to know why.

I'm going to come at this from a non-expert, non-academic, non-technical point of view. If you want detailed, professional analysis go somewhere else. I've noticed, however, that the average non-expert finds these issues too dense and daunting and typically doesn't read or fully understand them. Hell, I can't claim to fully understand them (this, for example, is barely readable to me despite being highly important). Instead, I'm hoping to tackle this in a way that helps the average reader comprehend what is so terrifying about China's government surveillance, in particular.


"But the US government does the same thing!" 

This is an issue in that the US government does have some unsettling rights to surveillance and data under the Patriot Act. I don't like it either, and I've had it and other surveillance programs affect me three times that I know of, including having to sign something that allowed the US government to monitor one of my bank accounts in Taiwan, and being unable to open a new IRA in the US.

So, yes, it's creepy and horrible. Please don't categorize me as a defender of the actions of the US government.

But. But! This is really not on the same level as what the Chinese government does.

For reasons explained below, it's doubtful that the US government is directly intervening in what private businesses do, forcing them to put spyware into their devices or app/online offerings. They're not using what data they do collect in the same way as China, and while maddeningly opaque and bureaucratic, the very fact that the US is a democracy with certain freedoms of expression and information means it is still more transparent than China.

Oh yeah, and say what you will about who is watching what you do online, but the US government isn't going to disappear you because you said something online that they don't like. Even if you make suspicious purchases or phone calls, or visit certain sites, you might find yourself detained or questioned, but you won't be disappeared in an unmarked van.

No, you won't. Don't give me any conspiracy theory nonsense. But in China this is a real thing



"The US government could just be putting spyware in our phones too!" 

Maybe. Somehow, though, I doubt it.

As far as I'm aware, the US government doesn't "own" (or have some sort of control over) the various tech companies that make our stuff. The US government can't tell Apple, Google, Paypal, Venmo etc. what to do the way the CCP can tell Huawei, Xiaomi, ZTE, Baidu and Alipay what to do. It's an open secret - if it's a secret at all - that Communist Party members and officials have a controlling stake in those Chinese companies and they almost certainly do have those companies install spyware and other backdoor access to data in their products.

It is not clear at all that the US has the same thing, and I doubt they do.

The US media, for all we deservedly criticize it, is pretty good at rooting out this stuff, investigating it and exposing it in detail. We know that Donald Trump committed tax fraud thanks to an in-depth investigation by the the New York Times, to give just one example.

If the US government were ordering Apple to install spyware into their phones, or ordering Google to have government spyware installed on everyone's phone with every download of the Chrome app, while those companies would certainly not be transparent about it (seeing as they're not transparent about much), it would still likely break in the media eventually. Criticize it all you want - I do! Push the media to be better. But it's a lot better and a lot freer than in many places, including China.

If anything, you should be scared that the Chinese government, not the American government, is putting some scary things into products by non-Chinese companies. Though it's perhaps less likely as they don't actually control these companies, most of the production takes place in China and some of the components of these products are designed/produced by Chinese companies, so it's still a real possibility.


"But the US monitors our financial transactions and punishes us too, through credit scores!" 

I don't care for credit score companies either. I understand why some institutions would want a heads-up as to how well or poorly you are likely to be able to pay your bills from them, but the way scores are calculated is not nearly as transparent as it needs to be, and in some ways is unfair.

However, most developed countries have some form of credit score system, and the effects are not as far-reaching.

In China, the social credit system being developed will operate on such a greater scale than any credit scoring system that the two can't be seriously compared. A bad credit score might make it hard to get a credit card or loan (or, if it's bad enough, a bank account), and you may be denied a visa to go abroad by that country's embassy, but it won't stop you from buying flight or train tickets or from getting a passport. China eventually willEven articles trying to downplay the threat are unconvincing. It is very real, and it's the outcomes, not the details, that matter.

Even if the US government is spying on us in the same way and to the same degree that the Chinese government spies on their citizens (and, possibly, us) - which they almost certainly are not -  a system designed to force you to be a "good citizen" is not the outcome and nobody is talking seriously about building one.

If that were to change (and in the Trump era, who knows?) we still have ways of fighting back that Chinese citizens do not. We can still speak openly about it. Journalists can investigate and publish stories. If nobody will publish your story you can publish it yourself (and who knows, you might go viral or at least show up in search results). We can file lawsuits against the government. We can vote the bastards out of office. We can push for better legislation. We can take to the streets. We can fundraise for a series of legal moves, lobbying and awareness campaigns that aim to change the way things are. It's hard to do, but it is possible and, most importantly, all of this is legal.

In China, none of it is. In China, you have no recourse. You can't protest, you can't sue, you can't raise money for these causes, you can't easily investigate (nothing is transparent enough for you to be able to do so - there is no Freedom of Information Act), and you can't vote in any meaningful way.

Also, in the US, it is still possible to exist (though with difficulty) without giving the government access to a lot of your data. You don't need to use any apps that you don't want to, and you can still (mostly) pay in cash for things. In China, I hear time and time again that it is impossible to keep in touch with people without WeChat (a social media app that definitely funnels information to the government, and every expert I know says likely comes packaged with all sorts of spyware quietly downloaded on your phone) or Weibo (same). You can't hail a taxi without a WeChat-related app, and may not even be able to buy anything at department stores or go out to eat.

It's becoming impossible to pay for things in China without some sort of phone payment app like WeChat Pay or Alipay. Taxis will upcharge you to an insane degree, and some places won't take cash at all. You can't function in China without signing up for these payment apps, meaning you cannot exist somewhat anonymously in even the simplest ways. In the US, you still can.


"But Facebook and Google collect our data too!" 


They do, and that sucks. And the data seems to be mostly used for selling ads. Even though, if I have to see ads, I'd rather see ones that might interest me, I don't really want companies to refine how well they can target me to convince me to spend my money through psychological means that I often find deceptive. That said, I can and do ignore them. It is possible to not buy. You can not pay attention to ads or fake news targeted at you (another way that our data was problematically used). You can ignore memes (I do), check sources (I do), and think critically about what you are reading and seeing, where it comes from and why it appeared on your news feed or in your search results. I do.

That data is not being handed to an autocratic government (the US has many flaws, but it is not an authoritarian state. China is) to build a massive social credit system that you can't opt out of and that you can't ignore the way you can a shitty ad or lizard-brain meme. You can choose not to use any apps you don't trust in the US, and you can choose not to believe or pay attention to dodgy things targeted at you.

And we know that data is not being handed over for the same purposes, and we know the US government doesn't control these companies, because if it were, there would be no reason for Google or Facebook executives to testify before Congress.

You don't have any of those options in China, and there is no need (from the government's perspective) for either testimony or transparency. You know why.


"If you have nothing to hide, then you have no reason to fear!" 

Yeah okay um...who determines whether you have nothing to hide? You, or the horrible government that is monitoring you? Who decides if you've done nothing wrong - them or you?

Do you really trust them to agree with you that you have done nothing wrong? All the time?

What happens when you do have a complaint with the government? A legitimate complaint that is nonetheless not allowed? What if your complaint is that they disappeared your daughter, forced you to have an abortion, or expropriated your house without compensation? What if you took a trip to Taiwan and realized that the situation there was completely different from what you'd always been told, and simply wanted to say that honestly? What if you had an 'undesirable' friend who was not a model citizen like you, but you'd known them since childhood, cared about them and knew them to be a good person? What if the only way to boost your own social credit score was to disavow this friend? What if that person wasn't your friend but your brother, or mother? What if merely calling that person from your compromised phone put them in danger?

Even if you'd been a model citizen up to that point, what happens when suddenly you are faced with this choice?

Don't even get me started with "I have nothing to hide."

Friday, October 5, 2018

Taiwan's Future Hinges on the Little Things

Here are some things I am not an expert in:

Military/defense
Tech
Arms sales
Intelligence
A lot of other things
Most things, actually

But an interesting theme - to me, the non-expert, at least - seems to run through several Taiwan-related news items that touch on these topics these days.

We have the always-great Tanner Greer, writing about how Taiwan can win a war with China. Sure, China's got a bigger army, a bigger budget, a bigger country, and is all around just bigger. But in order to actually win a war with Taiwan without getting trapped in a protracted battle (or before help for Taiwan can arrive), Greer argues that it would need to take Taiwan and strong-arm the population into docility within two short weeks.

That's a very small window of time, and it is not at all clear that China could accomplish it.

What stands in China's way?

The places where the PLA could land in Taiwan amount to a few beaches on the west coast. None of them are friendly to incoming assault.



There are only 13 beaches on Taiwan’s western coast that the PLA could possibly land at. Each of these has already been prepared for a potential conflict. Long underground tunnels—complete with hardened, subterranean supply depots—crisscross the landing sites. The berm of each beach has been covered with razor-leaf plants. Chemical treatment plants are common in many beach towns—meaning that invaders must prepare for the clouds of toxic gas any indiscriminate saturation bombing on their part will release. This is how things stand in times of peace.

As war approaches, each beach will be turned into a workshop of horrors. The path from these beaches to the capital has been painstakingly mapped; once a state of emergency has been declared, each step of the journey will be complicated or booby-trapped. PLA war manuals warn soldiers that skyscrapers and rock outcrops will have steel cords strung between them to entangle helicopters; tunnels, bridges, and overpasses will be rigged with munitions (to be destroyed only at the last possible moment); and building after building in Taiwan’s dense urban core will be transformed into small redoubts meant to drag Chinese units into drawn-out fights over each city street.


Each of these hurdles is a very small thing, but strung together, each one buys Taiwan a little more time, getting it a little bit closer to that two-week window in which the war stops being a certain victory for China and becomes a massive quagmire. It is to Taiwan's advantage, not China's for this to happen. If China overwhelms Taiwan and pushes on it a tense, authoritarian 'peace', the bombings will stop. But Taiwan will be finished. There will be no fighting back - only dying. If you thought the White Terror was bad, wait until you see what China is capable of. Oh wait, we already know.

Taiwan's weapons for fighting back are comparatively small, but they could have a huge effect on how such an invasion would go.

Here's another thing that's small - the latest arms package to Taiwan. But Michal Thim proves that it's not the size that counts, it's how you use it:


On the face of it, the content of the latest arms sale does not look particularly concerning to Beijing. The total size of the sale is much less than the US$1.4 billion approved last June....

However, the content of the sale is not the most crucial aspect, although its utility to Taiwan’s air force cannot be overstated. The fact that the sale is just about supply and logistics suggest a change in attitude on the US side.

First, the items were approved on a continuing basis and as needed and available. Second, the Trump administration has not only moved from large bundles every few years to sales on an annual basis, but it may also indicate a move away from bundling orders altogether.

In the past, and especially during Barack Obama’s two terms, the US government came across as too accommodating in trying to navigate relations with Taiwan in a way that would not upset Beijing, and Chinese leaders seized on every opportunity to capitalise.

The result was that arms sales to Taiwan were bundled into large packages and separated by long periods of no activity, though the ever-growing military capability of the PLA warranted a response via robust arms sales, as presumed by the Taiwan Relations Act of 1979. Something as routine as a supply of spare parts under the logistics agreement became subject to political considerations. Now, Washington may be returning to normal.


Small sales with big impacts. Arms sales on a continuing basis and not bundled into large packages, offered fairly rarely, which China throws a fit about each and every time, are in fact not as good a deal for Taiwan as sales on an as-needed, always-available basis. Nobody - not even China - can keep up the screamy outrage for that long. The more the US sells to Taiwan regularly, the less often China can "raise tensions" (then pretend those tensions rose by themselves, like magic) over it.

Well, actually China probably can do that. But nobody can keep the media's attention with its screamy outrage for that long, and that's really what matters here. If China cries alone in a forest and nobody is there to hear it, did it ever really cry at all?

Also, BOO to South China Morning Post for completely mangling a perfectly good shot at a dirty joke in their overly prolix subheader, and read the whole article to hear about how Europe is entering the Taiwan arms game. Also a small thing with a big impact: the more people we have ensuring that Taiwan can defend itself, the better. The sale may be small but the precedent it sets is huge. 


Here's an even smaller thing: Chinese companies have been hiding chips that enable them to hack into systems around the world into tech they manufacture: 



Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.


It doesn't take a tech expert to see that this is terrifying, and Jordan Robertson and Michael Riley lay out why:



In the three years since the briefing in McLean, no commercially viable way to detect attacks like the one on Supermicro’s motherboards has emerged—or has looked likely to emerge. Few companies have the resources of Apple and Amazon, and it took some luck even for them to spot the problem. “This stuff is at the cutting edge of the cutting edge, and there is no easy technological solution,” one of the people present in McLean says. “You have to invest in things that the world wants. You cannot invest in things that the world is not ready to accept yet.”



Tiny chips, massive problems. If this is what is being found in the US, imagine how much of Taiwanese telecommunications and other digital activities and information China has access to.


There are also small things like port terminals to consider. It seems odd that after a Chinese takeover, the Taiwanese government would allow terminals in Kaohsiung port previously controlled by a small shipping company (Orient Overseas) to be transferred to Chinese-owned Cosco. 

When Chinese state-owned shipping line Cosco Shipping Holdings unveiled a $6.3 billion deal to buy smaller competitor Orient Overseas (International) last year, Orient's ownership of port terminals in the U.S. and Taiwan appeared to pose a potential regulatory obstacle.

Port ownership by Chinese state companies has become an increasingly sensitive topic globally as Beijing's Belt and Road Initiative spurs concerns about whether their control could be leveraged for security purposes.


Given deepening confrontations between Beijing and both Washington and Taipei over a range of issues, it looked doubtful that Cosco would be allowed to take over the assets of Hong Kong-based Orient Overseas at Kaohsiung, Taiwan, and Long Beach, California, near Los Angeles.

On July 7, Cosco and Orient Overseas, better known under its operating brand OOCL, said that U.S. regulatory approval had been secured, with the condition that the Long Beach terminal be put into a trust and then sold. Cosco then announced the completion of its takeover on July 27, with no mention made of Kaohsiung.

While there have been no public statements, it is evident that OOCL retains control of its terminal at Kaohsiung, Taiwan's busiest port. OOCL's name remains on signage there and staff in Kaohsiung say nothing has changed.


What happens to those terminals when China grows more hostile toward Taiwan (as it likely will), or otherwise throws a conniption over Taiwan's simply trying to exist? How does it affect Taiwan's economy? 

I don't know, but that people who know these things say it matters means we ought to be paying attention. These terminals may barely register as small pearls in China's massive BRI pearl necklace encircling the world, but they could, in the coming years, matter quote a lot for Taiwan. 

People think big: they think about big bombs, big invasions, big armies.

But the war for Taiwan - and for liberal democratic values in the face of an increasingly expansionist China - isn't going to be won by earth-shaking missiles or massive regiments invading by sea.

It will be won by things as small as a gauntlet of booby traps starting in the Taiwan Strait and ending in Taiwanese cities, as small as whether Taiwan is able to maintain its defensive capabilities with rolling arms sales from the West, or whether we're all laid bare by hidden microchips as small as a number carved on a penny.

When it comes to ensuring a future for Taiwan, in some ways, think small.

Little end note: I just quoted a bunch of really smart men. Everything they say is worth listening to, but really, all men. You probably didn't notice, but I did. Where the ladies at?