USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

US secretary of state Mike Pompeo has announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).”

Pompeo’s announcement names the Communist Party repeatedly but doesn’t identify any other malign actor. It outlines the following five initiatives, which we’ll try to analyse as we go along:

  1. Clean Carrier: To ensure untrusted People’s Republic of China (PRC) carriers are not connected with US telecommunications networks. Such companies pose a danger to US national security and should not provide international telecommunications services to and from the United States.

The USA has for years alleged, without detail, that kit from Huawei and ZTE poses a threat to national security, while at the same time allegedly using the NSA to compromise products from the likes of Cisco to facilitate espionage. Now the nation appears to be saying that allowing Chinese carriers to connect calls to the USA is also a risk.

It’s entirely possible to route voice and data traffic to the USA through non-Chinese entities, so this shouldn’t discomfort Chinese residents who want to call the USA, but may hurt Chinese carriers as they try to build international carriage businesses.

On to the next part of the plan.

  1. Clean Store: To remove untrusted applications from US mobile app stores. PRC apps threaten our privacy, proliferate viruses, and spread propaganda and disinformation. American’s most sensitive personal and business information must be protected on their mobile phones from exploitation and theft for the CCP’s benefit.
China v USA

China slams President Trump's TikTok banned-or-be-bought plan in the US


Google and Apple are already reasonably vigilant about what lands in their app stores. The proposal lacks detail on whether they would be required to apply extra scrutiny, or impose a blanket ban on apps from certain sources. The point about spreading disinformation is a bit rich given that state media from other nations does likewise and several of President Trump’s own statements have a strained relationship with facts.

Mobile apps are the next item Pompeo proposes to address.

  1. Clean Apps: To prevent untrusted PRC smartphone manufacturers from pre-installing – or otherwise making available for download – trusted apps on their apps store. Huawei, an arm of the PRC surveillance state, is trading on the innovations and reputations of leading US and foreign companies. These companies should remove their apps from Huawei’s app store to ensure they are not partnering with a human rights abuser.

This one sounds a lot like a re-enforcement of the existing ban on Google letting Huawei have its apps. The Trump administration has not championed human rights with the same frequency and vigour as its predecessors and the president himself has reportedly endorsed China’s actions against the Uighur people.

The human rights reference appears therefore to be a way of saying that China’s values, which today include pervasive state surveillance, represent a threat to human rights. The Trump 2020 campaign is making a contrast between the USA’s democratic values and China’s system of governance a big part of its pitch.

China's expanding clouds have not been embroiled in geopolitical messes so far. Pompeo's next point changes that.

  1. Clean Cloud: To prevent US citizens’ most sensitive personal information and our businesses’ most valuable intellectual property, including COVID-19 vaccine research, from being stored and processed on cloud-based systems accessible to our foreign adversaries through companies such as Alibaba, Baidu, and Tencent.

This point repeats the oft-denied allegation that Chinese firms are compelled to and regularly share client data with government authorities.

It also comes as Alibaba created services designed specifically to help scientists use its AI for COVID-19 research. It’s also worth noting that by naming Alibaba, Baidu and Tencent, the administration is effectively placing them in the same category as Huawei, the only other firm named in Pompeo’s pronouncement.

Pompeo's last point is:

  1. Clean Cable: To ensure the undersea cables connecting our country to the global internet are not subverted for intelligence gathering by the PRC at hyper scale. We will also work with foreign partners to ensure that undersea cables around the world aren’t similarly subject to compromise.

Physical intercepts of undersea cables are occasionally alleged, but devilishly hard to prove given they take place in deep water. Perhaps the administration is referring to other means of siphoning traffic from undersea cables.

Pompeo’s statement ends with a call for “our allies and partners in government and industry around the world to join the growing tide to secure our data from the CCP’s surveillance state and other malign entities.”

“Building a Clean fortress around our citizens’ data will ensure all of our nations’ security.”

One last thing: Pompeo's Tweet embedded above mentions a five-point plan but lists a sixth - "Clean Path" - which was announced in April 2020 and aims to "secure data traveling on 5G networks into U.S. diplomatic facilities overseas and within the United States." ®

Broader topics

Other stories you might like

  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading

Biting the hand that feeds IT © 1998–2022