USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

148 Reg comments Got Tips?

US secretary of state Mike Pompeo has announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).”

Pompeo’s announcement names the Communist Party repeatedly but doesn’t identify any other malign actor. It outlines the following five initiatives, which we’ll try to analyse as we go along:

  1. Clean Carrier: To ensure untrusted People’s Republic of China (PRC) carriers are not connected with US telecommunications networks. Such companies pose a danger to US national security and should not provide international telecommunications services to and from the United States.

The USA has for years alleged, without detail, that kit from Huawei and ZTE poses a threat to national security, while at the same time allegedly using the NSA to compromise products from the likes of Cisco to facilitate espionage. Now the nation appears to be saying that allowing Chinese carriers to connect calls to the USA is also a risk.

It’s entirely possible to route voice and data traffic to the USA through non-Chinese entities, so this shouldn’t discomfort Chinese residents who want to call the USA, but may hurt Chinese carriers as they try to build international carriage businesses.

On to the next part of the plan.

  1. Clean Store: To remove untrusted applications from US mobile app stores. PRC apps threaten our privacy, proliferate viruses, and spread propaganda and disinformation. American’s most sensitive personal and business information must be protected on their mobile phones from exploitation and theft for the CCP’s benefit.
China v USA

China slams President Trump's TikTok banned-or-be-bought plan in the US

READ MORE

Google and Apple are already reasonably vigilant about what lands in their app stores. The proposal lacks detail on whether they would be required to apply extra scrutiny, or impose a blanket ban on apps from certain sources. The point about spreading disinformation is a bit rich given that state media from other nations does likewise and several of President Trump’s own statements have a strained relationship with facts.

Mobile apps are the next item Pompeo proposes to address.

  1. Clean Apps: To prevent untrusted PRC smartphone manufacturers from pre-installing – or otherwise making available for download – trusted apps on their apps store. Huawei, an arm of the PRC surveillance state, is trading on the innovations and reputations of leading US and foreign companies. These companies should remove their apps from Huawei’s app store to ensure they are not partnering with a human rights abuser.

This one sounds a lot like a re-enforcement of the existing ban on Google letting Huawei have its apps. The Trump administration has not championed human rights with the same frequency and vigour as its predecessors and the president himself has reportedly endorsed China’s actions against the Uighur people.

The human rights reference appears therefore to be a way of saying that China’s values, which today include pervasive state surveillance, represent a threat to human rights. The Trump 2020 campaign is making a contrast between the USA’s democratic values and China’s system of governance a big part of its pitch.

China's expanding clouds have not been embroiled in geopolitical messes so far. Pompeo's next point changes that.

  1. Clean Cloud: To prevent US citizens’ most sensitive personal information and our businesses’ most valuable intellectual property, including COVID-19 vaccine research, from being stored and processed on cloud-based systems accessible to our foreign adversaries through companies such as Alibaba, Baidu, and Tencent.

This point repeats the oft-denied allegation that Chinese firms are compelled to and regularly share client data with government authorities.

It also comes as Alibaba created services designed specifically to help scientists use its AI for COVID-19 research. It’s also worth noting that by naming Alibaba, Baidu and Tencent, the administration is effectively placing them in the same category as Huawei, the only other firm named in Pompeo’s pronouncement.

Pompeo's last point is:

  1. Clean Cable: To ensure the undersea cables connecting our country to the global internet are not subverted for intelligence gathering by the PRC at hyper scale. We will also work with foreign partners to ensure that undersea cables around the world aren’t similarly subject to compromise.

Physical intercepts of undersea cables are occasionally alleged, but devilishly hard to prove given they take place in deep water. Perhaps the administration is referring to other means of siphoning traffic from undersea cables.

Pompeo’s statement ends with a call for “our allies and partners in government and industry around the world to join the growing tide to secure our data from the CCP’s surveillance state and other malign entities.”

“Building a Clean fortress around our citizens’ data will ensure all of our nations’ security.”

One last thing: Pompeo's Tweet embedded above mentions a five-point plan but then lists a sixth - "Clean Path" - that has not been explained. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020