1-in-5 Fortune 500 companies still use risky Chinese tech after U.S. ban
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.
Some U.S. companies may be violating a federal law, the so-called anti-Huawei rule, that went into effect in August to protect against Chinese spying threats.
Basically, any company that wants to sell products or services to the federal government must certify that it’s not using equipment or services from five Chinese tech firms: Huawei, ZTE, Hytera, Hikvision, and Dahua. (The exact terms are contained in Section 889, Part B, of the 2019 National Defense Authorization Act and a related “interim rule” that features additional guidance.)
But the government-blacklisted tech is widely embedded across corporate America. At least 1-in-5 Fortune 500 companies have devices potentially subject to the ban on their I.T. networks, says Expanse, a cybersecurity firm that scans the public Internet for signatures of the connected devices companies are using. (Anything on a private network or behind a corporate firewall is excluded from Expanse’s view.)
The equipment found through the survey ranged from web cameras and digital video recording systems (38% of all the Chinese-made devices detected) to W-Fi access points (21%) to core routers (11%) to building control systems, firewalls, VPNs, and web servers (30%). Expanse did not reveal identities of the companies, citing security reasons.
I personally viewed a half dozen login screens for such potentially risky devices originating everywhere from major U.S.-based research universities to healthcare and financial firms to airports. Here are two examples, scrubbed of identifying details, also for security reasons.
Screenshot of a login screen for a Huawei-linked device hosted by a North Carolina-based research university. Foscam cameras run on chips made by HiSilicon, a Huawei subsidiary.
Screenshot of a login screen for a Hikvision camera on the public network of a Fortune 500 healthcare company based in Pennsylvania.
The risk the U.S. is trying to ward off with its ban is Beijing forcing Chinese tech companies to abuse their access to I.T. systems to spy or steal American data and intellectual property, says Tim Junio, Expanse’s cofounder and CEO, who just agreed to sell his company to cyber-giant Palo Alto Networks for $800 million.
“The optics are not great” that so many companies are still using government-barred technology wide out in the open, says Matt Kraning, Expanse’s chief technology officer, of his team’s findings.
If companies fail to disclose their use of banned Chinese tech when applying for federal contracts, they could be breaching the law, whose penalties could include criminal and civil liabilities related to fraud or negligence. (Companies can request two-year waivers or special exemptions from the offices of the Director of National Intelligence.)
“A lot of large companies, particularly if they’re multinationals, are struggling because they will have ZTE hotspots and they do have Huawei servers in their server farms,” says Angela Styles, a partner at the Washington, D.C., law firm Akin Gump, who coauthored a blog post about the new law in August. The pain is particularly acute for overseas offices, especially in Asian countries, where Chinese tech is often deeply rooted in the telecom networks of local internet service providers, she says.
The new Section 889 rules are “indicative of a new approach the federal government is taking to protect its supply chain,” says Townsend Bourne, who leads the aerospace, defense & government services team at law firm Sheppard Mullin. “I think we’re going to see more of this” scrutiny applied to the geopolitical risk factors associated with particular companies, she says.
In other words, expect the U.S. government increasingly to force businesses to make a choice. “You can either do business with the Department of Defense, or you can do business with places like Huawei,” as Kraning puts it. “You can no longer do both.”
iPacking heat. The Santa Clara County district attorney's office charged Thomas Moyer, Apple's head of global security, with bribery after a two-year investigation. Moyer allegedly promised the Santa Clara Sheriff's office 200 iPads worth $70,000 in order to secure concealed weapons permits for four employees. The permits were being intentionally "withheld" from the Apple team, the prosecutors said. An Apple spokesperson said the company "found no wrongdoing" in its own investigation of the matter.
I spy with my private eye. In other Big Tech global security organization news, Vice obtained dozens of leaked documents from Amazon's internal intelligence unit. The reports show how closely the e-commerce leviathan tracks warehouse workers' union-organizing efforts, including by employing private investigators from spy-for-hire agency Pinkerton. An Amazon spokesperson said the security group strictly aims "to help keep our employees, buildings, and inventory safe."
Hot wheels. A Belgian security researcher discovered a way to hack a Tesla Model X—and speed off into the sunset—using vulnerabilities in the vehicle's wireless entry system. Lennert Wouters, the would-be grand thief auto, alerted Tesla about his findings in August. The carmaker told him it would begin to roll out over-the-air software fixes this week. Asked for comment about the incident by Wired, a Tesla spokesperson said...nothing! Tesla axed its PR office in Oct.
Snap out of it! Not to be outdone by Twitter's "fleets," and a month after it released music-integrations, Snapchat is copying more features from popular rival TikTok. The vanishing-video app debuted a feed, called Spotlight, where people can scroll through popular "snaps." To juice use, Snapchat said it will pay the most viral creators a share of a daily $1 million prize through the end of the year. Meanwhile, intensifying bids for digital advertising dollars by TikTok and Snapchat do not bode well for perennial foe Facebook.
The Bye Area. More tech CEOs are decamping from San Francisco post-COVID. In addition to the departure of big-time Silicon Valley investor Keith Rabois, news I broke here last week, others are on their way out. Dropbox CEO Drew Houston and Splunk CEO Douglas Merritt have bought houses in Austin, Texas, where they plan to plant roots, and the co-CEOs of corporate card startup Brex are relocating to Los Angeles, The Information reports.
Putting the "super" in "super-spreader."
In the worldwide race to develop and distribute a COVID vaccine, who is looking out for poorer countries? One answer: Bill Gates, the Microsoft founder turned philanthropist and public health crusader. In a praise-showering profile, the New York Times calls Gates "the most powerful—and provocative—private player in global health," and sheds light on his particularly influential role in this still-unfolding drama.
The head of one of the world’s largest vaccine manufacturers had a problem. Adar Poonawalla, chief executive of the Serum Institute of India, needed $850 million for everything from glass vials to stainless steel vats so he could begin producing doses of promising coronavirus vaccines for the world’s poor.
Mr. Poonawalla calculated that he could risk $300 million of his company’s money but would still be more than a half-billion dollars short. So he looked to a retired software executive in Seattle.
Autonomous delivery startup Gatik raises $25 million in Series A funding by David Z. Morris
The dealmakers embracing the chaos by Lucinda Shen
(Some of these stories require a subscription to access.Thank you for supporting our journalism.)
ONE MORE THING
Plato believed the world was composed of five elements: earth, air, water, fire, and aether (or star stuff). The ancient Greek philosopher associated five geometrics shapes—the so-called Platonic solids—with these foundational building blocks. Turns out he may have been onto something. A Hungarian mathematician and a U.S. geophysicist published a paper earlier this year showing that terrestrial fragmentation tends toward the cuboid, on average—just as Plato said. Learn more about this odd, semi-mystical scientific finding in this delightful Quanta Magazine article.
A bullish sign for the upcoming Roblox IPO, no doubt.