John Strand and Roslyn Layton have followed the policy discussion of the security of Chinese-owned information technology since 2005. Its collected reports and analysis are available here and on ChinaTechThreat.com. Creating transparency can embarrass companies and governments, and Chinese-owned firms do not like to be called out for anything less than stellar behavior. Chinese-owned firms such as Huawei like to create a narrative where they can be compared with the listed companies from the US, EU, Japan and South Korea.
All the same, it is difficult to obtain documentation from Chinese-owned firms about their ownership, board of directors, and so forth. It is the job of a free press and free inquiry to bring difficult issues to the public’s attention, particularly when they involve national security and personal safety. We have asked many difficult questions of these companies and the Chinese government. Following is summary of some of complaints from Huawei, Lenovo, and Lexmark about our reports and our response.
Huawei
When we published The real cost to rip and replace Chinese equipment from networks, we sent it to over 50 key persons at Huawei who requested the report. None of these executives within Huawei came back to us to address the report. At an event hosted by the Danish Business Authority in Copenhagen on October 10, 2019, Vice President Of Public Affairs & Sustainability, Xukun Ji, said to John Strand that there were many factual mistakes in the report. John requested her to list the mistakes in an email, but neither Ji, nor any of the other persons at Huawei who have received the report, have responded.
We have also asked many questions of Jakub Hera Adamowicz, EU Media and Communication Manager at Huawei’s Brussels office. He has not been able to answer our questions regarding Huawei’s relationship with the Chinese government and were told to pose the questions to the Chinese government.
Lenovo
CTT’s report Stealing From States: China’s Power Play In IT Contracts was featured in the Washington Times article Chinese tech in U.S. funnels data to Beijing’s intelligence services. In response, Lenovo’s Andrew Barron said the report was full of “misstatements, inaccuracies and innuendo.” He noted, “Lenovo’s history of customer-focused innovation, including recognized industry leadership in product design and development, incorporating the highest degree of safety and security is well known… Our commitment to product security and data privacy compliance, across every one of the over 180 markets where we do business, is unquestionable. We welcome the opportunity to discuss the facts surrounding our practices and track record in these important areas at any time.”
CTT observes that Lenovo does not name a single specific misstatement, inaccuracy, or innuendo. ChinaTechThreat.com will be happy to update the report if a factual error is brought to our attention.
If Lenovo was secure, it would not be banned for use by the US Air Force, Navy, Department of State, and other federal entities. That the company continues to contract with state and local entities reflects the challenge of US policy to address and secure networks. US law and jurisprudence allow some freedom for US states to make commercial decisions. In performing this research, ChinaTechThreat learned that many state procurement officers were not aware of the risks in buying Chinese-owned technology and China’s Intelligence Law which mandates the transfer of data to China. The vulnerabilities of Lenovo products are noted in the National Vulnerabilities Database as well by as multiple security firms.
Lexmark
In the same Washington Times article, Lexmark’s Sherlyn Manson, director of global communications, said that Lexmark is a vendor in good standing with the U.S. government and criticized CCT’s report.“ Lexmark’s top priority is security and we are troubled by the many inaccuracies and mischaracterizations contained in this report…“Our customers can rest assured that our products are secure. Lexmark is an American company founded and headquartered in Lexington, Kentucky, in 1991…Our investors have no operational control over the company. We protect our customers and partners with a holistic, systematic approach to cybersecurity, and we have earned multiple industry and government security certifications that affirm its security policies and procedures.”
CTT observes that Lexmark cannot be in good standing with the US government if it has been banned by one of the largest agencies of government, Social Security Administration (SSA) which has a $1 trillion annual budget. The SSA banned Lexmark because of the risks its poses to hundreds of millions of Americans and their sensitive, personal, and financial data.
Lexmark has not named a single, specific inaccuracy or mischaracterization in CTT’s report. If there is a factual mistake, CTT will correct it.
Lexmark may have been founded as a US company in 1991, but it was bought by Chinese government investors in 2016. The notion that Lexmark’s investors have no control over the firm would probably be news to the investors. Ownership of a firm is conducted precisely to effect control over its operations—that is the very definition of a corporation.