But as Roslyn Layton writes at Forbes, we can’t neglect a massive threat hiding in plain sight – the ubiquity of Lenovo equipment in state government and private sector IT systems. Approximately 900 U.S. municipalities and states use Lenovo products today. That’s a problem, Layton says, because “Lenovo is a textbook example of China’s techno-nationalist strategy to leverage its global companies for military gain.” It also has a long track record of abusing user security and privacy. As retired General James “Spider” Marks has written:
“Lenovo has unmitigated access to millions of Americans’ personal information. This should raise red flags, given the company’s history of security and privacy abuses. Lenovo’s Watch X sent user locations to a server in China without their knowledge; its Superfish adware installed in hundreds of thousands of computers allowed third-parties to spy on browser traffic, resulting in a settlement with the Federal Trade Commission; security researchers found that its Adups mobile data mining software o could collect personal data without consent. There are other examples that should give potential buyers pause, not just for the chance that sensitive information falls into the hands of third parties, but that the Chinese government obtains and exploits it.”
Founded in 1984, Lenovo is the brainchild of the Chinese Academy of Sciences (CAS) – the Chinese-government’s crown jewel institution of scientific research. CAS, has extensive ties to the Chinese military and pumps out research to that end, still owns a portion of the company through a network of holding companies designed to obscure the fact that the Chinese government has a say in the company’s business.
- What are U.S. states doing to address the Lenovo threat?
- What is the U.S. government doing to close loopholes that Lenovo can exploit to sell its equipment to the federal government?
- Why should a known security threat like Lenovo, in which CAS has a significant ownership stake that it tries to hide through subsidiary entities, be allowed to operate freely inside the U.S.?
The computing division of CAS was just added to the U.S. government’s Entity List in December. Lenovo should be next up.