Lawmakers don’t just want to muscle Chinese telecom giants Huawei and ZTE out of doing business with the federal government. They’re also ratcheting up pressure on private organizations to sever ties with the companies, which they say help Beijing spy on Americans.
In a sharply worded letter to Google this week, lawmakers from both parties called on chief executive Sundar Pichai to rethink a long-standing partnership with Huawei in light of repeated warnings from the U.S. intelligence community that the company could use its products as a conduit for state-sponsored espionage.
A separate letter this week from an even larger group of lawmakers called on Education Secretary Betsy DeVos to press dozens of academic institutions for information about research relationships they’ve forged with Huawei. The lawmakers warned that Huawei could use its access to the U.S. education system to collect intelligence.
The missives mark an escalation in the bipartisan effort to purge the Chinese telecom companies from doing business with the United States, showing that lawmakers are willing to reach beyond legislation to make that happen. Coming amid a chaotic fight over the Trump administration's separation of immigrant families, it’s also further evidence that GOP lawmakers are willing to buck President Trump on high-stakes issues they consider worthwhile.
Sen. Tom Cotton (R-Ark.), one of the lawmakers leading the charge, wants Google to “stop doing business with Huawei entirely,” according to a spokeswoman. And it shouldn’t end there, she told me: Other companies “should follow suit and terminate any relationships they have with Huawei and ZTE.”
In their letter to Google, Cotton and several other members of the House and Senate say they're concerned about Google’s “strategic partnership” allowing Huawei, the world’s third-largest smartphone maker, to run a version of its mobile operating system on its devices. They cite recent congressional testimony from the Trump administration’s intelligence chiefs urging Americans not to buy products from Chinese telecom companies because they could be used to eavesdrop on citizens or even disrupt mobile networks.
“We want to make sure companies are aware of what Huawei, ZTE and, by extension, the Chinese government, are capable of and aim to do in regards to harming and undermining U.S. national security and U.S. businesses,” said a spokeswoman for House Intelligence Committee member K. Michael Conaway (R-Tex.), who co-wrote the letter.
Google told Reuters in a statement that it didn’t provide special access to user data as part of the partnership with Huawei and said it was looking forward to responding to the letter.
A bipartisan group of 26 lawmakers is raising similar concerns in their letter to DeVos. They say Huawei’s Innovation Research Program, which provides funding to more than 50 universities in the United States, could undermine U.S. leadership in innovation and technology. The letter says DeVos should investigate the partnerships and order the universities to turn over details about their relationships with Huawei.
“China is using Huawei to position themselves to steal American research,” Sen. Marco Rubio (R-Fla.), who organized the letter, told my colleague Josh Rogin. “They are using so-called ‘research partnerships’ with over 50 American universities to exploit the openness of our schools.”
Social media organizations have come under congressional scrutiny, as well. Sen. Mark R. Warner (D-Va.) is examining whether Facebook allowed Huawei and ZTE to access user data, and earlier this month asked Twitter to turn over information about any data-sharing agreements it has with Chinese telecom companies. He made the same request of Google’s parent company Alphabet.
Fears that Huawei and ZTE pose national security risks are nothing new. Congressional investigators and intelligence officials have warned for years that Chinese telecom companies essentially operate as arms of the Chinese government. They claim that their access to U.S. communications infrastructure could allow Beijing to conduct espionage against Americans and American companies, steal trade secrets, hack sensitive computer networks and even help China wage cyberwar. Huawei and ZTE deny they do the Chinese government’s bidding.
But lawmakers have rallied against the companies with growing fervor in the weeks since Trump announced he would ease crippling penalties on ZTE for violating trade sanctions against Iran and North Korea.
Bipartisan legislation sponsored by Rubio, Warner and others would reinstate the punitive actions from the Commerce Department that threatened to put ZTE out of business and prohibit the U.S. government from purchasing or leasing telecommunications equipment from ZTE and Huawei. Just this week, the Senate passed the measure as part of the massive defense policy bill.
But administration officials are fighting to keep Trump’s deal with ZTE intact. As my colleague Karoun Demirjian reported this week, Commerce Secretary Wilbur Ross has made multiple trips to the Capitol to plead the administration’s case with congressional Republicans in attempts to convince them to drop the provision before a final defense bill is approved by Congress.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Homeland Security Secretary Kirstjen Nielsen on Thursday said the Trump administration wants perpetrators of cyberattacks to face consequences and suggested that previous administrations responded with “complacency” to hacking incidents. “For so long we've had these attacks, it's taken us over a year to attribute in some cases, then we attribute it and nothing happens,” Nielsen said at the Capitol Hill National Security Forum. “So this is one of those areas where deterrence has to be clear. We will no longer stand by while nation-states attack the government or our private sector entities.”
Nielsen also said cyberthreats are “ubiquitous,” and “hyperconnected” societies are all the more vulnerable to cyberattacks. “We’re way past the ability to prevent all attacks or to protect against them,” she said. "It’s no longer a question of if or when, but how long and how often can you withstand an attack?” This also means that everyone with Internet access can help thwart cyberattacks, according to Nielsen. “Truly it’s that hygiene, that basic patching, basic changing your passwords,” she said. “Don’t download things. Don’t open attachments from those senders that you don’t know. Those really, truly make a big difference. That’s about 80 percent of the attacks we see still come in that way.”
PATCHED: Tesla called a former employee a saboteur. The man said he is a whistleblower instead. Here is the latest on that story from The Washington Post's Drew Harwell: “Hours after Tesla sued its former employee on charges he had stolen company secrets, and days after chief Elon Musk had called him a saboteur, the Silicon Valley automaker made a startling claim. The company had received a call from a friend of the employee, Martin Tripp, saying he would be coming to Tesla's Gigafactory battery plant in Nevada to 'shoot the place up,' according to a Tesla spokesman.” Tripp told Harwell that Tesla's claim that he was threatening to open fire at the factory is “absurd! Insane is a better word.”
The former employee said he acted as a whistleblower over safety concerns about Tesla's car batteries. “Tesla's lawsuit, filed Wednesday in a Nevada federal court, accuses Tripp of hacking the company's computer systems in order to steal confidential photos and video of Tesla's manufacturing systems and other trade secrets,” Harwell writes. “The suit also accuses him of giving false information to journalists, being 'disruptive and combative' in the workplace and attempting to rope other co-workers into his scheme.”
PWNED: The biggest voting machine vendor in the country for years has cajoled state and local election officials to be part of an “advisory board” that meets twice a year at conferences across the United States, according to a McClatchy investigation by Greg Gordon, Amy Renee Leiker, Jamie Self and Stanley Dunlap. “As many as a dozen election officials attended the March 2, 2017 Las Vegas meeting, with a number of them accepting airfare, lodging, meals and, according to one participant, a ticket to a show on the Strip from their voting systems vendor, Nebraska-based Election Systems and Software (ES&S)," Gordon, Leiker, Self and Dunlap report. “Two other panel members said their state election boards paid for their trips.”
Virginia Canter, chief ethics counsel at the Citizens for Responsibility and Ethics in Washington, told McClatchy that the relationship between the vendor and the public officials raises ethical questions. “This is a massive promotional opportunity for ES&S,” Canter said. “It’s highly inappropriate for any election official to be accepting anything of value from a primary contractor. It shocks the conscience … I think it compromises their integrity.” Gordon, Leiker, Self and Dunlap report that Kathy Rogers, senior vice president for governmental affairs at ES&S, defended the advisory board as “immensely valuable in providing customer feedback.”
— More cybersecurity news from The Post and around the Web:
— Former National Security Agency contractor Reality Winner has reached a deal with prosecutors and plans to plead guilty, the Associated Press's Kate Brumback reports. Winner was charged with leaking classified information to a news organization and initially pleaded not guilty. A change of plea hearing has been scheduled for Tuesday, according to the AP. “Winner is a former Air Force linguist who speaks Arabic and Farsi and had a top-secret security clearance,” Brumback writes. “She worked for the national security contractor Pluribus International at Fort Gordon in Georgia when she was charged in June 2017 with copying a classified U.S. report and mailing it to an unidentified news organization.” The charges against Winner were unveiled after the investigative news site the Intercept published a report based on a top-secret NSA document.
— The Trump administration says it wants to address a shortage of cybersecurity professionals in the federal government. The White House Office of Management and Budget said in a report issued on Thursday that “the manner in which departments and agencies recruit, hire, train, retain, and compensate cybersecurity personnel varies by agency. This uneven approach has created internal competition for talent, which in turn creates disparities and discontinuities that degrade agencies’ ability to defend networks from malicious actors and respond to cyber incidents.” The report laid out the administration's plan to overhaul the federal government.
— More cybersecurity news from the public sector:
— A group of engineers at Google refused to work on a security feature to help the company secure military contracts, Bloomberg News's Mark Bergen reports. “The act of rebellion ricocheted around the company, fueling a growing resistance among employees with a dim view of Google’s yen for multi-million-dollar government contracts,” Bergen writes. “The engineers became known as the 'Group of Nine' and were lionized by like-minded staff.” The engineers in Google's cloud division declined to build an air gap because they thought the tech giant should not be involved in military projects, according to Bergen. It is unclear whether the company abandoned the endeavor or simply postponed it.
Additionally, Google has faced discontent from its staff recently over its involvement in a program with the Pentagon to use artificial intelligence to analyze drone video. Facing concerns from employees, the company decided to end its participation in Project Maven when its contract expires in March next year. After this episode, Pichai, Google's chief executive, said the company will not use artificial intelligence to develop weapons or for other projects that would aim “to cause or directly facilitate injury to people.” But Pichai also said Google won't stop working with the military. “We want to be clear that while we are not developing AI for use in weapons, we will continue our work with governments and the military in many other areas,” he said in a blog post this month. “These include cybersecurity, training, military recruitment, veterans’ healthcare, and search and rescue.”
— More cybersecurity news from the private sector:
— A prosecutor in Greece brought murder charges Thursday in the case of a telecom executive who died before a wiretap scandal broke out in the country in 2005, the Associated Press reports. “A software hack was used to monitor calls of then-Prime Minister Costas Karamanlis as well as dozens of senior political and military officials,” according to the AP. “No one has been named responsible for the wiretapping following subsequent investigations.” Costas Tsalikidis's death was initially considered a suicide. Greek authorities will now seek to find who was responsible for the death as the murder charges were brought against unknown perpetrators, the AP reported.
— More cybersecurity news from around the world:
- BSidesPGH conference in Pittsburgh.
- Cyber Security for Defense conference in Alexandria, Va., on June 25 through June 27.
- Two House Science subcommittees hold a hearing on artificial intelligence on June 26.
- The Council on Foreign Relations holds a discussion on the future of data privacy on June 26.
- Tennessee Digital Government Summit in Nashville on June 26.
- The New York City Bar Association organizes a panel discussion on the legal challenges from the Internet of Things in New York on June 26.
- SIA GovSummit in Washington on June 27 through June 28.
The unanswered questions after Trump's immigration executive order:
Late-night laughs: Melania Trump's jacket has everybody talking:
Deputy shatters car window to free trapped bear: