The Snowden
revelations may very likely mark the beginning of the end of "knowing" corporate
complicity with government espionage.
That’s a
powerful statement. But I think it is an
inevitability.
It's
funny...I work for Huawei, a $35 billion China-based multinational technology
company that has suffered remarkable discrimination and market access barriers
in the U.S. due to concerns that Huawei product might somehow be compromised and
used for espionage by the Chinese Government.
The concern
has always been prospective, given that there has never been any proof of such past
or current activity.
Indeed, until the
Snowden revelations, U.S. Government concerns about Huawei were a bit
confounding. I mean, Huawei’s a multi-billion
dollar company doing business across the globe, including in every free-market
democratic nation allied with the U.S. Had everyone else been hornswoggled?
Post-Snowden,
it's been all too clear what prompted the concerns.
American companies had been compromised by
their government to support espionage, at home and abroad, and, so, the natural
assumption was that other governments were similarly penetrating companies
headquartered in their countries.
There
very well might be some truth to this, particularly in terms of state-owned
companies.
However, contrary
to popular (American) belief, not all companies in China are State-owned or
controlled. Indeed, there is an
increasing number of China-headquartered companies like Huawei which are
private. A company like Huawei that is
doing 70% of its $35 billion in business outside of China would have to be insane to
risk that business by knowingly allowing its product to be subverted by any
government.
One would
think that the same would have been the thought process of U.S.-based technology giants. We have learned, in the wake of Snowden, saying "no" was seemingly not an option.
Okay, as
Americans, facilitating our government’s legitimate need to gather intelligence
must be in our best and patriotic interest, no?
Perhaps. But at what cost? Our technology
leaders, which, wittingly - albeit by most accounts unwillingly - compromised their
gear and networks per Government dictate are now suffering in global markets due
to their compromise having been exposed.
Ironically,
Huawei – notwithstanding unsubstantiated accusations otherwise – has never been
asked, directed or otherwise been compromised or wittingly penetrated by any
government.
Whatever the
case, there is a growing and global crisis of confidence in the information and
communications technology (ICT) industry and the security and integrity of
networks and data.
China is investigating compromised American companies and
the U.S. maintains its political-protectionist blockade of China-based network
equipment companies. Brasil talks of a domestic
Internet while India considers banning U.S.-based email service providers and
Deutsche Telekom markets “Email made in Germany” as an alternative to
penetrated U.S. providers.
Balkanization,
fragmentation, regionalization…call it what you want, but it’s not in anyone’s
long-term interest. The ICT industry has
blossomed over the last two decades in large part because of globalized scale
and transnational innovative ecosystems and supply chains, digital and
physical. Confidence and trust must be
restored before 20 years of progress is undone.
And, lacking
a significant course-correction, the impact will be most harsh on U.S.-based
companies. The damage thus far is not unduly severe, but the impact of potential boycotts of perceived-to-be-compromised American companies will almost certainly have an increasing and adverse economic impact
in the U.S.
Sacrificing an industry that the
U.S. helped drive to global success is an absurd cost for whatever espionage benefit may have been
derived.
Moreover, "knowing" corporate complicity in government espionage is not sustainable because,
as we have all now learned, once the corporations have been outed as
compromised, they cease to be a reliable source of information if they are
shunned by consumers of their goods or services.
Somehow or
other, it worked until Snowden. It won’t
work anymore.
Governments
will not stop spying on each other, nor on the peoples and businesses of the world, including
within their own borders. This is a
given. But, industry – and everyday
citizens - need to stand up and reject legal or regulatory regimes that compel
the private sector to facilitate wholesale government data collection,
monitoring, analysis, storage and misuse or outright abuse.
This will not happen overnight.
While that
dialogue takes place, there should be three simultaneous conversations in three
separate but interrelated realms.
Service
providers and data managers must take a leadership role in driving the legal
and regulatory course-correction referenced above, and in that and a future more
protected information environment context, they should be required to divulge
to consumers (enterprise or individual) the type of information they might share with Governments and in
which appropriate and legal contexts.
In terms of
the nuts and bolts and software of network infrastructure, vendors should come
together to define independent third-party (including Government) certifiable
standards and best practices to better secure products and solutions –
hardware, firmware and software - spanning supply chains, and from ideation to
end-of-life.
Finally,
Governments need to agree among themselves a framework for acceptable behavior
in the ether. Espionage is a
given. But commercial espionage and, of
greater concern, disruptive or destructive cyber-activities should be defined,
discouraged and punished under mutually-agreed terms and conditions.
Again, none
of this will happen overnight.
But, just starting the dialogue - rather than having
consumers wallowing in fear and governments and industry vainly denying the
obvious – should at least, to some extent, mellow the ongoing crisis of confidence,
and, equally important, derail the fragmentation of the global Internet and ICT
industry.
No comments:
Post a Comment