Skip to main content

International firms caught in China's security Web

By Kevin Voigt, CNN
August 24, 2012 -- Updated 0403 GMT (1203 HKT)
File photo of online police officers in Shenzhen, China.
File photo of online police officers in Shenzhen, China.
STORY HIGHLIGHTS
  • Group: Chinese police have required some foreign firms to install Internet monitoring devices
  • Companies in Beijing, Hebei and Shandong risk having their internet cut if they don't comply
  • Would allow police to monitor company internet traffic for 'illegal activity'
  • Analyst: Device could be used to spy on foreign companies for industrial espionage

Hong Kong (CNN) -- A group representing international companies in China has warned members that police in Beijing, Hebei and Shandong have required international firms to purchase Internet monitoring devices or risk having their connections cut.

The Quality Brands Protection Committee (QBPC), a group aimed at safeguarding intellectual property rights in China, sent an email to its 216 members late last month warning of the police visits, saying it "would cause serious concerns from our members."

The emailed alert, copies of which were provided to CNN, raise particular concerns for international businesses operating in China because many companies often use private networks that allow employees to skirt China's so-called "Great Firewall" of censors. But, based on the QBPC alert, it appears firms in some areas are being asked to install a device within their private systems to track all internet activity-- and that information must be made available to police, looking for "illegal activity."

"It has come to our attention that three of our QBPC members reported that local police units in Beijing, Hebei and Shandong approached them, forcing two members to purchase Internet security software from the police designated suppliers," wrote Ron Davis, chairman of the QBPC membership services committee, in the email obtained by CNN.

"Reportedly, if they failed to do so, the police threatened to cut off their Internet connection and fine them."

Another QBPC member company received a questionnaire from the local police unit asking about its Internet security measures, according to the QBPC email. "Given that if the local PSB (public security bureau) initiative were carried forward, it would cause serious concerns from our members, we are attempting to determine if any of our other 200-plus member companies have faced this same situation or know other member companies who have," Davis wrote.

Gu Kailai found guilty of murder
Gu Kailai's death sentence suspended
China's 'rumor hunters'
China cracks down on 'coup rumors'
Apple supplier progress in China
History clouds China-Japan island dispute

The email doesn't detail which companies were targeted. The QBPC membership represents a broad swath of international firms with operations in China, including technology companies like Apple, Nokia and Emerson, consumer product makers such as Anheuser-Busch, Procter & Gamble and Colgate-Palmolive, and automotive companies Toyota, Audi and Volkswagen AG. Time Warner, the parent company of CNN, is also a member.

Davis has confirmed that he sent the email obtained by CNN. A spokesperson for QBPC said, so far, the group has received 15 replies from its members. Three member companies were asked by police to install internet logging equipment and two reported police requests to inspect their internet security measures. The others reported no contact from police.

QBPC wouldn't name the members who were approached. "The three companies are in different industries," the spokesperson said. "Based on the members' response, it seems the police visits are isolated incidents." QBPC has reported the incidents to the Ministry of Commerce and "had informal discussion with various departments of the MPS (Ministry of Public Security)."

Thomas Parenty, an information security specialist and former employee of the U.S. National Security Agency, said the devices could be used to spy on foreign companies and creates industrial espionage concerns.

"From an information security perspective, something like this in place in a company's network could be used for exploratory attacks into the network itself," Parenty said. "It's a Trojan horse that fits in a computer rack.

"If you're concerned about IP (intellectual property), you might as well roll up your tents because it's essentially game over," Parenty said.

Copies of Shandong province police orders provided to CNN require companies to purchase the equipment from one of two equipment providers, Netbox Info-Tech and Shanghai Pronetway. Shanghai Pronetway could not be reached for comment. When CNN called Netbox's sales center in Jinan, the capital of Shandong province, a man who identified himself as Zhao-- but declined to give his full name or position-- said the company is cooperating with the Shandong Public Security Bureau and providing devices to cities around the province.

Zhao said many Chinese companies have received police notifications and have purchased the equipment, including a number of foreign joint venture companies, but he declined to name them.

The Shandong order notes that businesses "are often used to disseminate pornography and superstitious information, online fraud and gambling, or used by hackers to jeopardize national security and people's interests."

Companies reached by police "must install the Internet Security Censor Managing System, and connect with the Public Security Bureau's server and make sure all the data collected is uploaded accurately to PSB's system so the PSB will be able to prevent and control the illegal information," the order says.

International companies aren't the only ones in the spotlight. The Beijing police order includes government offices, clubs, hotels and company offices. CNN surveyed Chinese companies in a neighborhood surrounding Tianhua Road Police Station in Beijing, one of the stations that issued the Internet surveillance order. Staff members at the Beijing Jin Jiang Fu Yuan Hotel told CNN that they were told by police to purchase Internet monitoring equipment. An owner of a photo studio in the area said in June she was asked to attend a police meeting on Internet security, but was not asked to purchase surveillance equipment.

It's a Trojan horse that fits in a computer rack
Thomas Parenty, information security specialist

Shandong and Beijing police didn't respond to interview requests. Police in Heibei and Changsha, which have issued similar orders, also didn't respond to CNN interview requests.

CNN also contacted China's Minister of Public Security, which oversees local police departments nationwide and has a role in internet security. They said they had received faxed questions from CNN and would look into it.

Word of the Internet monitoring order comes as China prepares for its 18th National Congress of the Communist Party, scheduled in the latter half of this year. Beijing will select its new party leadership to guide the nation forward. The country has seen public security officials step up moves against dissent ahead of the congress, such as the summer crackdown on illegal expatriates living in Beijing, closure of web sites and the suspension of China's major microblogging sites for several days earlier this year. The sites closed were "punished for allowing rumors to spread" of a coup attempt in Beijing, state-run media reported at the time. The rumors spread after the shocking March dismissal of Communist Party politburo member and Chongqing party chief Bo Xilai. His wife, Gu Kailai, was found guilty of murdering a British businessman and received a suspended death sentence on Monday, though she'll likely be jailed for life.

Three years ago, international businesses and Chinese netizens led a successful fight to stop content filtering software "Green Dam Youth Escort" from being required on all computers sold in China. International chambers of commerce and other trade groups decried the filtering plan, which was marketed as a means to protect young online users from pornography, but criticized for leaving businesses vulnerable to cyber attacks.

In 2000, the government stepped back from laws restricting importation of encryption software that would have banned Web browsers such as Microsoft Explorer, which include encryption functions. In 2004, the government backed down on developing its own wireless Internet standard when Intel threatened to ban sale of its chips in China as a result.

CNN's CY Xu contributed to this report

ADVERTISEMENT
ADVERTISEMENT