INTERVIEW: Pact threatens information security: expert

Sun, May 25, 2014 - Page 3

Liberty Times: The pact has faced opposition from every front. Despite the National Communications Commission’s (NCC) assurances that only three academics have opposed the move to allow investment for second-category telecommunications, more than 700 academics have petitioned against the pact on the grounds that it would threaten national security. How do you view this issue?

Lee Jung-shian (李忠憲): If it were not for the Sunflower movement bringing the subject to the nation’s attention, I would not have been tempted to take a peek at the actual contents of the pact and would not have discovered the great dangers hidden within.

[According to the pact,] the parameters of investment [made available to Chinese] do not stop at second-category telecommunication; they include computer hardware installation, software execution, data processing, establishment of data archives, etc.

In terms of construction, the pact allows Chinese to invest in construction of base stations and the optic fiber network.

In short, the pact gives Chinese investors access to information technology construction and establishment at every level imaginable.

Researchers of mathematics and electrical engineering tend to confine themselves to their laboratories, and the academics who started the petition to draw the government’s attention had not expected more than 30 supporters to sign up.

The involvement of [petitions signed by] experts at technology giants such as Cisco, Microsoft, Intel, IBM and the Industrial Technology Research Institute in the expression of concern over potential national security risks were quite unexpected.

LT: Government bodies including the NCC say that only three services from second-category telecommunications are being made available for investing, all of which are isolated systems affecting corporate clients more than civilians. How do you view these claims?

Lee: The government’s claims show either a lack of professional knowledge or deliberate attempts to downplay the situation.

What we call second category telecommunications refers to the advanced service by entering into contracts with Chunghwa Telecom and using basic Internet services.

To use a simple analogy, second category telecom service providers, such as Arcoa and Aurora, are like cars on the highway (which are the first category communications) and offer services to the public.

One does not need to destroy the highway to stop traffic because simply detonating one of the cars, or causing a car to “drive” erratically, is enough to cause a bottleneck or paralyze the entire system.

For example, the fire in the mainframe room of Chief Telecom, a subsidiary of Chunghwa Telecom and holder of a second-category telecom permit, last year caused Internet services across the nation to go down for hours.

The term “second category telecommunications” includes a broad range of services such as banks, medical facilities, the Electronic Toll Collection system, online railway ticket purchasing systems, and even household registration systems.

These systems were made with public service in mind, and if their Internet service providers (ISP) were to change to Chinese investors, it is the public’s information security that is put at risk.

Computerized commercial services would also be made available for Chinese investment, such as information processing and the establishment of data archives.

Imagine a scenario where the National Taxation Bureau, the National Health Insurance Administration, and the railway online ticketing systems were all contracted to Chinese-invested companies.

It is worrisome to imagine that China would know more about the exact wealth and health of President Ma Ying-jeou (馬英九) than Taiwanese.

Even more worrying is the fact that according to the UN standards for free-trade agreements, the construction of base stations and fiber optic network are also included in the parameters for allowing foreign investment.

Not only are we faced with the potential risks of leaked information and paralysis of our networks, [as] base stations can be triangulated, Taiwan would be placed [in the center] of one big surveillance web.

LT: How do you view Hon Hai Precision Industry Co chairman Terry Gou’s (郭台銘) call for the government to use Huawei Technologies Co’s products for the establishment of 4G base stations in light of this problem?

Lee: Some are worried that the corporations have greater influence over the government than academics, as evidenced when the government brushed aside the warning of 600 academics in a joint petition, but then paid great attention to a corporate mogul.

Some see this as a sign that corporations are beginning to force the government to do their bidding.

It is known internationally that Huawei has a strong People’s Liberation Army (PLA) background, and red flags have been raised across the globe concerning the company.

A US congress report had warned that equipment from Huawei, ZTE and other such Chinese companies may pose harm to core US national security assets, and the US has limited the import of Chinese equipment.

The US has even reached out to allies such as South Korea and stopped their use of Chinese equipment.

The Australian government has also barred Huawei from participating in the establishment of Australia’s national broadband network.

It is clear that Huawei has ulterior motives as it is a non-listed private company with the ability to enter the information and communication markets of other countries with low prices.

[It is understandable that] telecommunication owners in the country want to enter the 4G market with low overhead costs, but information and communication systems are linked to national security and civilian information security; and so the promise of lucrative business may instead become a political tool to be used by China.

Gou has described equipment as “knives” and said it was the “wielder of the knives” that mattered. I wish to remind the telecom sector that “the blade can turn and harm its wielder.” [Modern-day] network equipment can interact intelligently and be remotely updated. They hold too many back doors, secrets and potential for viruses.

LT: The commission and Minister of Science and Technology Simon Chang (張善政) claimed that once information security could be managed, an appropriate amount of Chinese investors and equipment can be allowed inside the country. Do you feel we can manage complete protection of our information technology?

Lee: Government officials do not have the ability to guarantee [full protection] and are therefore spouting meaningless phrases.

I once participated in a governmental information technology security evaluation project to help the government standardize security requirements in microchip products.

The commission, the Ministry of Economic Affairs and project members had arranged for a tour in Germany to aid in our decision, but we discovered that 100 percent protection of information technology was simply impossible.

An example is that many routers manufactured by renowned international brands have seen wide use for many years before potential “backdoor” security risks are discovered.

Google Inc, Chang’s former employer, backed out of Chinese market due to repeated hacker attacks and the suppression of freedom of speech over the Internet in China.

The Presidential Office’s Web page had been hacked by student hackers, and the Far Eastern Electronic Toll Collection Co could not prevent its system from being hacked, either.

How much faith would people have in a government with such a level of information security?

Once we allow Chinese investors and equipment to enter Taiwan, the risk becomes a danger that is then inherent in domestic information and communication channels.

No amount of prevention, inspection, evaluation, or supplementary measures added afterward could remedy the situation.

While the commission has publicly announced that as long as Chinese personnel are barred from the mainframe rooms then [information security] is considered secure, others have exposed an official document circulated within the commission titled “Principles on inviting Chinese personnel to enter mainframe rooms” showing that the commission’s public announcement is a sham.

In fact, in terms of modern technology, if one wished to tinker with the system they don’t need to enter the mainframe room personally; if the equipment is manufactured by Chinese investors or are repaired by them, internal backdoors can be builtin and remotely controlled.

LT: The government and Gou say that by refusing Chinese investors, it is implementing isolationism as China has invested in the telecom sector in other nations. What are your thoughts on this?

Lee: The commission has said that the US, Japan, India and any countries in the EU have allowed Chinese to invest in telecom sector, but the commission’s examples [serve to illustrate that] these countries limited Chinese investment to international telecommunication by allowing the links back to China, but not the operation of any domestic telecommunication businesses.

These countries have adopted such policies with full knowledge that the land-based end of international telecom back to China already holds the risk of surveillance and poses the same threat to public information security whether they allowed Chinese investors to invest.

However, the established domestic telecommunication service is different [from other countries.]

The US, Australia and the majority of nations across the world place limitations on their telecommunications based on national security.

The most commonly employed tactic by the government in face of opposing voices is to accuse them of wanting isolationism, or blaming it on the political feuds between the Chinese Nationalist Party (KMT) and the Democratic Progressive Party.

The most commonly heard accusation against those who oppose the cross-strait service trade pact is that of anti-China sentiments.

However, China has more than thousands of missiles directed at Taiwan, and has clearly stated its political intentions of making Taiwan a Chinese province.

If the government wishes to remain ignorant of the inherent political ambition and antagonism across the Strait and open wide the doors to Chinese investment, giving China the chance to control Taiwan’s information technology industry, it should come out and say so instead of spouting lies that information technology can be reviewed and defended against.

We, the 600-odd academics and industry experts, hereby offer our warnings to the nation and its government based on our professional knowledge of information technology.

Translated by Staff Writer Jake Chung