Botnet (bot·net) — A botnet is a group of computers that are controlled from a single source and run related software programs and scripts. While botnets can be used for distributed computing purposes, such as a scientific processing, the term usually refers to multiple computers that have been infected with malicious software.
The Quad Issues Its Tech Principles
What’s New: The “Quad” (Australia, India, Japan, and the United States) have issued a set of principles on “technology, design, governance, and use,” according to a White House press release.
Why This Matters: All four members of the Quad are doubling-down on the partnership and these tech principles demonstrate the importance of these issues within the group — particularly in the context of trade and China policy.
The Quad is shorthand for the Quadrilateral Security Dialogue, which informally started when these nations began maritime cooperation following the 2004 tsunami in the Indian Ocean.
It is not a formal alliance and its importance has ebbed and flowed over the years. Recently, however, its members have deepened their cooperation as tensions with China have increased.
The declared principles fall into three broad aims: (1) support universal values; (2) build trust, integrity, and resilience; and (3) foster healthy competition and international collaboration to advance the frontier of science and technology.
There are 17 principles in total and it’s worth the five minutes to give them a quick read. There are a few, however, that I think are particularly relevant and I comment on them below.
What I’m Thinking:
The Quad is a good thing. The Indo-Pacific is very important to the United States, with nearly 38% of global imports and 42% of exports passing through the region — totaling nearly $2 trillion in U.S. trade in 2019. Beyond the economics, all four nations are concerned about Beijing’s growing belligerence and, late last year, the four navies conducted their first joint exercise in more than a decade.
These tech principles are a continuation of what started earlier this year. In March, President Biden held a virtual Quad meeting with Australian Prime Minister Scott Morrison, Indian Prime Minister Narendra Modi, and Japanese Prime Minister Yoshihide Suga. A working group on technological innovation and supply-chain resilience was formed during this meeting and these principles are one of its first deliverables.
Principle: “Technology should not be misused or abused for malicious activities such as authoritarian surveillance and oppression, for terrorist purposes, or to disseminate disinformation.” At first blush, this is easy to understand and agree with. But, there are some complexities to consider. First, while it seems obvious that China’s near ubiquitous domestic surveillance is the primary target of this principle, India has its own record of aggressively leveraging technology to constrain speech and other freedoms. For example, New Delhi has turned off the internet as a means of population control more than 500 times, including more than 30 times this year. Second, the point on disinformation is also touchy. The fact is that the United States conducts information operations (INFOPs) around the world — sometimes in a military context and other times under covert action authorities granted to the CIA — and technological platforms are critical to these operations. Now, not all INFOPs include disinformation, but deception and denial are critical components and have their place in our bag of tricks. Nothing in these principles is legally limiting and I’m sure it’s generally understood that these are ideals, not iron-clad commitments by Quad members. Even so, things are always … complicated.
Principle: “We expect technology suppliers, vendors, and distributors to produce and maintain secure systems, and to be trustworthy, transparent, and accountable in their practices.” *Cough* Huawei *Cough* Every Chinese tech company operating anywhere in the world *Cough*
Principle: “Resilient, diverse, and secure technology supply chains – for hardware, software, and services – are vital to our shared national interests.” While many of us were banging this gong before COVID, the pandemic has certainly solidified calls for supply chain diversification, and cyber attacks like the SolarWinds and Microsoft Exchange hacks have helped to make clear these concerns extend to software as well. While building domestic capacity is an important step, building trusted supply chains within the Quad and elsewhere will also be essential for constraining China and for ensuring our long-term thriving.
Huawei CFO Released
What’s New: Meng Wanzhou, Huawei’s CFO and daughter of company founder Ren Zhengfei, was released last week by Canadian authorities after being detained for more than two years.
Why This Matters: Meng’s release brings to an end a complicated stand-off between the United States, Canada, and China that has lasted more than two years.
Canadian authorities detained Meng in late-2018 at the request of the United States, who charged her with helping a Huawei-owned company to circumvent U.S. sanctions on Iran.
Soon thereafter, the Chinese government detained two Canadian citizens and charged them with espionage. Two Americans, Cynthia Liu and Victor Liu, were also prevented from leaving the country.
Shortly after Meng’s release, the two Canadian citizens and the two American citizens were allowed to return to their respective nations.
Meng Wanzhou was welcomed back to China as a national hero, with local press crediting her return to “the strong will of the Chinese people to defy power and oppose hegemony.”
What I’m Thinking:
Hostage taking works and it’s not new. Of course China’s detaining of the four U.S. and Canadian citizens was a direct response to the arrest of Meng Wanzhou. Of course their release was also tied to hers. Yes, it’s infuriating. No, “hostage diplomacy” should not be rewarded, but neither is it new and I’m not convinced these events meaningfully alter Beijing’s willingness to take such actions. The CCP has done this for years and will likely continue doing it as a means of turning the screw on other governments.
We probably got all we were ever going to get. The Wall Street Journal has a good write up of how Meng’s release came together and how the Department of Justice’s (DOJ) strategy evolved over the last two years. As part of her release, Meng admitted making false statements to a bank in 2013, leading the bank to provide a Huawei-owned business with services that broke U.S. sanctions on Iran. DOJ lawyers tell the Journal that Meng likely would have been able to prolong legal proceedings for years and that they were concerned the Canadian government might preemptively end the court case in an effort to retrieve their detained citizens. The U.S. calculus also recognizes that similar prosecutions rarely result in significant prison time. Most importantly, from my perspective, Huawei is in a fundamentally different position than it was in 2018. The company is on life support and Western and democratic nations are wise to the company’s espionage and intellectual property theft. As frustrating as Beijing’s tactics are, it was probably time for us to take our winnings, back away from the table, and reset for the next hand.
Moscow Is Making Moves
What’s New: The Russian government has arrested the head of one of the nation’s leading cybersecurity companies and successfully pressured American tech companies to suppress political opponents.
Why This Matters: Authoritarians like Vladimir Putin are growing more brazen in their efforts to influence technology companies and to silence their critics.
Ilya Sachkov, co-founder and CEO of the Russian cybersecurity company Group-IB, has been arrested and is being charged with allegedly transferring classified data to a “foreign government”, according to Reuters.
There are few details about the charges but Sachkov is expected to be held for at least two months per a court order.
The businessman has occasionally been critical of the Russian government and moved his company’s headquarters to Singapore in 2018 after the U.S. government accused Moscow of interfering in the 2016 presidential election.
The arrest comes shortly after the Russian government forced Apple, Google, and Telegram to remove apps and content associated with imprisoned Russian opposition leader Aleksei Navalny and his election campaign.
All three companies were told that some of their employees in Russia would be charged with “serious criminal charges and prosecution” if the companies did not comply, according to Wired.
What I’m Thinking:
This was the plan all along. In July, the Kremlin ordered all foreign tech firms operating in Russia to open local offices with staff. The law officially goes into effect on January 1, 2022, but most companies have already complied. There are a number of reasons for this order: (1) a desire to “localize” Russian data; (2) a desire for Russian government access to this data (which it will get by virtue of Russian law); and (3) physical and legal leverage over company employees to exert pressure like we’re seeing now.
All of the tech companies knew the risks and they complied anyway. Now these same companies are throwing up their hands and saying, “What else could we do?” Well, I’ll suggest two possible courses of action: (1) don’t operate in countries with authoritarian, politically oppressive governments. Or, (2) stop the incessant virtue-signaling about human rights, privacy, and “the right side of history,” because — at the end of the day — these companies willingly put themselves in this vulnerable position for the chance to make a little more cash. Oh, they’ll say that they’re actually helping political dissidents in these countries by providing services that aren’t completely owned by the Russian government the way domestic alternatives are. But Aleksei Navalny and his supporters might beg to differ.
Sachkov’s future is unclear. There are a couple of realities here — all of which are difficult to assess with so little information. First, Sachkov could really be a spy who got caught. Second, the Kremlin may be warning Sachkov to chill with the criticism before he has “an accident” or some other “unfortunate development.” Finally, third, Sachkov may have already crossed too many lines and is about to disappear. No matter the case, the man is totally at the mercy of Vladimir Putin and that is not a place anyone ever wants to be.
Let’s Get Visual
That’s it for this Friday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great weekend!