The long-running debate over the relationship of Huawei to the Chinese government took an interesting and unexpected turn last week, as the Justice Department disclosed (in the context of the prosecution of Huawei and its CFO for bank fraud and sanctions-busting) that it had obtained orders under Title I of the Foreign Intelligence Surveillance Act, or FISA, targeting the company. …
Two major accounts of that risk have emerged (both of them similar to arguments we also have seen in the context of the Kaspersky-Russia relationship). The most straightforward account turns on the fact that all Chinese companies have comprehensive obligations under Chinese law to comply when the Chinese government seeks information or assistance for national security purposes. The other account goes much further, arguing that there are deep ties between Huawei and Chinese intelligence services and suggesting that Huawei therefore might act as an agent of those services rather than as an independent company with an arms-length relationship with its government.
Lawfare Blog
Problems arise because companies like Huawei and Washington lobbyists perform trusted actions for the users of their system; in this case 5G or the political process respectively. In a ‘trustless’ system anyone can verify the entire chain of actions performed, or the system itself may be powerless to alter it.
Encryption allows people to use any email system without the need to trust it because security is not dependent on the transport. Similarly public block chain systems allow anyone to verify the entire sequence of transactions for themselves to make sure the results are right. So no trust is involved.
From the information point of view irrespective of the legal definitions, a ‘foreign agent’ is any entity that is more likely to act for a hidden client than for the overt one. In the context of public policy the most obvious solution is to lay bare enough of lobbying transactions so the key parts become ‘trustless’, ie anyone can verify it for themselves.
The ‘trust’ problem goes beyond subjective intent. The inability to maintain security of private information affects the well intentioned and the malicious alike. The data breach at the Office of Personnel Management was one of the most devastating blows against US national security even though it may have resulted from incompetence.
China is mining intelligence from an estimated 23 million records of American federal workers, including intelligence and security personnel, stolen in cyberattacks against the Office of Personnel Management, according to a member of Congress.
Free Beacon
Rep. Chris Stewart (R., Utah) said the Chinese are easily gaining information from the stolen records. …
The first official confirmation that China’s government carried out the cyberattacks was made by White House National Security Adviser John Bolton in September.
The office is the repository of federal government personnel records, including social security numbers and documents known as SF-86s that contain personal information about people who apply for security clearances. …The federal government sent notices to the millions of security clearance holders notifying them of the compromise of their personal data. The loss of the sensitive clearance records also includes information on the relatives of security clearance applicants because details about an applicant’s offspring are part of the application process.
The breach involved the extraction from OPM networks of an estimated 23 million records of federal workers, including those who were being evaluated for access to classified information. About 20 million records related to SF-86s were stolen.
This is conceivably the biggest headline that never was. Quite a feat in an admin that counted Snowden, Manning, the rollup of the CIA network in China, missing the rise of ISIS and Benghazi.
The theft at OPM came in two parts, neither of which were prevented by Katherine Archuleta. “She had previously served as National Political Director for Obama’s 2012 reelection campaign. Prior to that, she had been Executive Director of the National Hispanic Cultural Center Foundation in New Mexico, had co-founded the Latina Initiative, had worked at a Denver law firm, and had worked in the Clinton Administration as chief of staff to the Secretary of Transportation, Federico Peña.”
[Obama Spokesman Josh] Earnest said Ms. Archuleta had resigned “of her own volition,” adding that while she had been an “effective director, Mr. Obama believed that new leadership at the agency was “badly needed.” He also noted that she does not have “this particular expertise” in cybersecurity.
NYT
Beth Cobert, the deputy director of management at the Office of Management and Budget and a former longtime management consultant at McKinsey & Company, will step in temporarily to replace Ms. Archuleta while a permanent successor is found, Mr. Earnest said.
Ms. Archuleta, who assumed her post in November 2013, had been under pressure from lawmakers in both parties to resign since last month, when she announced the first of two separate but related computer intrusions that compromised the personnel files of 4.2 million current and former federal workers.
When you combine the litany of disasters with what we now know about lobbying for foreign governments in Washington it’s probable that Collusion has been out of control for some time. It’s a design defect. DC was architected as a national capital, not the capital of the world, which it has become.
Its systems require too much trust to guarantee the necessary integrity. We have to convert such portions as possible into trustless systems. The ‘trustless’ system still relies on trust: it’s just not in parties trusting each other. It’s in the system itself.
One way to achieve this is to create immutable transaction ledgers in which the steps leading to the entries can be independently and repeatedly reproduced.
Craig, for example, wanted to keep his work for foreign governments off the books, in a private ledger. There was not even a way to come to a universal understanding of what he was doing for the Ukranians. That is apparently par for the course. In other words there was no consensus mechanism in DC. The idea was that politics would enforce eventual consistency by forcing the right sequence over rival narratives. One can argue that’s what it eventually did via the upheaval of 2016.
But the price of eventual consistency was a system crisis. Because so much went on with private reckoning when clearing time came there were two sets of incompatible transactions. The whole Mueller thing was an attempt to roll back the ‘wrong transactions’.