The United States is forcing telecommunications companies like AT&T and Verizon to hand over sensitive data regarding their network infrastructure to sniff out potential Chinese spies. Officials are concerned that China may be leveraging their exports into the county to spy on the US.
The US Commerce Department sent out a survey in April asking for detailed records regarding foreign-made software and hardware that telecommunications companies, software makers and information-security companies are using. Specifically, the survey requested to know the manufacturer of equipment including optical-transmission components, base-station controllers and transceivers.
Results from the survey were to be shared with the Defense Department and added to a database to map who made which parts on various networks.
AT&T and Verizon were among the dozens of businesses that received the survey. To collect data from companies, the US is using a 1950 law called the Defense Production Act that was used sporadically during the Cold War. Failure to comply could result in unspecified criminal penalties.
According to Joshua Pennell, president of Seattle-based cyber security firm IOActive Inc., spyware embedded within hardware or hidden in millions of lines of code could intercept sensitive information while being extremely difficult to detect. Having access to such data would give China industrial and political advantages.
In 2008, an Insignia brand digital photo frame sold by Best Buy was discovered running malicious software that had been embedded during the manufacturing process. The retailer was able to trace the software to a single computer at the manufacturer’s plant in China but refused to comment on who specifically installed the code or why.
Data was to be submitted by June 10 according to the survey but that deadline was extended when several companies expressed concern about how the sensitive material would be handled.
Code image from Shutterstock.