Chinese shopping @ 3Com04/03/2008 Written by Roberto Preatoni
Bain and Huawei’s $2,2bn first attempt to buy out 3Com has been amended with a second offer, under which the Chinese networking giant and the Investment Fund plan to gain control of the American networking giant, but having “limited access” to 3com’s security products. This amendment has been introduced after the Treasury’s Committee on Foreign Investments launched an investigation aimed to block the deal, fearing possible implications in having a Chinese company so much close to key security products, currently used by the American government’s IT infrastructures. Further skepticism was raised by those who didn’t forget that Huawei’s founder Mr. Ren Zhengfei was also a former Chinese People Liberation Army officer…
As a security professional, I am involved in the WSL startup, the company which is aiming to re-design the security research market cycle, introducing the concept of an open auction marketplace through which the security researchers’ job should be properly valued. When the Swiss-based WSL project was launched, several observers labeled it as “controversial” or in worst cases as “fishy”. “Who the hell are they?” — “They might be a front-end of a criminal organization” , words were spent.
Eye-browses were raised even by the same Tipping Point, the security company belonging to 3Com, which is currently purchasing 0day exploits from researchers.
Speculations on the opportunity of letting a Chinese company purchase Tipping Point (which sells intrusion prevention technology to the US government) through the 3Com buyout are too easy. Actually the discussion is still open as apparently Huawei proposed to spin-off Tipping Point before the completion of the 3Com acquisition procedures.
Regardless this latter proposal and the related market’s reaction which might or might not welcome this marriage between IT giants, we should all be concerned about the possible implications in having a Chinese networking company controlling one of the largest western producer of network and security appliances.
Here both stakes and risks are too high.
The question is: WHO OWNS YOUR DATA?
If your answer to this question was “ME”, then we are sorry to wake you up abruptly from your dreams. The owners of your data are (in order)
1) the producer of the network hardware, who knows very well that all the today’s companies rely on the data transmission through the Internet. Your data might be secret, securely stored and encrypted, but sooner or later they WILL pass through a sort of network appliance (being it a network card or a router). The only entity which can certify what was embedded at the hardware level (read: spyware-free) in such network appliances during the production process.… is the same hardware producer.
2) your ISP, as most of your data are transmitted in clear, therefore interceptable
3) the government, as data retention laws are getting tougher and tougher
4) your data-center administrator, who might decide to run away with your data.
5) the hacker, who probably already compromised your data-center and is comfortably sitting on your hardware since a couple of years
6) … probably you.
What’s the menu today?
America’s network cards in Tze Chuan sauce?