Chinese shopping @ 3Com

04/03/2008 Written by Roberto Preatoni

Bain and Huawei’s $2,2bn first attempt to buy out 3Com has been amended with a sec­ond offer, under which the Chi­nese net­work­ing giant and the Invest­ment Fund plan to gain con­trol of the Amer­i­can net­work­ing giant, but hav­ing “lim­ited access” to 3com’s secu­rity prod­ucts. This amend­ment has been intro­duced after the Treasury’s Com­mit­tee on For­eign Invest­ments launched an inves­ti­ga­tion aimed to block the deal, fear­ing pos­si­ble impli­ca­tions in hav­ing a Chi­nese com­pany so much close to key secu­rity prod­ucts, cur­rently used by the Amer­i­can government’s IT infra­struc­tures. Fur­ther skep­ti­cism was raised by those who didn’t for­get that Huawei’s founder Mr. Ren Zhengfei was also a for­mer Chi­nese Peo­ple Lib­er­a­tion Army officer…

As a secu­rity pro­fes­sional, I am involved in the WSL startup, the com­pany which is aim­ing to re-​design the secu­rity research mar­ket cycle, intro­duc­ing the con­cept of an open auc­tion mar­ket­place through which the secu­rity researchers’ job should be prop­erly val­ued. When the Swiss-​based WSL project was launched, sev­eral observers labeled it as “con­tro­ver­sial” or in worst cases as “fishy”. “Who the hell are they?” — “They might be a front-​end of a crim­i­nal orga­ni­za­tion” , words were spent.

Eye-​browses were raised even by the same Tip­ping Point, the secu­rity com­pany belong­ing to 3Com, which is cur­rently pur­chas­ing 0day exploits from researchers.
Spec­u­la­tions on the oppor­tu­nity of let­ting a Chi­nese com­pany pur­chase Tip­ping Point (which sells intru­sion pre­ven­tion tech­nol­ogy to the US gov­ern­ment) through the 3Com buy­out are too easy. Actu­ally the dis­cus­sion is still open as appar­ently Huawei pro­posed to spin-​off Tip­ping Point before the com­ple­tion of the 3Com acqui­si­tion pro­ce­dures.
Regard­less this lat­ter pro­posal and the related market’s reac­tion which might or might not wel­come this mar­riage between IT giants, we should all be con­cerned about the pos­si­ble impli­ca­tions in hav­ing a Chi­nese net­work­ing com­pany con­trol­ling one of the largest west­ern pro­ducer of net­work and secu­rity appli­ances.
Here both stakes and risks are too high.

The ques­tion is: WHO OWNS YOUR DATA?

If your answer to this ques­tion was “ME”, then we are sorry to wake you up abruptly from your dreams. The own­ers of your data are (in order)

1) the pro­ducer of the net­work hard­ware, who knows very well that all the today’s com­pa­nies rely on the data trans­mis­sion through the Inter­net. Your data might be secret, securely stored and encrypted, but sooner or later they WILL pass through a sort of net­work appli­ance (being it a net­work card or a router). The only entity which can cer­tify what was embed­ded at the hard­ware level (read: spyware-​free) in such net­work appli­ances dur­ing the pro­duc­tion process.… is the same hard­ware pro­ducer.
2) your ISP, as most of your data are trans­mit­ted in clear, there­fore inter­cept­able
3) the gov­ern­ment, as data reten­tion laws are get­ting tougher and tougher
4) your data-​center admin­is­tra­tor, who might decide to run away with your data.
5) the hacker, who prob­a­bly already com­pro­mised your data-​center and is com­fort­ably sit­ting on your hard­ware since a cou­ple of years
6) … prob­a­bly you.

What’s the menu today?

America’s net­work cards in Tze Chuan sauce?

No, thanks.