FUD Attack Against Lenovo May Actually Showcase Security Advantage

Rob Enderle
Slide Show

IT's Dirty Little Secret: Security Reporting

 A number of stories have suggested that western governments were blocking Lenovo computers from secure organizations for fear of rootkits or Chinese government spying even though no evidence of China actually doing this to PCs has ever been reported. In fact, it would be incredibly shortsighted if they did because, if they were caught, much of China’s technology manufacturing for markets outside of the country would cease. But according to the Australian government, the lead government typically cited, no such ban exists, at least not in Australia (even though the report originated on the Australian Financial Review). This was a FUD attack by some as yet unidentified party, likely a Lenovo competitor (suggesting libel or slander litigation may be imminent), who will have some explaining to do once the source for this false report is found.

But attacking Lenovo in this way may have been very shortsighted. It isn’t just China the world is worried about, it is also the NSA in the U.S., and Lenovo may actually have the strongest defense against both countries.

Balanced Leadership

Unlike other technology companies, Lenovo’s senior leadership is balanced between the U.S. and China, which should prevent either government from mucking with Lenovo’s computers. Every technology firm knows that these invasive attempts by governments, if discovered, can be terminal, resulting in massive losses of revenue and profits--and they seem to get discovered a lot. A U.S. firm would have, and clearly has had, difficulty resisting a request from the U.S. government, so a Chinese firm would also have difficulty resisting an information request from the Chinese government. However, U.S. companies outside of China have no problem resisting China’s requests, and companies outside of the U.S. can generally thumb their noses at U.S. requests not supported by their own government. By being run by both countries, Lenovo should be able to play its unique dual citizenship into a unique security advantage.  It can legally report U.S. attempts to gain access to China via its technology and do the same if China makes the same request to gain access, making it unlikely either government will make the request in the first place, or keep it confidential if they did take such a big risk.

In effect, its international nature means it can’t be easily attacked in this way by any one government because it can use its relationship with either country (or both) to block the attempt. This is a breadth of resources no other technology company currently has. Given the concerns about both the NSA and China, and the fact that virtually all PC firms other than Lenovo have third parties assemble their hardware in China, it seems foolish to throw stones at the company.

Double the Damage for the Attacker

Lenovo can argue that a U.S. firm, as has been shown by Google, Microsoft and Yahoo’s disclosures, can be forced by the U.S. government to provide access to private information. And a Chinese firm doing manufacturing wholly located in China is just as much at the mercy of the Chinese government. By using a contract manufacturer in China--which could be barred from reporting compromising hardware to its customers much as Google, Microsoft and Yahoo were--the OEM that likely shot the FUD arrow at Lenovo may actually be at risk from both governments. This is why I think it was unwise to throw this particular stone, because it could come back with significant interest from both countries. I do understand the why--Lenovo is now number one in the world PC market--but you never attack someone with an argument that could equally apply to you, let alone one that could be doubly damaging.

Wrapping Up: Lenovo’s Big Opportunity

Lenovo has one of the best marketing guys in the world as CMO, David Roman. I expect he’ll eventually roll with a counter campaign, which points out the very real exposures surrounding the firm that tossed the FUD bomb at Lenovo. When that happens, this fight will get expensive and will underscore the recommendation that “people in glass houses shouldn’t throw stones.” So if you’re worried about Lenovo, don’t be. It actually appears to be in better shape than the company that attacked it.

Add Comment      Leave a comment on this blog post
Aug 2, 2013 2:29 AM padddler padddler  says:
This article makes a good point. However, I see too possible points that that weaken the argument: First, having two national entities to report to, could mean instead of offering the ability to block each other from conducting clandestine activities, Lenovo could be subject to both sets of influence, and possibly not be aware that such intervention had taken place. Chinese government leans on Chinese employees, and US government leans on US employees. Both sworn to secrecy of course and so don't tell their superiors. Second. The US companies cited in the article for giving the US Government access to information, were information service providers (ISPs). Ie they held/ transmitted information on behalf of others. Lenovo is not an information provider. It provides hardware. If you give your information to an ISP you should assume a level of risk with the given information. With hardware - if that hardware is compromised it gives access to everything you own and do. It is a much higher level of risk. It opens up far more than access to information: impersonation, information corruption, online access to cameras and microphones, key logging, denial of service. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.