A number of stories have suggested that western governments were blocking Lenovo computers from secure organizations for fear of rootkits or Chinese government spying even though no evidence of China actually doing this to PCs has ever been reported. In fact, it would be incredibly shortsighted if they did because, if they were caught, much of China’s technology manufacturing for markets outside of the country would cease. But according to the Australian government, the lead government typically cited, no such ban exists, at least not in Australia (even though the report originated on the Australian Financial Review). This was a FUD attack by some as yet unidentified party, likely a Lenovo competitor (suggesting libel or slander litigation may be imminent), who will have some explaining to do once the source for this false report is found.
But attacking Lenovo in this way may have been very shortsighted. It isn’t just China the world is worried about, it is also the NSA in the U.S., and Lenovo may actually have the strongest defense against both countries.
Unlike other technology companies, Lenovo’s senior leadership is balanced between the U.S. and China, which should prevent either government from mucking with Lenovo’s computers. Every technology firm knows that these invasive attempts by governments, if discovered, can be terminal, resulting in massive losses of revenue and profits--and they seem to get discovered a lot. A U.S. firm would have, and clearly has had, difficulty resisting a request from the U.S. government, so a Chinese firm would also have difficulty resisting an information request from the Chinese government. However, U.S. companies outside of China have no problem resisting China’s requests, and companies outside of the U.S. can generally thumb their noses at U.S. requests not supported by their own government. By being run by both countries, Lenovo should be able to play its unique dual citizenship into a unique security advantage. It can legally report U.S. attempts to gain access to China via its technology and do the same if China makes the same request to gain access, making it unlikely either government will make the request in the first place, or keep it confidential if they did take such a big risk.
In effect, its international nature means it can’t be easily attacked in this way by any one government because it can use its relationship with either country (or both) to block the attempt. This is a breadth of resources no other technology company currently has. Given the concerns about both the NSA and China, and the fact that virtually all PC firms other than Lenovo have third parties assemble their hardware in China, it seems foolish to throw stones at the company.
Double the Damage for the Attacker
Lenovo can argue that a U.S. firm, as has been shown by Google, Microsoft and Yahoo’s disclosures, can be forced by the U.S. government to provide access to private information. And a Chinese firm doing manufacturing wholly located in China is just as much at the mercy of the Chinese government. By using a contract manufacturer in China--which could be barred from reporting compromising hardware to its customers much as Google, Microsoft and Yahoo were--the OEM that likely shot the FUD arrow at Lenovo may actually be at risk from both governments. This is why I think it was unwise to throw this particular stone, because it could come back with significant interest from both countries. I do understand the why--Lenovo is now number one in the world PC market--but you never attack someone with an argument that could equally apply to you, let alone one that could be doubly damaging.
Lenovo has one of the best marketing guys in the world as CMO, David Roman. I expect he’ll eventually roll with a counter campaign, which points out the very real exposures surrounding the firm that tossed the FUD bomb at Lenovo. When that happens, this fight will get expensive and will underscore the recommendation that “people in glass houses shouldn’t throw stones.” So if you’re worried about Lenovo, don’t be. It actually appears to be in better shape than the company that attacked it.