The Snowden whistle shows cyber snooping is part of a much bigger battle to win hearts and minds in the Asian region.
By GRAEME MAXTON
Singapore, June 2013
Edward Snowden poster in Hong Kong, 18 June, 2013. The 29-year-old former contractor for the National Security Agency exposed a US global surveillance network in HK before departing, a wanted man, for Moscow. - Photo: PHILIPPE LOPEZ/AFP/Getty Images
THE right to privacy is different in Asia. In most of the region, it doesn't really exist. In Chinese societies in particular, the idea that the state or your parents should not read your mail or delve into your personal affairs is faintly comic. Life is a hierarchy, and those who sit above can do much as they like.
It is curious then, to find that privacy has moved near the top of the Asian news agenda. Yet there are two main reasons. First, there have been lots of shocking revelations about electronic snooping. The Chinese have been accused of spying on American firms and government departments. At the same time, it has become clear that America's security services have been spying on everyone, reading their emails and trawling their online activities to find out all their little secrets, on the off-chance they might be a terrorist.
Secondly, the snooping, in both directions, has become part of a war for influence in Asia. Before she left office, Hillary Clinton had said that “the future of politics would be decided in Asia” and that America was to be at the centre of the struggle to win hearts and minds. This would be “America's Pacific Century”, she said, throwing down the gauntlet to China.
In early 2013, a US company that almost no one had heard of, called Mandiant, gained global media coverage after it accused the PLA of hacking into US companies. The accusations have been repeated endlessly since then, though they should be treated with great caution.
This is why America has started to flex its muscle in all sorts of ways in the region, opening military bases in Australia, taking part in extended exercises with the South Korean army and cosying up to the government of Myanmar, just to thwart China's access to resources.
Another front in this battle is the cyber arena.
In early 2013, a US company that almost no one had heard of, called Mandiant, gained global media coverage after it accused the PLA of hacking into US companies. The accusations have been repeated endlessly since then, becoming almost fact, though they should be treated with great caution.
After all, Mandiant only said what many people wanted to hear. It reinforced a belief that China was becoming America's next bogeyman and gave US diplomats another cudgel to wield in Beijing. The timing of the report was also handy for the US firm, coming days before a huge gathering on computer security, the RSA Conference. Like its rivals in previous years, it issued a sensationalist report immediately before the event hoping for lots of publicity. It was in Mandiant's interests to tell the world about nasty threats and point the finger at America's baddie du jour.
More importantly, the report is high on accusations but less convincing when it comes to hard evidence. Many of the conclusions appeared to fit a hypothesis rather than proving a solid case. There was no proof for the key claim that the cyber attacks Mandiant had discovered came from a PLA building in Pudong, for example. The company found rogue computer IP addresses in the area and it also found a PLA office there. It tied these two pieces of information together and came to the conclusion that they were linked.
Nor did Mandiant wonder if this might be a cover. After all, if you want to be a hacker, the best way to hide your activities is to appear to use a server in China. Everyone expects hackers to be in China. Even Romanian casino fraudsters set up their systems so that they appear to work in China.
And, even if the accusations were true, they suggest that while China's ability to hack is well developed, in that it can break into some of the most secure organizations in the world, its ability to cover its tracks is not. That seems unlikely. If you can break into a well-protected network, you can presumably hide your location.
In the end, it is hard to believe that the alleged hacks were the work of a bunch of incompetent PLA soldiers in Shanghai. What is much easier to believe is that this was a convenient smear story told at the right time to grab headlines. Of course, the PLA may be doing lots of hacking, but this report did not make a good enough case against them. It made headlines and was useful to those who wanted to make trouble.
This becomes doubly so, when one considers the events of the following six months. More and more headlines appeared accusing China of hacking. Congressmen on Capitol Hill made statements, pointing the finger at Beijing. Business leaders demanded action. Newspaper leader-column writers talked of serious consequences. There was incontrovertible evidence they all said, though none was ever produced.
Then, just as Xi Jinping was to sit down with Barack Obama for the first time, in June 2013, to receive a lecture on the evils of Chinese spying and be told that the future of trade and relations between the countries were at stake, something very strange happened. On the day they shook hands, an ex-CIA analyst called Edward Snowden, who had fled to Hong Kong two weeks before, revealed a different story. It was America that was spying on everyone, he said, and it had been for years. And there was nothing anyone could do about it, because all the servers were in the US.
While this created a delicious media storm for a few weeks, it was not news. Anyone who had kept their ear to the ground knew all about this already. In 2002, America's security agencies had established something called the Information Awareness Office (IAO), which had been created specifically to build a massive database about everyone. It was to store our e-mails, financial transactions, medical records and gather as much information as possible about our relationships. The information was then to be interrogated to identify suspicious activity, unhealthy relationships and threats.
The IAO was shut down within two years on the orders of Congress because it was feared it would lead to mass surveillance, which was indeed its intent. But the projects it started continued and the massive computer centre that it wanted to build to store all the data is about to be finished in Utah.
YouTube watches what we watch. Street View, Google Earth and Google Maps show where we live. Picasa uses facial-recognition software to keep an eye on our friends. Gmail knows who we write to and what we say. Google Docs stores our letters, and Google Calendar knows all our plans
The information the IAO wanted has also been pulled together. It has not been collected by illicit snooping or using wiretaps, however. The data have been submitted voluntarily. Google, Microsoft, Skype, LinkedIn, Facebook, Twitter, Apple and several other tech firms have collected all the information the IAO ever wanted. Because of our reckless enthusiasm to share too much about our lives, these firms now know all about our habits and our plans. All the NSA needed to do was tap into the dataflow.
Thanks to these firms, America's security people know who our friends are and how we know them. They know what we are thinking and worrying about, because we do online searches. They even know where we are, and where we like to go. Our phones tell them that, and our IP addresses. Every app we install, helps them build a better picture.
Google's search engine tracks our interests and filters the results based on previous searches. Its subsidiary YouTube, watches what we watch. Street View, Google Earth and Google Maps show where we live and where we go. Picasa, Google's photo-sharing website, uses facial-recognition software to keep an eye on our friends. Gmail knows who we write to and what we say. Google Docs stores our letters, Google Calendar knows our plans. The company's Android operating system, and Apple's, knows where we are and where we have been.
For years, these high tech firms have tried to present themselves as freedom fighters, even while they were spying on us. They have fought a public battle with the help of the State Department to gain access to China in particular, with Google and Facebook proclaiming their right to spread freedom and democracy everywhere.
Now it appears that the story was actually rather different. What they really wanted to do was to spy on China's citizens. They may have been on a political and moral crusade, in the name of American freedom, but they were also very keen to learn about the Chinese. They wanted to find out what they thought and what they would buy. Perhaps they also wanted to find out who might be radical, or who might be open to political change. This is how social networks have been used in Egypt, Turkey and many other places, after all, to help spread dissent.
In retrospect, it seems almost laughable to think that these US technology companies, with a history of breaking the law, were motivated only by high ideals and a desire to sell us more stuff. They wanted our secrets.
But their story is now out and it is one that should make us all wary. We should we wary about what we share online. We should be wary about reports that make wild accusations, and that are politically convenient, when they are not backed up by solid facts. And we should be wary about the claims of innocence made by big IT firms. Just saying that you will not be evil, does not mean that you are good.
For now, the balance in the cyber fight over influence in the Pacific has shifted in China's favour.
How long that will last though, is very hard to say.
Graeme Maxton is a Fellow of the Club of Rome. He is currently writing a book on online privacy. Maxton's book, The End of Progress, How Modern Economics has Failed Us (published by Wiley at the end of 2011), dealing with the aftermath of the financial crisis, overpopulation, resource depletion and the emergence of China as a global power, was nominated for the Financial Times Best Business Book of the Year Award 2011. Graeme Maxton is an economist and author. Maxton was contributor to The Economist for many years and now writes for a wide range of international newspapers and magazines in Europe, the US and Asia. He is a frequent host on CNBC’s Squawk Box and Capital Connection and a regular guest on BBC and CNN news programmes. He is based in Vienna and Singapore. www.graememaxton.com
World opinion is rounding on Aung San Suu Kyi for her silence on the plight of the Muslim Rohingyas. See world opinion