China: The Walls Have Ears

China is watching you.

I am convinced about 99.9% of all emails go through. But to me, that means at least one email I send per day will not reach its destination. If I do not hear back from someone rather quickly, I just assume they did not get my email and I send it again. In other words, I assume the worst.

I have a similar attitude regarding my privacy when in China. I assume my hotel room is bugged and my Internet is monitored. I assume the worst and I take every measure I can to be careful. I know people will laugh at my “paranoia,” but I have plenty of stories to tell involving people who were not careful about their data:

  • Many years ago, I was staying on the business floor of the Lotte Hotel in Busan, Korea. This floor has a couple of computers for its guests. I got on one of those computers (to read the news) and the first thing that popped up was a letter written by a Seattle company revealing information I know they would not have wanted me (or anyone else) to see. Someone from this company had written this letter on the computer (in Word format) and simply left it there. Not smart.
  • Many times I have gotten on the internet at an airport computer and been let right into someone’s webmail account. Not smart.
  • A couple of years ago, I found a memory stick in the desk drawer of my hotel in Shanghai that contained an incredible amount of information on a European plastics company. Not smart.
  • A stockbroker I know was sent an email by a rival stockbroker, urging my stockbroker friend to oppose some proposed law that would strike hard at those with massive net worth. The stockbroker who sent this email cc’ed it to a half dozen or so of his clients. My friend figured the clients were people with the requisite massive net worth and so he cold-called them for their business. He ended up getting a great client with this tactic. Not smart.
  • Many years ago, a client of ours discovered an employee was running a rival business within my client’s business. My client then arranged for this employee to bring his two company laptops to the office. When the employee went to lunch, the locks were changed and he was locked out. You would not even believe the stuff we found on those laptops. I am talking both business and personal. Very, very personal. Not smart.
  • A number of my firm’s Russian clients will not discuss anything of any import over the phone or via email. They will only discuss things in my office and, for the even more paranoid, only while we are out walking if the matter is of extreme secrecy. They still see themselves operating under the Soviet system, no matter where they are.

I thought of data protection today after reading a fascinating New York Times article, Britain Warned Businesses of Threat of Chinese Spying. True or not (and I have no way to know), this article ought to chill you at least a bit. It talks about a 2008 report from Britain’s M15 intelligence agency, setting out the following:

Officers from the People’s Liberation Army and the Ministry of Public Security had approached British businesspeople at trade fairs and exhibitions with offers of “gifts” that included cameras and computer memory sticks that were found to contain bugs that provided the Chinese with remote access to the recipients’ computers. “There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.

“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”

I have absolutely no proof that anything like the above has ever happened to me or to anyone else in China, but is anyone out there certain these sorts of things are not happening to them? How do you handle these issues?

Two more stories. The BBC did a story of how Germany paid big money for data illegally mined from a big Swiss Bank. Germany is thinking it worth it to pay 2.5 million Euros for data that will allow them to capture more than 100 million Euros in tax cheating.

The other story was one of which I was reminded by an old client of mine. Many years ago, I was going to a particular city in a former Communist country and my client and I agreed that, above all else, I should completely avoid meeting with or even talking to “Oleg” [made up name here]. I had to go to this city, but I was going to be there for only two days. I fly in, walk into my hotel lobby and, before I can even check in, two people come up to me and tell me Oleg will be coming by to take me to dinner at 7:00 pm. I felt I had no choice at that point but to meet with Oleg and I did. When I asked Oleg how he knew of my arrival, he said he gets emailed the list of all foreigners as soon as they arrive at the airport. Oleg runs a very successful private business.

An international lawyer I know who lives in China and someone I have every reason to trust, sent me the following email, which I have modified slightly to erase any possibility of anyone being able to trace it back to its source:

Some Chinese companies own their own hotels or have very close relationships with a particular local hotel and contractually require foreign parties stay in one of these hotels at a special rate.

Any attempt to arrange different accommodations is met with strict and swift countermeasures. Penalty clauses in the contract are brought up. If you do find other accommodations they will absolutely not pay for them.

Why? All telephone calls are recorded. I have actually been in the room used by one of these companies as it’s actually not all that difficult to get into.

All of the “photocopies” made at the hotel are scanned and saved. Colleagues would leave their notebooks in the meeting room at lunch, “locked.” These notebooks’ hard-drives were removed and cloned.

Once, a foreigner locked horns with someone at a big Chinese company and ended up in jail on a prostitution sting. Dan, don’t get me wrong, I am against prostitution, but this guy was not doing anything any differently from what he (and others) had been doing all along. In this instance the “prostitutes” were in fact not prostitutes. The girl’s room was camera’ed out. It is very, very, very rare for someone to be arrested in China for soliciting. This person subsequently got out on greatly reduced charges and I have to believe that was in return for his agreeing to start going along more with the Chinese company.

I will note that I have a very savvy client who absolutely refuses to stay in any hotel recommended by those with whom he does business and who always books his hotels on his own, without revealing where he will be staying. Probably a pretty good policy.