Search This Blog

Wednesday, March 4, 2020

Communist Red China & #Lexmark

Chinese and American

"State Governments' Failure to Scrutinize the Purchase of Lenovo and Lexmark Equipment Jeopardizes Data Security"

A report released from embargo on February 24, 2020, "Stealing From States: China's Power Play in IT Contracts" unearths scathing facts around Lexmark, the US military, Communist Red China, and state/federal contracts.

Lexmark doesn't want you reading the report - and for good reason.  You will be shocked to learn the degree to which Lexmark has been challenged in the past over security issues, and why being connected to or owned by a Chinese company is worthy of high concern. For instance, in 2016 the Chinese Communist Party passed the China Internet Security Law. This law requires any company headquartered in China, to keep data in-country and allow Chinese authorities to 'spot-check' on the data at any time.

"A Chinese military unit has been inserting tiny microchips into computer servers used by companies including Apple and Amazon that give China unprecedented backdoor access to computers and data, according to a new Bloomberg report."

So much for data security.

If you're thinking, "How much data can a Lexmark harvest?" consider reports that surfaced back in 2018 about China planting unknown chips in Apple and Amazon servers.

From The Guardian, October 4, 2018, by Samuel Gibbs, "A Chinese military unit has been inserting tiny microchips into computer servers used by companies including Apple and Amazon that give China unprecedented backdoor access to computers and data, according to a new Bloomberg report."

Imagine, if you will, the depth of data available when every printer in the world(or just 12%) has an embedded 'spy-chip' on board.  I am not saying this is the case, just asking you to imagine.  What segments are Lexmark devices typically installed?  State, Local, Federal government, and educational accounts.  Nothing to worry about here.

Again, from the "Stealing From States: China's Power Play in IT Contracts" :

"Lexmark’s connection to the Chinese government is something that has been well documented by government agencies and US courts. In a landmark case, hardware vendor Iron Bow Technologies sued the Social Security Administration (SSA) after SSA leadership concluded the Lexmark printers sold by Iron Bow posed too great a security risk to government networks.

The Social Security Administration, determined to mitigate supply chain risks in procurement practices, decided that printers manufactured by Lexmark presented an unacceptable level of supply chain risk due to the company's Chinese ownership and ties to the Chinese government.

The Court of Federal Claims ruled in favor of the SSA, stating that the CFIUS agreement with Lexmark does not address supply chain risks and that Lexmark’s 49% minority ownership was enough to pose a national security risk."

It seems odd to me to remind folks that The Chinese are communists. There is no 'free' market in China, life carries a different value over there. I'm not saying a capitalist structure shouldn't work with communist manufacturers. If parts and products are of acceptable quality and secure, all to the good. I'm suggesting we strongly reconsider partnerships that pose a real or potential threat to national security.

Moreover, I believe sharing technology should not be part of any trade agreement.  Yet that is exactly how Red China and the US have been working together.

There's more.  From an August 12, 2017 report on CNN, by Jethro Mullen:

Some experts say that handing over technology has effectively become a cost of doing business in China -- a market too big for most companies to ignore.

"Many Chinese companies go after technology hard and the tactics they use to show up again and again, leading us to believe there is some force (the government?) teaching them how to do these things," said Dan Harris, a Seattle-based attorney who advises international companies on doing business in China.

Effectively, to do business in China, US companies are required to share technology with Chinese businesses - which we know are directly linked to the Chinese Communist Party.

Spying on other countries is the way of the world - we all do it. It is incumbent upon nation states to protect and secure sensitive data and establish transparent and trusted agreements with trading partners. (Usually those of the same political structure and an innate belief in independence, freedom, and human rights)

Oh, Lexmark, How the Mighty Have Fallen - 

So Much for the "A4 Revolution" unless you mean the People's Revolution.

Should you sell Lexmark?

If the US military can't trust them, should your clients?

Are you comfortable putting your customers at risk?

How does it feel knowing that a foreign, communist government may be stealing sensitive data this very moment, via one of the devices you sold?

I like Lexmark. I remember working with them when they were a part of IBM and many times in the past decade. I felt sad when Lexmark sold to Chinese concerns, but again, it is the way of things.

But things are bad now. Very, very bad.

From the report, "Stealing From States: China's Power Play in IT Contracts" -

Chinese hardware and software can facilitate the transfer of data to China where it can be collected, and processed by the Chinese Communist Party (CCP) or related actors. While this can be done illicitly, the contracts of Lenovo and Lexmark and larger Chinese information security laws stipulate as much.

Lexmark has been the subject of various reports regarding cyber threats and espionage risk, with the printer company facing allegations from various technology experts and conglomerates regarding the adversarial use of the company's printers as a medium for cyber intrusion. Printers, one of the least secure Internet of Things devices, store sensitive data on internal hard drives derived from the various printing jobs executed on a day-to-day basis.

I don't know the answer but I'm leaning toward NOT recommending Lexmark to clients and their customers and that makes me mad.  I am upset that 10 years ago, OEMs didn't see the cliff coming and pivot into more.  Some didn't and now they are owned by communists.

On the bright side, the current HP/Xerox drama strengthens my resolve and belief in the capitalist system.

What say you?

"Life is Pain, Princess anyone who says differently is selling something."

The Report is here.

No comments:

Post a Comment

Contact Me

Greg Walters, Incorporated
greg@grwalters.com
262.370.4193