Jun 24, 2020

Axios Codebook

Axios

This afternoon, join Axios and No Kid Hungry at 12:30pm ET for a live, virtual event to discuss the state of hungry children in America, focusing on the challenges of feeding children in the summer months.

Situational awareness:

  • DDoSecrets, the group that dumped a stolen trove of U.S. police data online (see item 2 below), had its Twitter account pulled.
  • Meanwhile, GOP senators led by Lindsey Graham introduced a bill aimed at forcing tech companies to open encrypted data to law enforcement.

Today's newsletter is 1,684 words, a 6-minute read.

1 big thing: Chinese companies listed in U.S. could pose threat

Illustration: Aïda Amer/Axios

National security concerns drove a recent bipartisan Senate vote to crack down on Chinese companies that can hide their books from U.S. regulators even though they are publicly traded on U.S. exchanges, according to interviews with six current and former US. officials, Axios’ Bethany Allen-Ebrahimian and I report.

The big picture: The Holding Foreign Companies Accountable Act, which the Senate passed May 20, targets fraud and aims to promote transparency. But U.S. officials are also hoping to uncover hidden links between these companies and the Chinese government.

  • Supporters have characterized the bill as a way to protect American investors from fraudulent Chinese business activity, such as the recent scandal over Luckin, a Chinese coffee startup and former “unicorn” that received delisting notices from the Nasdaq after fabricating hundreds of millions of dollars in sales.
  • But the legislation is also about putting these companies “on the horns of a dilemma,” says a former national security official: They can stop cooperating with Chinese security services or lose access to Western capital.
  • More than 150 mainland Chinese companies are traded on major U.S. exchanges.

Why it matters: The tough stance on Chinese companies publicly traded on U.S. exchanges, which includes tech giants such as Baidu and Alibaba, opens up a new front in the increasingly tense U.S.-China relationship.

Between the lines: By listing themselves on U.S. exchanges, Chinese companies are gaining access to Western capital markets and becoming intermingled in pension funds and other investment vehicles for U.S. workers.

  • But U.S. officials believe that stringent auditing of some of these companies may reveal far closer government links than is publicly known. The closer the links, the likelier these companies are working with China’s security services.
  • Such links could potentially involve the transfer of private company data to China’s intelligence services or the use of these companies’ infrastructure as surveillance or intelligence collection platforms, more than half a dozen current and former U.S. officials told Axios.

Driving the news: The bipartisan-sponsored Holding Foreign Companies Accountable Act requires “issuers of securities to establish that they are not owned or controlled by a foreign government.”

  • The bill is aimed at Chinese companies that are publicly traded on U.S. exchanges, requiring them to provide details on potential state ownership or control, and board members’ relationship to the Chinese Communist Party.
  • Noncompliant companies would risk being delisted on U.S. exchanges, according to the bill.

Though the public rationale for the bill is to protect American holders of securities from these companies from financial fraud, larger national security worries are also driving the legislation, say current and former U.S. officials.

  • National Security Council staff flagged this issue to congressional offices in 2018, according to people familiar with the matter.
  • Some supporters of the Senate bill believe that this measure could strike at the heart of China’s power by reducing its access to Western capital.

Background: In May 2013, the Public Company Accounting Oversight Board (PCAOB) signed a memorandum of understanding with the China Securities Regulatory Commission and the Ministry of Finance.

  • The PCAOB, a nonprofit corporation created by Congress and overseen by the Securities and Exchange Commission, provides third-party oversight of private audits of companies on U.S. exchanges.
  • The 2013 agreement was intended to help facilitate these third-party audit requests, and it was viewed as a step toward cross-border enforcement of capital markets.

But Chinese companies have violated the agreement, according to the PCAOB as well as current and former U.S. officials.

Some U.S. officials believe the agreement was flawed from the start. It allowed “Chinese entities that are listed on the New York Stock Exchange essentially to violate U.S. law by not providing audit work documents or any sort of the transparency you would have in other publicly traded companies,” says a former senior national security official.

What they're saying: “As we have said on our earnings call on May 22, we have always received an unqualified opinion from our auditors on our financial reports showing the auditors believe they have unfettered access to our financials," a statement from Alibaba read.

  • "Also, there is an existing framework for the PCAOB to conduct an inspection of audits on companies with Chinese operations. We understand that there has been ongoing dialogue for the Chinese authorities to permit access by the PCAOB to audit work papers while maintaining compliance with local law.”

The intrigue: The reason Chinese companies are unable to facilitate third-party audits is that Chinese state secrets law appears to prohibit it.

  • “PRC state secret law is so broad that anything can be interpreted as a state secret,” says Kyle Sullivan, the China practice lead at Crumpton Group. “There’s no doubt that some big national champions, regardless of ownership structure, are very close to the party. That’s why they refuse to cooperate with the U.S. in terms of independent auditing.”
  • “The Chinese government has been able to consider all of Alibaba’s internal work documents to be state secrets, despite the fact that they are a publicly traded company,” says the former senior national security official.

The bottom line: Whether or not the Senate bill becomes law, it’s clear that China’s overly broad state secrets law and its proclivity for bulk data collection is a salient concern for many U.S. officials.

Editor's note: This story has been updated with comment from Alibaba.

2. Anonymous digs up vast tranche of U.S. police documents

Individuals affiliated with Anonymous, the loosely organized hacker collective, pilfered a massive amount of data from police organizations nationwide that was later made public, Wired's Andy Greenberg reports.

Anonymous provided the tranche to Distributed Denial of Secrets (DDoSecrets), a transparency collective that serves as a repository for prior hacks.

  • On Friday, DDoSecrets posted the tranche, known as “BlueLeaks,” to its website.

Details: The hack involved 269 gigabytes worth of police data, including “emails, audio, video, and intelligence documents, with more than a million files in total,” according to Wired.

  • “Over the weekend, supporters of DDOSecrets, Anonymous, and protesters worldwide began digging through the files to pull out frank internal memos about police efforts to track the activities of protesters," Wired reports. “The documents also reveal how law enforcement has described groups like the antifascist movement Antifa.”
  • While the leaked data includes information from "more than 200 state, local, and federal agencies," much of the stolen tranche appears to draw from documents from law enforcement fusion centers nationwide, which serve as hubs for intelligence-sharing between police departments and state and federal organizations.
  • DDoSecrets members did edit out “more than 50 gigabytes” of material before publishing the documents, but group members left in banking information as well as personally identifiable information of police officers.

Our thought bubble: Though nothing in the leak appears to be classified, the potential sensitivity of the data reflects a growing understanding that even government documents that aren't designated "secret" can have significant intelligence value — especially when disclosed in bulk. 

3. Media agency purge imperils open source tools

Illustration: Annelise Capossela/Axios

The Trump administration's new head of the U.S. Agency for Global Media has fired the leadership of the Open Technology Fund (OTF), a leading global nonprofit that backs development of tools used for privacy and to circumvent censorship.

What's happening: After Trump appointee and Steve Bannon ally Michael Pack took over at USAGM last week, he fired the heads of its media agencies, including the Voice of America, and replaced board members with administration loyalists who lack international broadcasting experience.

At the same time, Axios' Bethany Allen-Ebrahimian reports, a small group of religious freedom advocates is trying to secure millions of dollars from the OTF budget for two internet censorship circumvention tools developed by supporters of the Falun Gong, a religious group banned in China.

The big picture: Since 2012, OTF has backed open source projects like Signal and Tor used by activists, dissidents and journalists around the world. The Falun Gong-associated tools are proprietary and specifically focused on defeating China's "Great Firewall."

What they're saying: A petition circulated online by OTF supporters warns, "[T]here are serious concerns that the new leadership within the USAGM will seek to dismantle OTF and re-allocate all of its US government funding to support a narrow set of anti-censorship tools without a transparent and open review process."

Between the lines: In recent years, Falun Gong supporters have made common cause with the global far-right, and a growing rapport between its advocates and U.S. ultra-conservatives within USAGM could override internal vetting processes and channel funding toward pet projects.

4. Army private encrypted plans for neo-Nazi terrorist attack

A private in the U.S. Army used encrypted apps to transmit classified information about his own military unit to a neo-Nazi group in advance of a planned terrorist attack against them, according to a recent federal indictment.

Details: In April 2020, Ethan Phelan Melzer, a U.S. Army private, was notified that his unit would be transferred from its current station in Europe, according to prosecutors. Using an encrypted messaging app, Melzer subsequently revealed details about his unit’s “locations, movements, and security, for purposes of facilitating an attack,” according to the indictment.

  • Melzer also used an encrypted app to transmit information about his military unit to someone he believed was an al-Qaeda member, according to prosecutors.
  • O9A, the satanic neo-Nazi group Melzer joined, was also pro-ISIS. Melzer’s iCloud account also contained ISIS propaganda.

The big picture: Melzer’s ultimate aim appears to have been to precipitate “another 10 year war in the Middle East [which] would definitely leave a mark.”

The intrigue: Although prosecutors do not explicitly say so in the indictment, U.S. counterterrorism or counterintelligence officials appear to have used informants or human penetrations of these online neo-Nazi and jihadi networks to gain access to Melzer’s communications.

5. Spies could adopt TikTok prank that padded rally sign-ups

After President Trump’s first rally during the coronavirus outbreak saw far lower turnout than projected by his campaign, some observers believe that a prank — or protest — by users of the video messaging platform TikTok, along with online fans of Korean pop music, helped skew the campaign's projections.

  • Before the event in Tulsa, Oklahoma, President Trump claimed that nearly 1 million people had requested tickets for the rally. An overflow stage was even set up outside the stadium. But “potentially hundreds of thousands of tickets” were reserved as part of a campaign on TikTok, led by young people, to disrupt the event, according to the New York Times.
  • Though the campaign spread widely, the TikTok teens and their K-Pop allies purposefully kept a low profile and quickly deleted their posts tied to the mass action. “These kids are smart and they thought of everything,” a participant in the campaign told the Times.
  • The TikTok teens took other precautions to fool Trump’s campaign, which aims to filter out fake emails and phone numbers. TikTok users “exchanged advice on how to acquire a Google Voice number or another internet-connected phone line” to make their fake applications for tickets appear believable, according to the Times.

My thought bubble: If a community of activists on social media can quietly —and incredibly effectively — distort attendance estimates for a political rally, the possibility or likelihood of similar intelligence agency-led activities in this space can’t be far behind.

  • The tools and techniques used by activists to confuse or thwart filtering mechanisms designed to spot fake accounts have broad applicability for various forms of covert action. And the goals can be similar too: to embarrass disfavored politicians or movements and degrade the supporter data being collected by these campaigns.
6. Odds and ends
Axios