Welcome to Codebook. We have a lot of China to discuss.
Tips? Hit reply to this here email.
Former Director of the CIA John Brennan. Photo: Drew Angerer/Getty Images
John Brennan, the former CIA director and homeland security adviser, believes the debate over what China may be doing to influence or interfere in the 2018 elections hangs on the meaning of two words.
"The term 'interference' is loosely used. But there's a difference between interference and influence," Brennan told Axios at a event for SecureAuth, a firm that he advises.
Why it matters: At the UN, President Trump declared, "China has been attempting to interfere in our upcoming election." Vice President Mike Pence made a similar case a week later at the Hudson Institute, saying that China was trying to influence the election.
The big picture: The difference, at least to Brennan, is that influencing an election doesn't cross over into illegality.
The administration has hinted it has proof that China is doing something untoward in the 2018 elections. But the public evidence the administration has offered — such as legally placed, clearly identified advertisements and tariffs targeted at Trump-supporting states — appears to fall cleanly under Brennan's definition of influence.
The scoreboard: Brennan wasn't specifically talking about how the administration uses the terms, but if you look at Pence's Hudson Institute talk under a Brennan lens, the vice president's speech only refers to China's "influence" on elections, not "interference" in them (except when he's quoting Trump).
Legalistic? Probably. The White House didn't immediately respond to a request to elaborate how Pence used both terms. But if the vice president should ever decide that he didn't want to imply there was interference in the election, Pence's speech offers him a lot of "technically, I'm not wrong."
Sens. Richard Blumenthal (D-Conn.) and Marco Rubio (R-Fla.) sent a letter to Supermicro asking about controversial allegations in stories by Bloomberg that the Chinese government placed a spy chip in the server maker's motherboards.
Details: The senators ask whether China has used any means to spy on Supermicro servers and whether the company has investigated potential Chinese spy equipment implanted in third-party hardware used by the firm.
Meanwhile: Rob Joyce, NSA liaison officer in London and former White House cybersecurity coordinator, strongly implied the NSA has no knowledge of the Bloomberg version of events.
Go deeper: Politico's Eric Geller live-tweeted the event.
The Department of Justice announced that Xu Yanjun, a Chinese intelligence agent for the Ministry of State Security, will face trial in the United States for helping China steal trade secrets. Xu is not under arrest for hacking, but some prognosticators believe this is a gloves-are-off moment that could lead to more hacking.
Why it matters: China and the United States have a tenuous relationship over economic espionage. In 2015, Beijing agreed to stop using hacking to steal trade secrets through hacking. A return to a full-scale hacking apparatus targeting U.S. intellectual property would be devastating for business.
Details: Xu flew aerospace employees to China under false pretenses to pepper them with technological questions. He was arrested in Belgium and faces 25 years in prison in the U.S.
Photo: Daniel Grill/Getty Images
The Center for Strategic and International Studies and McAfee released a new report on modernizing the Social Security number system Wednesday. And the numbers are a thing that need modernizing — we use them as identification in everything from mortgages to job applications, despite their being easy to steal.
The problem: “If we look at how well we're doing right now with Social Security, an estimated 60–80% are already compromised,” said Candace Worley, McAfee vice president and chief technical strategist. That’s because the online world has opened up previously unavailable potential for hackers to steal and sell Social Security numbers.
The problem with solving the problem: There’s an obvious next step to solving the problem — using the Social Security number like a username and using something else as a password or changing the number to something harder to steal, like a biometric. But many of the global models require national databases that the U.S. populous is traditionally against.
The bottom line: A middle-ground solution, according to the report, might be to allow private companies to run smart card based identifiers, kind of like a credit card. Citizens could chose who would be in charge of holding their data and replacing lost or stolen cards.
The GOP activist who sought hacked Clinton State Department emails met with Michael Flynn (WSJ)
Gallmaker group uses off-the-shelf tools (Symantec)
Microsoft closes security hole used by FruityArmor. (Kaspersky)
Pentagon may find IBM’s lack of faith in JEDI cloud bidding process disturbing (Axios)
The U.S. used a Chinese spy to stop Chinese spies’ hacking (Wired)