October 11, 2018
Welcome to Codebook. We have a lot of China to discuss.
Tips? Hit reply to this here email.
1 big thing: China's "influence" vs. "interference" in U.S. vote
John Brennan, the former CIA director and homeland security adviser, believes the debate over what China may be doing to influence or interfere in the 2018 elections hangs on the meaning of two words.
"The term 'interference' is loosely used. But there's a difference between interference and influence," Brennan told Axios at a event for SecureAuth, a firm that he advises.
Why it matters: At the UN, President Trump declared, "China has been attempting to interfere in our upcoming election." Vice President Mike Pence made a similar case a week later at the Hudson Institute, saying that China was trying to influence the election.
- We don't know whether either executive was using "interference" and "influence" to mean separate concepts, as Brennan does, or as a single mushy idea, they way he fears the public uses the terms.
- But it's clear the public took the statements to mean China was doing something like what Russia did in 2018.
The big picture: The difference, at least to Brennan, is that influencing an election doesn't cross over into illegality.
- Attempts to influence the public could be completely aboveboard — like a factual statement to the press.
- Interference covers activities like hacking, propaganda or other components of the Russian meddling in 2016.
- "I would assume China would have an influence campaign," Brennan says. "I'd be surprised if more nations did not have influence campaigns."
The administration has hinted it has proof that China is doing something untoward in the 2018 elections. But the public evidence the administration has offered — such as legally placed, clearly identified advertisements and tariffs targeted at Trump-supporting states — appears to fall cleanly under Brennan's definition of influence.
The scoreboard: Brennan wasn't specifically talking about how the administration uses the terms, but if you look at Pence's Hudson Institute talk under a Brennan lens, the vice president's speech only refers to China's "influence" on elections, not "interference" in them (except when he's quoting Trump).
- If you exclude the Trump quote and two references to "influence and interference," Pence mentioned Chinese "influence" 9 times and "interference" only 3 times — but that's interference in other contexts than the election.
- This Pence statement was widely quoted: "As a senior career member of our intelligence community told me just this week, what the Russians are doing pales in comparison to what China is doing across this country." But in context, the line is a reference to "influence" on "Americans’ perception of Chinese policy."
Legalistic? Probably. The White House didn't immediately respond to a request to elaborate how Pence used both terms. But if the vice president should ever decide that he didn't want to imply there was interference in the election, Pence's speech offers him a lot of "technically, I'm not wrong."
2. More fallout from Bloomberg's spy chip story
Sens. Richard Blumenthal (D-Conn.) and Marco Rubio (R-Fla.) sent a letter to Supermicro asking about controversial allegations in stories by Bloomberg that the Chinese government placed a spy chip in the server maker's motherboards.
Details: The senators ask whether China has used any means to spy on Supermicro servers and whether the company has investigated potential Chinese spy equipment implanted in third-party hardware used by the firm.
- The letter notably also gives equal weight to a separate story first reported by The Information in 2017. Axios is told that was to sidestep controversy over the accuracy of the Bloomberg piece — the Supermicro issue isn't just a single story.
Meanwhile: Rob Joyce, NSA liaison officer in London and former White House cybersecurity coordinator, strongly implied the NSA has no knowledge of the Bloomberg version of events.
- At a Chamber of Commerce event Wednesday, Joyce said that despite "pretty great access," he couldn't corroborate the story. "I don’t have a lead to pull from the government side. We’re just befuddled.”
- He had expressed concerns about the Bloomberg story on Twitter soon after the story posted late last week. But he added new detail on just how befuddled he is.
- "If somebody has first-degree knowledge, can hand us a board, can point to somebody in a company that was involved in this as claimed, we want to talk to them."
- "Do I have confidence that there’s some 'there' there on this story? I don’t," he said.
Go deeper: Politico's Eric Geller live-tweeted the event.
3. Chinese spy arrest spurs fear of more hacking
The Department of Justice announced that Xu Yanjun, a Chinese intelligence agent for the Ministry of State Security, will face trial in the United States for helping China steal trade secrets. Xu is not under arrest for hacking, but some prognosticators believe this is a gloves-are-off moment that could lead to more hacking.
Why it matters: China and the United States have a tenuous relationship over economic espionage. In 2015, Beijing agreed to stop using hacking to steal trade secrets through hacking. A return to a full-scale hacking apparatus targeting U.S. intellectual property would be devastating for business.
Details: Xu flew aerospace employees to China under false pretenses to pepper them with technological questions. He was arrested in Belgium and faces 25 years in prison in the U.S.
- Although Xu is not alleged to be involved in hacking, the MSS is believed to be a Chinese agency involved in China's hacking efforts.
- Hacking declined after the 2015 agreement — the country's overwhelming focus was economic espionage. But Chinese activity has increased in the Trump era (even before the trade war).
- The U.S. has never brought to trial Chinese intelligence assets involved in the IP theft-spree.
- "Expect China to hit back hard!" wrote CrowdStrike's co-founder Dmitri Alperovitch on Twitter.
4. Solving Social Security's ID dilemma
The Center for Strategic and International Studies and McAfee released a new report on modernizing the Social Security number system Wednesday. And the numbers are a thing that need modernizing — we use them as identification in everything from mortgages to job applications, despite their being easy to steal.
The problem: “If we look at how well we're doing right now with Social Security, an estimated 60–80% are already compromised,” said Candace Worley, McAfee vice president and chief technical strategist. That’s because the online world has opened up previously unavailable potential for hackers to steal and sell Social Security numbers.
The problem with solving the problem: There’s an obvious next step to solving the problem — using the Social Security number like a username and using something else as a password or changing the number to something harder to steal, like a biometric. But many of the global models require national databases that the U.S. populous is traditionally against.
- India uses a biometric ID system, but U.S. citizens won’t enjoy giving up their fingerprints to the government.
- A national ID with a smart chip could solve the problem, but U.S. citizens don’t love national IDs.
The bottom line: A middle-ground solution, according to the report, might be to allow private companies to run smart card based identifiers, kind of like a credit card. Citizens could chose who would be in charge of holding their data and replacing lost or stolen cards.
- Worley agrees there’s a downside that would need to be ironed out: It’s hard to get private firms involved without necessitating a subscription model.
5. Odds and ends
The GOP activist who sought hacked Clinton State Department emails met with Michael Flynn (WSJ)
Gallmaker group uses off-the-shelf tools (Symantec)
Microsoft closes security hole used by FruityArmor. (Kaspersky)
Pentagon may find IBM’s lack of faith in JEDI cloud bidding process disturbing (Axios)
The U.S. used a Chinese spy to stop Chinese spies’ hacking (Wired)