Issue 87

Treading water until November

Delivered on 21 July 2020 by Justin Pyvis. About a 6 min read.

If you don't think China knows how US-style 'capitalism' works, think again:

[TikTok], which one year ago had virtually no lobbying presence in the nation’s capital, has hired a small army of more than 35 lobbyists to work on its behalf, including one with deep ties to President Trump.
In the past three months, lobbyists working on behalf of TikTok have held at least 50 meetings with congressional staff and lawmakers, including those on top committees like commerce, judiciary and intelligence. Those meetings have included a slick presentation that includes an organizational chart showing that TikTok does not operate in China and that most of its top leaders reside in the United States and are American citizens. For instance, TikTok’s new chief executive, Kevin Mayer, a former executive of Disney, lives in Los Angeles, they say.

TikTok is in the throes of the Chinese government. I suspect the Chinese strategy here is simply to delay any action by the US government until at least November (when the US has an election that may produce a less tariff-happy, nationalist-heavy administration). That certainly seems to be the United Kingdom's strategy:

The British government privately told the Chinese technology giant Huawei that it was being banned from Britain’s 5G telecoms network partly for “geopolitical” reasons following huge pressure from President Donald Trump.
As part of the high-level behind-the-scenes contacts, Huawei was told that geopolitics had played a part, and was given the impression that it was possible the decision could be revisited in future, perhaps if Trump failed to win a second term and the anti-China stance in Washington eased.

But that's easier said than done. I'm not sure how easy it will be to unwind these decisions (and there have been many). Even if Biden wins, November is still four months away and while supply chains are relatively rigid, a fair bit of adjustment has happened over the past few 'tariff war' years. Not just because of actual decisions, either; even the perception of elevated risks of doing business in China (and Hong Kong) as a foreign entity is enough to affect decision makers. And the attacks seem to be intensifying:

Secretary of State Mike Pompeo on Wednesday announced visa restrictions on employees of Chinese technology companies, including Huawei, in the latest Trump administration move against Beijing.

The US "will impose visa restrictions on certain employees ... of Chinese technology companies like Huawei that provide material support to regimes engaging in human rights violations and abuses globally," Pompeo told reporters at a State Department press briefing, [but] did not elaborate on which employees would be targeted or how many people would be affected.

China-sympathising 'morals only apply when they don't hurt movie sales' Hollywood also copped some flak from, you guessed it, William Barr:

U.S. Attorney General William Barr took aim at Hollywood companies, including Walt Disney Co (DIS.N) on Thursday as well as large technology firms like Apple, Alphabet’s Google and Microsoft Corp over company actions with China.

“Corporations such as Google, Microsoft, Yahoo, and Apple have shown themselves all too willing to collaborate with the (Chinese Communist party),” Barr said. He added that Hollywood has routinely caved into pressure and censored their films “to appease the Chinese Communist Party.”

“I suspect Walt Disney would be disheartened to see how the company he founded deals with the foreign dictatorships of our day,” Barr said in a speech at the Gerald R. Ford Presidential Museum in Michigan.

I'm not sure how this will play out, except that the US administration's actions and rhetoric will likely intensify and wane in line with the polls, which are currently against Trump (although as 2016 showed, that doesn't necessarily mean anything). It will be difficult for China to hold out to November without copping some permanent damage, both from the public which might suddenly start caring about privacy and data security and the shift of global supply chains to more politically 'secure' countries.

Twitter was hacked

Centralised systems often have a single point of failure. Twitter's was remarkably vulnerable, with the administrative login information apparently 'stickied' in a Slack chat.

Twitter is lucky the hacker simply asked for Bitcoin rather than starting a diplomatic crisis. That in itself raises further questions - if you're in a position of power, say the US President, should you really be using a centralised social media system when some teenager or disgruntled employee could cause serious damage to your nation with a few clicks? Hillary Clinton was rightly chastised for using a personal, insecure email server in her apartment, but a 'verified', blue-tick Twitter account isn't much better (maybe blue-tick accounts should have to sign each tweet cryptographically, or perhaps the best solution is avoidance of centralised, single-point-of-failure systems altogether).

This is how big consultancies work

The Markup released an exposé on two big technology consulting companies, IBM and Deloitte. Apparently they were hired by states such as California to overhaul and modernise their unemployment payment systems but (1) have failed to deliver working systems and (2) continue to be paid to fix the mess:

Some of those systems have struggled to keep up with the wave of claims across the country, leaving thousands of people without help. In some cases, the technology broke down; in others, the work was never even completed. But those companies continue to win contracts for improving unemployment systems, despite serious questions about the quality of their work.

The states are acting surprised, with Florida governor Ron DeSantis describing "the overwhelmed system as 'a jalopy in the Daytona 500' and ordered an investigation into how the state could have paid so much for so little".

Hiring a big consultancy will usually get you little bag for your buck. The problem for governments is they have little choice: only big consultancies can meet all of the government's mandatory tendering requirements, which are theoretically in place to protect the taxpayer but in reality are there to support big consultancies. It also allows the bureaucrats making the decisions to deflect responsibility and avoid risks. After all, who could be blamed for hiring world renowned companies such as IBM or Deloitte?

Regulation ≠ proper regulation

"We need to regulate the [insert industry name here]!" Familiar? Regulation is a delicate fish and needs to be clear, succinct and well enforced. Unfortunately, it's usually vague, bloated and poorly enforced. It can also be easily captured by those it's supposedly designed to regulate (concentrated interests have a huge incentive to do so):

Germany’s top financial supervisor received detailed warnings about deceptive financial practices at Wirecard AG starting in 2008 but repeatedly declined to investigate the allegations, turning instead against the accusers.
BaFin’s role includes ensuring that listed companies abide by securities law, for instance by communicating truthfully with their shareholders. But BaFin didn’t look into the lawsuit’s allegations against Wirecard because there was no evidence the company had provided misleading information, the spokeswoman said.

Instead, BaFin opened a probe into the accusers. Wirecard had filed a complaint with the agency and the Munich prosecutor after the suit caused its stock to slump. Two former officials of the small shareholders’ association were charged, convicted of market manipulation and handed suspended prison sentences.

A VPN is not foolproof

Yes, you should use a VPN. No, you should not assume it provides you with perfect cover:

A string of "zero logging" VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.

It all came to light this week after Comparitech's Bob Diachenko spotted 894GB of records in an unsecured Elasticsearch cluster that belonged to UFO VPN.

You should also pay for a VPN - anything free simply means you're choosing to trade your browsing data to the VPN provider instead of your ISP/government.

Issue 87: Treading water until November was compiled by Justin Pyvis and delivered on 21 July 2020.