China syndromeU.S. Government recommends weighing laptop before and after visit to China

Published 16 September 2009

The U.S. government urges travelers to follow extremely strict policies for visits to China which extend far beyond standard software protection; the policies encourage them to leave their standard IT equipment at home and to buy separate gear only for use in China

Senior executives in U.S. IT companies have been advised by the U.S. government to follow extremely strict policies for visits to China which extend far beyond standard software protection. The policies encourage them to leave their standard IT equipment at home and to buy separate gear only for use in China.

Mark Bregman, chief technology officer at security firm Symantec said he left his MacBook Pro behind in the United States and took his MacBook Air whenever he flew to China. Bregman said he only ever used the Air in China and re-imaged the machine every time he returned home.

He said, however, that he was “pretty relaxed” when it came to following the security policies. “I don’t let my IT department near my laptop,” he said.

I was advised by people in three-letter agencies in the U.S. government to weigh the machine before I left and when I got back,” Bregman said.

They also don’t want me to take my phone. They said to buy a mobile phone in the U.S. and throw it away when you come back.”

Bregman said the United States was also concerned about its companies employing Chinese coders, particularly in security.

He said the “software supply concern” was due to fears that Chinese developers would insert malicious code into software sold to American companies or the U.S. government. “If you’re a big company doing development in China the U.S. government asks, ‘Why should we trust you? We won’t buy from you.’”

He said, however, that every software company used developers in China including Microsoft, Oracle and others. Bregman also asked why the United States should fear Chinese developers but not U.S. developers, when terrorist attacks were carried out in the United States by American citizens.

Instead of worrying about the software products produced in China, the U.S. government should look at the tools and processes software vendors use to test their code, he said.

Symantec, as a security vendor which analyses code for malware, should be considered very reliable, said Bregman. Bregman said the United States had never asked Symantec to gather evidence using its own products.

I’m not paid by the U.S. government. Why would I do it? “I want all governments and customers to be assured that the software I’m selling them does what I say it does and nothing more.”