Caveat 7.8.20
Ep 36 | 7.8.20

Huawei statements are not as strong as before.

Transcript

Shannon Vavra: Broadly, some of the accusations against Huawei that they have been engaged in some surveillance and that they may allow the Chinese government to access their technology to enable their intelligence agencies to conduct espionage.

 

Dave Bittner: Hello everyone, and welcome to "Caveat," the CyberWire's law and policy podcast. I'm 

 

Dave Bittner. And joining me is my co-host, Ben Yelin from the University of Maryland Center for Health and Homeland Security. Hi, Ben. 

 

Ben Yelin: Hello, Dave. 

 

Dave Bittner: On this week's show, I've got the story of a school district that's in hot water over facial recognition issues. Ben has the story of protesters being tracked via their mobile devices. And later in the show, my conversation with Shannon Vavra from cyberscoop on her recent article "Huawei Execs Admit They Don't Know Whether Their Tech is Used for Surveillance." While this show covers legal topics and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. 

 

Dave Bittner: All right, Ben, let's dig into our stories this week. You want to start things off for us? 

 

Ben Yelin: Sure. So my story comes from BuzzFeed. It is not a BuzzFeed quiz trying to get you to figure out which "Friends" character you are, but it is actually from their tech page. And the headline is "Almost 17,000 Protesters Had No Idea a Tech Company was Tracing Their Location." It's by Caroline Haskins, who is their lead tech reporter. So it's a really interesting story. It's about a company called Mobilewalla. And they aggregate cellphone location information that they purchase from other companies and end up getting a good deal of data about the devices that they find in a given location. They did that in a number of cities coinciding with the George Floyd protests over the past month and a half. So they observed data from Atlanta, Los Angeles, Minneapolis and New York City. And based on the location information they were able to collect, they put together a presentation of demographic data on all of the protesters. And it's very, very granular. I mean, it gets into a good level of detail. 

 

Dave Bittner: Can you give us an example of the kind of stuff that they can glean from this information? 

 

Ben Yelin: So racial makeup is certainly one of them. They observed that a majority of protesters in each of the city were male. They were able to label the racial makeup to divide the protesters between African American, Caucasian, Hispanic and Asian American. So they were able to determine that the majority of protesters were African American males in all four of the major cities or at least the plurality of protesters. So, obviously, this is useful for their own purposes. They could sell this data to advertisers. But there's also the danger that they would sell this data that they've collected to law enforcement. And that was a concern expressed by former presidential candidate and Senator Elizabeth Warren, who was very disturbed that this company collected this data, they could potentially sell it to the FBI or to ICE to use for immigration law enforcement actions. 

 

Ben Yelin: You know, you could do something as nefarious as figuring out how many Hispanics were at a particular rally. If it's a limited number, you could track each of those devices, figure out whether those devices belong to people who are properly in this country who are documented. So you could use it, really, for racial profiling purposes, and that could be particularly dangerous. And that's what a couple of advocacy groups have said that simply by collecting this information, you could undermine freedom of assembly. I mean, people are exercising their First Amendment rights by going to this protest. 

 

Ben Yelin: Another thing that stuck out to me is the way that they were able to get demographic data from location data is through artificial intelligence. So they basically purchased this location data, put it through some sort of sausage making system, and based on whatever algorithms they developed, they were able to produce demographic data, which is pretty remarkable. And, you know, something that - I think the protesters certainly were not aware that a company is willing to collect this information in this manner. 

 

Ben Yelin: And the other kind of funny thing about this story is nobody asks them to do this. I mean, they're a relatively small company. It's not like this was done by Amazon or Microsoft. And it was apparently just a bunch of curious employees who were seeing these protests, seeing, you know, some of the violent outgrowth of these protests with looting, arson, et cetera and were curious about the demographic makeup of these protesters. And so they put together just your standard PowerPoint presentation on who these protesters were and sent it around internally. And it seems like it was leaked to a bunch of different news sources. So it's not like any government agency had asked them to collect this data. But, you know, now we know that a government agency could ask them to collect this data. And I think that's what would be a major cause for concern. 

 

Dave Bittner: Yeah. This is really interesting to me. I mean, of course, a couple of things come to mind. I couldn't help sort of chuckling that the odds are if they ran it through AI that it would misidentify all of the Black people and - because what we see with facial recognition and AI - how often it gets it wrong. 

 

Ben Yelin: Yeah, absolutely. 

 

Dave Bittner: (Laughter). 

 

Ben Yelin: See our previous episode for a cautionary tale on that. 

 

Dave Bittner: Right. Right. Exactly. But more seriously, I wondered, how are they getting this data? Because the mobile carriers, the mobile - you know, the big - the AT&Ts, the Verizons, the T-Mobiles have all said that they stopped selling this information. But then, of course, it struck me, well, yeah, but everybody has a gazillion apps on their phone that are beaconing back home with all this information. And so if you're an aggregator, that information, I suppose, is readily available for purchase online. 

 

Ben Yelin: Absolutely. Yeah. I mean, they got this from advertisers, data brokers. Even some Internet service providers have not been as gung ho as they say they have been in making sure that this type of data is not sold to third parties. But yeah, I mean, that that's exactly what happened. And this data is very lucrative in the private sector. I mean, you could collect all of the devices that are here. And once you feed it into this algorithm, then you can find out, you know, the professions of these people, what their income levels are, what their interests are. And that could be very valuable information not just for the government but for advertisers. And all just because these individuals were engaging in a First Amendment activity, going to a protest, of course, completely unaware that this data was being collected. 

 

Ben Yelin: But the lesson here is that all of us need to be aware that somebody is going to be tracking our location, especially during public gatherings. I mean, I just think we've seen enough of these stories now to know that this information is valuable. Whether it's going to end up in the hands of law enforcement or data brokers or advertisers, it's just likely that somebody out there is going to collect it. And so I think it's up to the users to, you know, take prophylactic actions to protect their personal information if they don't want their location to be revealed, and they don't want their data analyzed by a third-party group like this. 

 

Dave Bittner: Yeah. And I've seen plenty of discussion online about whether or not you should, for example, use a burner phone when you go to a protest like this. You know, just not use your main device. Use a disposable device to help prevent this. 

 

Ben Yelin: Yeah. I mean, that certainly could be something you could do - even something like putting it in airplane mode so that your applications are not running in the background or turning off cellular service. You want your mobile device for other purposes. And those are all measures you can take. But just generally being aware that you don't have an expectation of privacy anymore when you go to these very public events. There's going to be a lot of interest out there into who's attending things like this. We talked about an example a couple of weeks ago about the Rose Bowl, where advertisers took the opportunity to collect data on individuals using facial recognition. Who was going to this fan festival at the Rose Bowl? That's less of a First Amendment activity than what we've seen here. So it kind of presents - it doesn't present the same type of constitutional concerns that this story does, at least for me. 

 

Dave Bittner: Yeah. All right. Interesting stuff for sure. My story this week - this comes from the Lockport Union-Sun and Journal out of Lockport, N.Y. And it's titled "Lockport School District Will Intervene In NYCLU Lawsuit." This is a really interesting story here. So evidently, the Lockport school district has installed, as part of their security system, their security cameras, which I think is a pretty common thing in most schools today - in fact... 

 

Ben Yelin: Yes. 

 

Dave Bittner: ...I'd say it's ubiquitous. But they have installed a facial recognition software system, an add-on to the system that allows them to identify people by their faces. And what they've done is they've put in what they call a hot list. And that's people who are not allowed on school grounds. And so presumably, what happens is as people come in and out of the school, if you happen to be on the hot list, you get flagged. And the administration is notified, and they can come get you and escort you off the premises. They are not putting student data into the system. And the reason that they're not putting the student data in the system is that they're not allowed to put student data in the system. And that was part of a lawsuit that went on here. But they're arguing that absence of data in the system is still information? Is that how you read this, Ben? 

 

Ben Yelin: Yeah. The way I read it is that they are necessarily checking every single face that appears on school grounds. And they're keeping those faces in a database for at least a limited period of time. I think it was, like, a matter of hours or days. So just because these faces aren't necessarily being saved, the fact that they're collected for any period of time makes them vulnerable, potentially, to hackers. And that's - you know, we're talking about high school students who not only have not done anything wrong but certainly would not have consented to this type of surveillance. 

 

Ben Yelin: Now, as you said, their images are not being retained. You know, after every face that's scanned on an hourly or daily basis is deleted from the system, the student faces are not being retained. And that's sort of what the New York State Department of Education would say to defend the use of this software. But again, there is some collection going on because in order to identify somebody on the hot list, you have to scan every single face through one of these cameras. And that's students, teachers, administrators, et cetera. You know, it's sort of like checking any database trying to find a hit. You necessarily have to check every single entry on that database. And so I think that's what's going on here. 

 

Dave Bittner: Help me understand the legal issue. What was going on here with the lawsuit? 

 

Ben Yelin: The American Civil Liberties Union sued the New York State Education Department, and that was the original defendant named in the case. But the Lockport school board, because they thought that their interests are being represented in this case - they obviously have an interest in keeping their school facilities safe from people who are put on this hot list - they wanted to be the named defendant in this case so that they could hire their own attorneys and argue this case on their own behalf. And that makes sense because this is about the safety of their community. I mean, it is an issue of local control. 

 

Ben Yelin: And as, you know, Orwellian as the system might be, this facial recognition system is, you can understand why it's necessary. We live in an age where there have been violent incidents at schools across the country. And not only is this hot list identifying suspicious individuals, maybe people who have been, for example, on sex offender registries, but it also can recognize a large variety of weapons, apparently. This is a software - it's an Aegis software suite created by the Canadian-based SN Technologies. So not only can it recognize individuals; it can also recognize weapons. And if that alert gets to administrators in time and if administrators have enough time to notify law enforcement, then we're perhaps saving lives by having this facial recognition software on school grounds. 

 

Ben Yelin: Now, those are some assumptions there. I'm not sure that the timing really works out. I mean, if someone runs on campus with a firearm, the alert system isn't going to work in time. But, you know, even if it stopped one potential school shooting, maybe it's worth it that student information is collected on a very limited basis simply, you know, to check those faces against the suspicious faces on this hot list that's being maintained by the school. 

 

Dave Bittner: You know, I remember back to my own high school days, and I remember, you know, at the start of the day, as everyone was making their way into the school, there would routinely be teachers who were kind of assigned to be at the entrances and just sort of kept an eye on who was coming in. And I have no doubt that they knew all the faces of the kids in school and would - if somebody was a stranger, you know, there's a chance that they would - a good chance that they would recognize that this wasn't someone who belonged on campus. But I suppose these days it's a little more complicated. 

 

Ben Yelin: Yeah. I mean, I don't think something like this could necessarily take the place of schoolteachers, administrators or security guards just because of that timing element. I mean, if there's somebody who is rushing onto campus, whatever alert system... 

 

Dave Bittner: Right. 

 

Ben Yelin: ...Is put in place isn't going to be sufficient in those circumstances. 

 

Dave Bittner: Yeah. 

 

Ben Yelin: But it could be useful in potential investigations after the fact. So, you know, you're alerted that an individual on campus is part of this hot list. Now you have surveillance footage of that person. If you end up needing to prosecute that person for a crime committed, then you have that piece of evidence... 

 

Dave Bittner: Yeah. 

 

Ben Yelin: ...And you have that alert that's been sent to the school administrators. 

 

Dave Bittner: Yeah. Well, it's interesting for sure. It's a - boy, it's a different world, isn't it? 

 

Ben Yelin: It sure is, yeah. I never would've imagined this in our public school days. Not to rip you too much, Dave, but my public - my high school days are a little more recent than yours. 

 

Dave Bittner: That is true (laughter). 

 

Ben Yelin: And we did not - we did not have this type of technology back then either. 

 

Dave Bittner: That's right. Well, yes. And we went to school - we rode a pony to school then. 

 

Ben Yelin: Absolutely. And all of your messages were sent through pigeon carriers. 

 

Dave Bittner: That is correct. 

 

Ben Yelin: Congratulations on that. 

 

Dave Bittner: Yes, yes. We had ink wells in the desks. It was great fun, yeah. All right. Well, those are our stories. It is time to move on to our Listener on the Line. 

 

(SOUNDBITE OF PHONE DIALING) 

 

Dave Bittner: Our Listener on the Line comes from Buffalo, N.Y. His name is Tony (ph), and he's got a good question for us. Let's have a listen. 

 

Tony: Hi. This is Tony from Buffalo, and I was mighty concerned about your story where the FBI was able to track an individual by subpoenaing an Etsy seller. I was actually curious about sellers' rights if a law enforcement agency asked to see their records. What can they do to prevent it? And what do they - when do they have to comply? Thank you. 

 

Dave Bittner: All right, Ben, good question there. What do you make of that? 

 

Ben Yelin: So very good question. Thank you, Tony from Buffalo. I think we have a western New York-themed show this week. So a shoutout to any of our listeners up there. It's a great question. Generally, any third party is required to abide by the terms of a subpoena. There are some potential exceptions if what is requested by the subpoena is legally privileged information. Like, communications with one's attorney - that is protected. You do not have to submit that information. And, you know, if they're requesting something like trade secrets, you can challenge the subpoena, you could seek to quash it, or you could try and enter into some sort of confidentiality agreement with the entity that is requesting the subpoena. But in most of these cases, you really are obliged to hand over that information. There is a legal recourse. As I mentioned, there is a motion to quash a subpoena. You can make your case in front of a judge. And, you know, in most cases, especially when we're talking about obtaining some type of digital data or evidence, the government merely has to show that they have reasonable grounds to believe that information is relevant to some sort of investigation. That's not a very high standard. It's going to be very hard for a third party to intervene and say, you know, this type of collection is unconstitutional; it's not fair to our users. Even though they might try and make that case, that is very rarely successful in courts of law. But it is a very good question, and thank you for calling in. 

 

Dave Bittner: Yeah. Thanks so much, Tony from Buffalo, for sending in that question. We'd love to hear from you. We have a call-in number. It's 410-618-3720. You can also email us at caveat@thecyberwire.com. 

 

Dave Bittner: Ben, I recently had the pleasure of speaking with Shannon Vavra from CyberScoop. She has a recent article. It's titled Huawei Execs Admit They Don't Know Whether Their Tech is Used for Surveillance. Here's my conversation with Shannon Vavra. 

 

Shannon Vavra: We sat down for a broad-ranging interview on the sidelines of RSA with Huawei to talk about sort of the U.K. reporting on their software engineering issues and, broadly, some of the accusations against Huawei that they have been engaged in some surveillance and that they may allow the Chinese government to access their technology to enable their intelligence agencies to conduct espionage. 

 

Shannon Vavra: And Huawei's been facing quite the onslaught in the U.S. recently. The Trump administration has recently accused them of using backdoors to access mobile networks. That's something that Huawei has denied since then? There's also been a superseding indictment that was recently unsealed earlier this year that an alleged Huawei subsidiary has engaged in surveillance in Iran dating back to at least 2009. There's a load of other legal issues that they're ensnarled in right now, one of which is with the FCC. And the list goes on. So the context for the interview was Huawei is in an embattled position in the United States. 

 

Dave Bittner: And so what was their approach to this interview that they had with you? Was this a bit of a charm offensive from Huawei's point of view? How did the interview go? 

 

Shannon Vavra: It may have been. And I only say that from the perspective of - they had Andy Purdy, who's the chief security officer, onstage just 30 to 45 minutes before our interview. And then I know they also did a load of other interviews with other reporters that day and possibly other days that week in San Francisco. And so it did appear to be a blitz with the press at the time. And the interview went on for quite some time. It was longer than 30 minutes to my recollection, and I had to press them multiple times to get some answers to questions, which they did provide. 

 

Dave Bittner: Now, Andy Purdy has history in the U.S. government in cybersecurity and security in general, yes? 

 

Shannon Vavra: Yes, that's true. So Andy Purdy, he's the chief security officer at Huawei. He's a former Department of Homeland Security official. And in some cases, you could consider him sort of an OG cybersecurity U.S. government wonk. I think that's sort of a fascinating angle here is that you have the U.S. government painting Huawei as almost an arm of Beijing or at least operating at the behest of Chinese government requests on occasion. And then you have Andy Purdy here sitting, from some perspectives, at the helm of it all. And I think that that probably grates some people in the Trump administration right now. 

 

Dave Bittner: So take us through what the interview was like. What were some of the areas that you pressed them on? And what sort of answers did they provide? 

 

Shannon Vavra: We began the interview by talking about the U.K.'s - they have a Huawei Cyber Security Evaluation Centre. We talked about a report that they issued in 2019 about Huawei's security. So we talked about software development processes. We talked about whether attackers could gain access to user traffic because of poor coding that's alleged In Huawei's development processes. And Huawei has been alleged to fail to address those concerns on multiple occasions with the U.K. And when I pressed them on that, they said, you know, we're having growing pains. And when you look at it from the perspective of Huawei's being accused of far more than poor coding and bad software development processes, that's not necessarily a resounding endorsement to start. 

 

Shannon Vavra: But then I pressed them on some of the surveillance accusations that have been leveled against their company, like they've been accused of having their employees operate some technology on behalf of Zambia and Uganda to spy on political dissidents. And when I asked them about that, they departed a little bit from previous statements. They said, no company is perfect, indicating they don't have full visibility into how their technology is used. Now, the previous company line had been that, well, there was an internal investigation, and the allegations are not true - the employees haven't done those activities; they haven't helped any spying. So that was sort of the first moment where I thought maybe this interview was going to be a little more interesting than a PR blitz. 

 

Dave Bittner: How did it continue? What other sorts of lines of questioning did you explore with them? 

 

Shannon Vavra: So then we talked a little bit more about the broad accusations that they may be engaging in espionage or allowing espionage for the Chinese government. And they admitted pretty broadly that they did not know whether their technology was used for surveillance. They pointed their fingers at network providers and telecommunications companies. And they said, you know, maybe we should take a look at those companies instead. 

 

Shannon Vavra: But we kept coming back to this part where they said they didn't know if they were being used for surveillance. And that is, again, quite the departure from their usual line of saying, we don't comply with intelligence requests from the Chinese government. We won't be doing that. Accusations against our company that we engage in espionage and reconnaissance for a government - that's false. And so that was quite an interesting part of the interview. 

 

Shannon Vavra: And the other big takeaway, too, at the time was the interview had taken place a couple of weeks after. There was a Washington Post report on a company called Crypto AG. And that reporting showed that the U.S. intelligence community, the CIA and the NSA jointly worked over decades to undermine encryption in machines from this company Crypto AG so that the U.S. intelligence community could spy on adversaries and allies. And Andy Purdy told me, you know, I understand where the U.S. government is coming from being so suspicious of Huawei, especially because of this report. We know Huawei's heavily subsidized by the Chinese government. Crypto AG got a lot of cash injections from the U.S. intelligence community. 

 

Shannon Vavra: And the really interesting overlap there for me is many employees for Crypto AG went on the record with the press saying, we don't know about any surveillance. We don't know about any espionage. And it's very possible that if we take the Trump administration's allegations against Huawei to be true and the reporting against Huawei to be true, it's very possible there are employees working for Huawei who aren't aware of any alleged espionage. 

 

Dave Bittner: Where do we stand in terms of actual evidence against Huawei? In other words, you know, versus rhetoric and accusations, have the folks who are accusing Huawei - have they actually released hard evidence that that this is what we've seen going on? 

 

Shannon Vavra: The smoking gun - it depends on where you sit on the issue. The smoking gun may not necessarily be there quite yet, if it is coming. The strongest allegations against it, some may argue, came out earlier this year when the Trump administration revealed that they had shared with the U.K. some evidence that had previously been more tightly held in the intelligence community in the U.S. that Huawei had installed some back doors in mobile networks. Of course, during this interview, we talked about that. And Andy Purdy and Tim Danks, who's a vice president at Huawei, said that's fear mongering from the U.S. That's scare tactics. That's not necessarily, you know, something you should listen to or give any weight to. 

 

Shannon Vavra: And, you know, just going back to the conversation about whether Huawei and whether some employees are aware of any alleged espionage, they continue to say over and over again, we don't know where this is going to be used. They kept saying, we can't imagine if we knowingly did any sort of espionage. And that just - it kept striking this chord. We kept returning to that conversation. 

 

Dave Bittner: Not terribly reassuring, I suppose, or decisive in those answers. 

 

Shannon Vavra: No. And what was so striking to me was that it was such a departure from the company line. And when we did talk about some of the engineering issues that Huawei has been accused of having, you know, Andy Purdy and Tim Danks laid out they have this engineering program where they're working to improve their development processes and their engineering processes, talking about growing pains and comparing themselves to Microsoft, like, 20, 30 years ago. 

 

Shannon Vavra: And, you know, some of those - just to run through them - there were some documentation in the U.K.'s a report that there was the possibility that Huawei had some memory safety vulnerabilities in some of their technologies, that even attackers could possibly take down an entire network due to some coding issues and poor coding practices that Huawei employed. And again, Tim Danks and Andy Purdy kept going back to saying, you know, we're working on it. We're working across the board. I asked them for evidence of what that looked like, and they wouldn't provide any. 

 

Dave Bittner: Now, help me understand where Huawei fits into the global market for the devices that they make. I mean, it's my understanding that, for example, for the 5G buildout, there aren't that many companies that provide the hardware necessary for that. Is it right to say that Huawei sort of had its own niche among those providers? 

 

Shannon Vavra: Huawei is definitely considered to be dominant in this case from a market perspective across the globe, which is why in part the U.S. government effort to convince allies, especially those in Europe, to agree to ban Huawei from federal networks - for example, like the U.S. has done - has been so difficult - because it also becomes a marketing question, which is something on stage at RSA that Andy Purdy hit on quite a fair amount, as he kept saying, we have to separate the national security conversation from the economics questions here. Which is it? Is it an economics issue? Or is it a national security issue? And that's an argument that keeps coming back up. 

 

Shannon Vavra: But at the end of the day, the bigger picture here is that it's not just Huawei. The Trump administration is railing against several Chinese-based and Chinese-backed telecommunications companies right now. So for instance, a couple of weeks ago, there was an assessment from the Department of Defense, the Department of Justice, the State Department. And they told the FCC, our recommendation is you need to revoke the licenses of this other Chinese telecommunications company. It's called China Telecom. And in response to that, the FCC issued an order to four Chinese telecommunications companies saying, we need you to provide us with evidence about why you should be allowed to provide services in the U.S. despite these national security concerns and concerns in our administration about possible espionage. So the issue is not just an economics issue as far as the administration is painting it. And it's not just a Huawei issue. 

 

Dave Bittner: How do you see this playing out in the future? Do you have any speculation as to where we're headed? 

 

Shannon Vavra: I think, so far, we've seen Huawei receive several blows in federal court. They've taken some of these issues to court to try to make their argument that they should be allowed to do business in the United States. But recently, a federal judge dismissed a suit they filed against the challenge to using their technology in the U.S. And things are not necessarily looking up for them. As far as how coronavirus is affecting that, I'm not totally sure what that means for the future of Huawei. But the Trump administration does not seem to be letting up some of the pressure that the Department of Defense and Department of Justice and State have recently put on Chinese telecommunications companies writ large has issued and surfaced in the last couple of weeks during the pandemic - doesn't seem to be going away. 

 

Shannon Vavra: I think the most interesting part of this interview is that, from a reporting perspective, Andy Purdy and Tim Danks didn't just say once that they weren't having full visibility into how their technology was used. They said it on multiple occasions in multiple different circumstances, which makes me feel like it wasn't a slip-up. And that's what I kept coming back to is that this was part of the conversation now and it was something they were freely ready to admit and say. That is interesting. 

 

Dave Bittner: Did you interpret that as a nonadmission admission? 

 

Shannon Vavra: It's not an admission. 

 

Dave Bittner: Yeah. 

 

Shannon Vavra: From, you know - it's not an admission. But the defense is just not quite as strong as the company statements that have come out from Huawei before. Not having full visibility into how a technology is used is different than saying this is not happening. That's all I can say on that right now. 

 

Dave Bittner: All right. Interesting stuff, Ben. What do you make of all this? 

 

Ben Yelin: Yeah. So this article came out around the time of the RSA Conference back in late February, early March. And she really had the opportunity to kind of get face-to-face with these executives and really got this kind of stunning admission that they weren't sure whether Huawei technology was being used for surveillance purposes. Cut to where we are now, three months later. And the day before we record this podcast, the FCC has identified Huawei as a national security threat, meaning they are not eligible for certain government contracts to build a 5G network in the United States. 

 

Ben Yelin: So you know, it was kind of stunning to hear that the executives of this company can't assure the general public and potential customers that the Chinese communist government is going to use this technology for espionage. And now, you know, three months later, we have evidence that the federal government agrees that this really is a threat, that these companies are a threat to our national security. So it was certainly eye-opening from that perspective. 

 

Dave Bittner: From an even, you know, broader perspective - a bigger picture looking at our relationship with both hardware and software that comes out of China, you know, we saw this week that the TikTok app on iOS, for example - very popular social media app. 

 

Ben Yelin: It's what the kids are using these days, yeah. 

 

Dave Bittner: It's what all the kids are using. It's funny. I actually asked my son, Jack (ph). I was like, Jack, do you use TikTok? He was like, oh, yeah, I use TikTok - because of course he does. (Laughter). 

 

Ben Yelin: Yeah. 

 

Dave Bittner: But that it was examining the contents of your clipboard in iOS all the time. (Laughter). This, of course, is a problem. And when confronted with this, the TikTok folks said, oh, well, we're going to change that. We won't do that anymore. Was that wrong? Should we not have done that? We'll turn that off. 

 

Ben Yelin: (Laughter) Yeah, the George Costanza - was that wrong? Should I not have done that? 

 

Dave Bittner: Right. 

 

Ben Yelin: Yeah. 

 

Dave Bittner: Right. But getting back to the big picture here, I mean, it seems to me from a policy point of view, it really puts us in an interesting place because, certainly, so much of the hardware that we rely on comes out of China. Their manufacturing capability is, I suppose globally, second to none when it comes to electronics. And the companies over there are beholden to their government to basically do what's asked of them. Right? 

 

Ben Yelin: Yeah. And that certainly is very reasonable grounds for our FCC to make a decision not to make use of that technology in our country. And that is distinct from what our allies across the Atlantic Ocean have decided to do. The U.K. made a decision that they would allow Huawei to build out a 5G network in the United Kingdom. And that created a bit of a backlash among members of the House of Commons, you know, just because of these very threats that you've identified. They are really beholden to a totalitarian government. And that concern kind of has to be at the back of all of our minds when we're making decisions about how to deploy technology in our countries. 

 

Dave Bittner: Yeah. Well, our thanks to Shannon Vavra for joining us. She and the gang over there at CyberScoop always do a great job, and we appreciate her taking the time to speak with us. That is our show, and we want to thank all of you for listening. 

 

Dave Bittner: The "Caveat" podcast is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our coordinating producers are Kelsea Bond and Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. 

 

Ben Yelin: And I'm Ben Yelin. 

 

Dave Bittner: Thanks for listening.