China. Do The Walls Have Ears?

Just because you’re paranoid doesn’t mean they’re not out to get you!

I am convinced about 99.9% of all emails go through. But the way I interpret that is that at least one email I send per day will not reach its destination. If I do not hear back from someone rather quickly, I just assume they did not get my email and so I send it again. In other words, I assume the worst.

I have a similar attitude regarding my privacy when in China and many other countries. I assume my hotel room is bugged and my internet is monitored. I assume the worst and I take every measure I can to be careful. I know people will (and have) laugh at my "paranoia" but I have plenty of stories to tell involving people who were not careful about their data.

1. Many years ago, I was staying on the business floor of the Hotel Lotte in Pusan, Korea. This floor has a couple of computers for its guests. I got on one of those computers (to read the news) and the first thing that popped up was a letter written by a Seattle company revealing information I know they would not have wanted me to see.Someone from this company had written this letter on the computer (in Word format) and simply left it there. Not smart.

2. Many times I have gotten on the internet at an airport computer and been let right into someone's web-mail account. Not smart.

3. A couple of years ago, I found a memory stick in the desk drawer of my hotel in Shanghai that contained an incredible amount of information on a European plastics company. Not smart.

3. A stockbroker I know was sent an email by a rival stockbroker, urging the my stockbroker friend to oppose some proposed law that would strike hard at those with massive net worth. The stockbroker who sent out this email cc'ed it to a half dozen or so of his clients and my friend figured these were people with the requisite massive net worth and he cold called them for their business. He ended up getting a great client with this tactic. Not smart.

4. Many years ago, a client of ours discovered one of its employees was running a rival business within my client's business. My client then arranged for this employee to bring his two company laptops to the office and then when locked out the employee when he went to lunch. You would not even believe the stuff we found on those laptops. I am talking both business and personal. Very, very personal. Not smart.

5. A number of my firm's Russian clients will not discuss anything of any import over the phone or via email. They will only discuss things in my office and, for the even more paranoid, only over at lunch at a restaurant if the matter is of extreme secrecy. They still see themselves operating under the Soviet system, no matter where they are.

I thought of data protection today after reading a fascinating New York Times article, entitled, "Britain Warned Businesses of Threat of Chinese Spying." True or not (and I have no way to know), this article ought to chill you at least a bit. It talks about a 2008 report from Britain's M15 intelligence agency, setting out the following:

Officers from the People’s Liberation Army and the Ministry of Public Security had approached British businesspeople at trade fairs and exhibitions with offers of “gifts” that included cameras and computer memory sticks that were found to contain bugs that provided the Chinese with remote access to the recipients’ computers. "There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.

“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”

I have absolutely no proof that anything like the above has ever happened to me or to anyone else in China, but is anyone out there certain these sorts of things are not happening? How do you handle these issues?

UPDATE: Two more stories. Driving in to work today, I listened to a story on the BBC of how the German will likely pay for illegally mined data from a big Swiss Bank. Germany is thinking it worth it to pay 2.5 million Euros for data that will allow them to catch more than 100 million Euros in tax cheating.

The other story was one of which I was reminded by an old client of mine. Many years ago, I was going to a particular city in a former Communist country and my client and I agreed that, above all else, I should completely avoid meeting with or even talking to "Oleg" [made up name here]. I had to go to this city, but I was going to be there for only two days. I fly in, walk into my hotel lobby and, before I can even check in, two people come up to me and say that Oleg will be coming by to take me to dinner at 7:00 pm. I felt I had to go at that point and when I asked how he knew of my arrival, he said that he gets emailed the list of all foreigners as soon as they arrive. Oleg runs a very successful private business.

FURTHER UPDATE: Someone I know to know China and someone I have every reason to trust, sent me the following email, which I have modified slightly to erase any possibility of anyone being able to trace it back to its source:

Some Chinese companies own their own hotels or have very close relationships with a particular local hotel and contractually require that the foreign parties stay in one of these hotels at a special rate.

Any attempt to arrange different accommodations is met with strict and swift countermeasures. Penalty clauses in the contract are brought up. If you do find other accommodations they will absolutely not pay for them.

Why? All telephone calls are capable of being, and are frequently, recorded. I have actually been in the room used by one of these companies as it's actually not all that difficult to get into.

All of the "photocopies" made at the hotel were scanned digitally and saved. Colleagues would leave their notebooks in the meeting room at lunch, "locked." These notebooks' hard-drives were removed and cloned.

Once, a foreigner locked horns with someone at a big Chinese company and ended up in jail on a prostitution sting. Dan, don't get me wrong, I am against prostitution but this guy was not doing anything any differently from what he (and others) had been doing all along. In this instance the "prostitutes" were in fact not prostitutes. The girl's room was camera'ed out. It is very, very, very rare for someone to be arrested in China for soliciting. This person subsequently got out on greatly reduced charges and I have to believe that was in return for his agreeing to start going along more with the Chinese company.

I will note that I have a very savvy client who absolutely refuses to stay in any hotel recommended by those with whom he does business and who always books his hotels on his own, without revealing where he will be staying. Probably a pretty good policy.

FURTHER FURTHER UPDATE: The Asia Health Care Blog has done a follow-up post, entitled, "China. The walls have ears there, and probably everywhere else," saying I am not paranoid enough and should be paranoid everywhere I am and at all times. My response to that is that I am, but because this is a China blog.....