Does nationality still matter in tech buys today?

It does apparently to the U.S. government, which reportedly will be scrutinizing Lenovo's move to buy IBM's server business to ensure it doesn't lead to a backdoor access to U.S. national secrets and infrastructure.
Written by Eileen Yu, Senior Contributing Editor

Chinese hardware maker, Lenovo Group, will apparently face intense scrutiny by U.S. government officials concerned that its purchase of IBM's server business will lead to covert access to U.S. infrastructure and national secrets.

The PC manufacturer in January announced plans to acquire Big Blue's x86 server business in a deal worth about US$2.3 billion, which will include System x, BladeCenter, Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking, and related maintenance operations. The move comes nine years after it bought IBM's PC business in 2005. 

Beijing-based Lenovo is now likely to face officials at the U.S. Committee on Foreign Investment (CFIUS), which investigates potential national security risks in deals involving foreign buyers and local companies, Bloomberg reported. Several essential U.S. organizations including the Pentagon, Homeland Security, Federal Bureau of Investigation, and major U.S. telecommunications companies are customers of IBM servers, according to the report. 

The CFIUS describes itself as an "CFIUS is an inter-agency committee authorized to review transactions that could result in control of a U.S. business by a foreign person...to determine the effect of such transactions on the national security of the United States". The U.S. Defense Department is a member of the committee.

According to Bloomberg, which cited a source familiar with the issue, Lenovo has filed for approval from the committee and reviews can take as long as 75 days. On its part, the Chinese hardware vendor reportedly had briefed CFIUS officials about the deal and assured it would not have access to the servers since IBM would continue to provide maintenance for the equipment. 

This service agreement would last at least five years and could be extended, the source said. The article further noted that the CFIUS had examined more than double the number of investors from China in 2012 than it did in 2011, putting Chinese buyers the most scrutinized foreign buyers of U.S. assets. 

"The government is going to take a look at the degree of penetration of the servers, where they are, how old they are, what the reach-back capability might be," Mario Mancuso, an attorney at Fried, Frank, Harris, Shriver & Jacobson LLP, said in the article. "Could they use the servers as a means of insertion into U.S. government networks and data systems?"

According to Michael Wessel, a member of the U.S.-China Economic and Security Review Commission, the U.S. also will be evaluating the use of the servers in other critical infrastructure, including chemical plants and utility companies. Wessel said in the report: "Exfiltration and infiltration are the issues. Can they get access to servers in some way and take data out or can they infiltrate the system to put in trap doors, viruses, malware or be able to take down systems in a potential conflict situation?"

James Lewis, a senior fellow at the Center for Strategic and International studies, noted: "Anything now with China gets attention." However, he noted that since Lenovo isn't a a state-owned enterprise and has done successful deals before, its IBM deal will likely go through. 

Another interesting fact to note is that IBM has been manufacturing its servers in China for years, where it operates a plant in Shenzhen which produces entry and midrange Power Systems units. Incidentally, its System z mainframes and Power server architecture systems are assembled in Singapore. The 365,000-square foot facility was opened in 2010 and Big Blue's first high-end server manufacturing facility in Asia. 

It's telling that, amid the most advanced of technology and most stringent of security policies, that the nationality of a technology vendor still matters so much to some governments today. 

The U.S. House Intelligence Committee in 2012 had expressed concerns over relationships between Chinese telecoms giants Huawei Technologies and ZTE and their government, which it said result in hacking or attempts to breach U.S. networks through the telecom companies. 

In a turn of events, as it turns out it was the U.S. National Security Agency that had infiltrated the servers of Huawei and spied on its senior executives. The Chinese Foreign Ministry last month said Beijing was "seriously concerned" about the allegations and demanded an explanation from its U.S. counterparts. 

The paranoia, if any, over the IBM-Lenovo's server deal seems misguided. Afterall, hackers can infiltrate an organization through a client device such as smartphone, desktop computer or laptop, just as easily as they can through servers. And China manufactures a whole lot of these, including devices for Apple, Sony, and Nokia, among others. 

Presumably, any IT equipment will have to go through a battery of tests and assessment before it's approved for use in a U.S. government agency. Also, IT security policies will be significantly more stringent within a government environment.

With all these rigid verification, tests, and security rules in place, and a government agency still ends up being breached, then the problem is unlikely to be one involving the nationality of the IT supplier. It's likely gonna be human, and it's likely gonna be domestic. Think Edward Snowden.

In a world fraught with political uncertainties and tense bilateral relations, caution is always a necessary trait. But, so is sensible rationality.

Editorial standards