Telstra is fine with VTech – nothing to see here

There’s an interesting development in the VTech scandal I wrote about last week – Telstra has decided to start selling its kit again.

Now, I don’t mean to be cynical here but the Aussie telco giant only decided to pull VTech products temporarily from its shelves about a week ago after a report broke detailing serious human rights and labour abuses.

It provided me with the following statement today:

We are satisfied with the outcomes of our investigation and we will resume sales of the handsets in our branded stores.

So a week is all it takes to satisfy the many and very serious charges levelled by the report from not-for-profit the Institute for Global Labour and Human Rights?

There could be a few explanations for what just happened:

• The report is a complete fabrication and Telstra was quickly able to establish this
• Telstra is doing this for purely commercial reasons – Vtech apparently makes all of its fixed line phones – and is still investigating behind the scenes
• Telstra has been made assurances about VTech conditions by the company and has naively accepted them without investigating first hand.

Given that conditions in electronics factories in the Pearl River delta are known to be pretty awful, I think the first option is pretty unlikely.

Having made the bold step of removing VTech products in the first place to presumably head off any negative publicity at the pass, Telstra has opened itself back up very quickly.

No word yet from other big name tech vendors involved, including Motorola, Philips etc. Presumably if they agree with Telstra, then we can all sleep easy. Or not.

Final word to Geoff Crothall from HK-based rights group the China Labour Bulletin who told me the following:

Of course, one week is not long enough to fully investigate such claims. The only way to really understand working conditions is to listen to the workers. But before you do that you need to gain their trust and demonstrate that their complaints will be taken seriously and that mechanisms are in place to resolve their complaints.

Methinks this one is set to run a little longer yet, and could drag the names of the big tech brands involved further into the mire if they haven’t gotten their crisis management strategies  right from the outset.

China pricing itself out of the market for ex-pat IT talent

A lot of the time when you’re battling deadlines or trying to sniff out breaking news stories, there’s not enough opportunity to look beyond the analyst reports, product launches and trade shows to take a more rounded view of the industry.

One of the most interesting things about watching the technology landscape from the vantage point of Hong Kong is how Asian countries are reacting and adapting to life in the shadow of China.

If local IT industries really want to thrive alongside this giant they must have access to a stream of excellent candidates – whether these are home-grown or shipped in from abroad.

I’ve written a few pieces for The Reg Jobs section now about the market for ex-pat IT professionals and while the opportunities for those cushy international reassignment packages are dwindling, there are still some great opportunities to be had if you have the right skills.

The key points to remember:

• Local language and cultural understanding – language skills being near obligatory for work in mainland China, and ideally experience of working there previously.
• Flexibility – kind of ties in with cultural understanding, but an ability to absorb pressure and adapt to new ways of working is key, as is any indication you may be willing to be flexible on relocation packages.
• Good interview technique – sounds basic but employers are getting  more and more picky. You need to do your research on the company and convince them of the above points, and that you’re a good cultural fit for the organisation.
• Technology know-how – it needs to be broad and deep and in one of the key areas Asian firms are looking for, like cloud or e-commerce.
• Be a good teacher – the thirst for knowledge, especially in China, is huge so being able to communicate effectively with your team will make you an invaluable asset…until they’ve learnt everything.

China is far from hoovering up all the best foreign IT talent, of course, given the prescriptive language skills which most IT pros have to have to work in the country. It is also being placed increasingly on the back foot thanks to changing standards of living in the PRC, which could benefit places like Hong Kong and Singapore again.

ECA International, which produces data with which firms can work out ex-pat packages, revealed in its latest annual Cost of Living Survey that Beijing and Shanghai are now more expensive to live in the Hong Kong, while Shenzhen and Guangzhou are likely to overtake pretty soon.

A strong currency and high inflation – especially on goods foreigners buy – is making the case for placing candidates in China less compelling.

ECA regional director, Lee Quane, told me that although once you add in accommodation, HK probably tops the Chinese cities again, they are definitely catching up. Considering the higher rate of tax and social security burden in China than say Hong Kong or Singapore, mainland cities may soon prove less palatable destinations for multinationals to send staff to, especially if they can work in virtual teams.

It’ll be interesting to see how this one plays out, although as always, if you are a truly indispensable IT pro, a firm will get you at whatever cost.

BT screaming to be let into China

BT is one of those firms which has a habit of attracting bad headlines. Run ins with the regulators, misleading advertising campaigns and tales of shockingly bad customer service all spring to mind. Not so in Asia Pacific, it seems.

At the Asia Pacific Influencer Summit (yes, I am an influencer now apparently) hacks from all over A and Pac were told just how amazingly well BT Global Services is doing – the firm now boasting over 2,500 employees in nine countries across the region.

There were a few news announcements, including a new ‘retail in a box’ solution for retailers looking to tap the Chinese market, a new app designed to make it easier to manage roaming calls and save money in the process, and the launch of a data visualisation service which BT has used itself in the battle to protect its copper cables from being nicked.

The most interesting story, though, came from the APAC president Kevin Taylor, who spoke with refreshing candour about the telecoms giant’s problems with China.

He claimed China has the least advanced regulatory environment of any ‘big player’ in the world and accused it of taking a rather immature approach to competition in the country. Foreign telecoms firms cannot obtain licenses to sell their kit in the country directly, meaning they have to resort to partnerships – which BT has with China Unicom and Telecom – or joint ventures.

BT has eschewed the latter, Taylor said, because at present the foreign firm in a China JV is allowed up to only a 49 per cent share of the business. They would consider it otherwise, he added, but I reckon there may be other factors holding it back.

It’s well known now that JVs of this type usually end badly for the foreign investor. As has been claimed happened with AT&T, the Chinese will take you in, get you teach them all you know and then ditch you – possibly minus a chunk of your IP.

There are rumours – only rumours – that security concerns were behind the split between Symantec and Huawei over their JV, for example.

In the meantime, BT is “screaming” at China to be let in, its China MD Eliza Kwok told me. So what are the chances of it being able to sell directly into the country anytime soon? The smart money is on zero.

Forget that China Telecom has been allowed to set up a virtual network in the UK for Chinese ex-pats, back home in the People’s Republic it is a very different story. Here, protectionism is the watchword for government policy, and that is unlikely to change for a long, long time.

Google turns up the heat on China’s state-sponsored hackers

In an interesting development, Google this week announced that it would be notifying its Gmail users if they are under attack from state-sponsored hackers.

The web giant will flash up a red alert warning if it suspects foul play, hoping to spur its users into taking action to protect their account.

Google VP of security engineering Eric Grosse had the following:

Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors. Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.

Rather cryptically, Google said it couldn’t divulge exactly how it knows when state-sponsored actors are at work, so I guess users just have to put their faith in the company.

The move is a positive one for the user community – any additional measures to help educate users and protect the internet community at large are a bonus in this day of advanced cyber threats.

But just as interesting is the message Google is sending to that number one source of state-sponsored hacking: China. Just a week earlier the web giant, which famously pulled its search servers from the People’s Republic after the Operation Aurora APT-style hacking campaign hit its staff, announced new anti-censorship capabilities.

Well, to be more precise it said it would tell users – for the first time in China – when their search results were being blocked by the Great Firewall, a move which will not have gone down well in Beijing.

Now Google is at it again – under the guise of securing its users, it is making things more difficult for China’s army of state-sponsored hackers.

Not that it will deter them in any meaningful way – most will still be able to find their way into a target network if they really need to, which is what makes APTs so difficult to defend against.

Rob Forsyth, APAC director for security firm Sophos, told me that “irrespective of the validity of the threat, Google’s advice is good”.

“In these troubled times with organisations being breached, this has never been more important, in particular, do not have the same password on multiple social networking sites,” he added. “Long passwords = good.”

But how does Google actually know if an attack is state-sponsored? Well, it all comes down to the code base, according to Forsyth.

“You can tell if a single person has written/compiled it, or whether a large team has been involved,” he said.

“Further, it often has to do with the payload – what is the malware trying to do?  Espionage will look different to attacks focused on avarice.”

Interesting times for Google and China – I wonder what the Party thinks of the latest developments?

China wants to censor and innovate but can’t do both

I covered a curious story this week detailing the latest Politburo edict on how China intends to be a technology superpower in a few short decades.

Now normally pronouncements from high up in the Party are pretty anodyne statements filled with ever higher targets to be reached and plenty of political jargon but this one stood out in terms of what the careful commentator can read between the lines.

Yes, there was the usual rhetoric about reaching targets – in this case to become an “innovation-oriented country” by 2020 and a “world technological power” by 2049.

But there was also a rare near-admission of failure – the “severe challenges” which technological development in the country faces. The government even admitted it needed to airlift in some “high calibre” foreign talent to help it out.

What I find fascinating about the desire to become a “world technological power” is that China is sort of one already really, with huge global companies like Huawei and Lenovo.

On the other hand, the admission that it hasn’t innovated enough in the past would lead many to argue that this is because its firms have gone on a decades-long and unparalleled spree of industrial espionage for Western firms to accelerate their development thus far.

The subtext is it wants to be number one or thereabouts, in every part of tech, and this will require it to innovate like never before and internationalise.

However, here’s why I don’t think it will be able to do this, at least in the world of the web – censorship and control.

I’ve spoken to several experts in the area of censorship and they all agree – you can’t nurture a truly innovative web industry if you’re requiring any firm with user-generated content (UGC) to spend hefty sums censoring that content or running the risk of getting shut down completely if the government doesn’t take kindly to what you’re doing.

Former CNN Beijing bureau chief Rebecca MacKinnon told me any firm wanting to get involved in UGC would be in a “very tough business” in China, while Charles Mok, founding chair of the Hong Kong Internet Society, argued that web firms in the PRC had gotten lazy over the past 10-15 years.

“They just need to put a spin on what others are doing with Chinese characteristics – Western companies can’t do this,” he said. “There is a sense that ‘I just need to do what you are doing and not get shut down’.”

Now I’m not saying UGC is the be-all-and-end-all but there aren’t many cutting edge web firms these days which don’t feature some form of it.

Ultimately this indigenous innovation piece will take decades to achieve anyway, but if it’s going to happen it’ll have to do so alongside the restrictive controls of the state, and I can’t really see that happening.

It’s interesting to see Sina roll out its credit system to users this week. I guess that’s an example of a Chinese web firm trying to innovate, but only to make its self (or state-mandated) censorship restrictions on content appear more palatable.

What kind of social media platform asks its members to snitch on others if they see them breaking the rules? (rules which, by the way, prevent such terrible things as spreading rumours or calling for mass gatherings).

It has effectively turned all that is good about social media – collaborating, sharing, freedom of expression – and turned it on its head so that fear, suspicion, and self-interest prevail.

It will be a sorry state of affairs if a nation that demands that of its technology providers becomes the pre-eminent global tech superpower.

Launching in China? Dream on Facebook

The debate over whether Facebook is set to launch in China has sparked off again this week as the social networking giant launches its IPO bid. To be honest it’s all headline grabbing claptrap which adds nothing new to the arguments that were made at the time the IPO filing was first made.

The most remarkable story came from state-run rag the China Daily, which, without a hint of irony, wondered out loud “Is China Facebook’s next step?” without once mentioning the fact the site is BANNED there.

Back when the IPO filing was first made with the SEC, I commented that it was obvious Facebook wants to appeal to potential investors and show it is considering expansion into the biggest web market in the world. Of course it would want to do this, especially as growth rates in other regions are slowing, but whether or not it can enter China is  completely out of its hands.

It won’t happen for several reasons:

• Facebook is blocked in China and would have to literally bend over backwards to accommodate the kind of rigorous censorship demanded of China’s home grown social media – the media backlash and damage to its reputation would hurt too much I imagine, to make this even a possibility.
• Even if it was prepared to censor content – and potentially bin parts of the platform deemed unsuitable – there’s no inclination the Chinese government would even want it in the PRC. Its Chinese rivals are doing just fine over there thanks very much.
• Similar to the above point, is there any suggestion Chinese users would take to the platform? Alright, around 500,000 are said to be accessing it from China with VPNs etc but remove the ability to connect in an uncensored way with users in other countries and you’ve kind of removed the reason why it may be popular to users there in the first place.
• China is in a period of super-paranoia at the moment. The Bo Xilai scandal and the Chen Guangcheng case are making the leadership look like a bunch of turkeys at a very politically delicate time, ahead of next year’s once-in-a-decade Party leadership handover. If ever Facebook had a chance of launching in the country, this isn’t it.
• Zuck has reportedly held numerous meetings with Chinese web firms, and most likely has already tried to set-up some kind of joint venture or new service for the huge market there. These efforts appear to have come to nothing.

As ex-CBS bod and Sinophile Bill Bishop writes: “Facebook is blocked, the government is not allowing the company to set up operations, even in a regulatory compliant joint venture with a trusted Chinese internet firm like Baidu, and the SNS market is already quite mature, overfunded and overcrowded.”

In short, dream on Facebook.

Is Hong Kong safe from Advanced Persistent Threats?

My past week has been dominated by Hong Kong’s 13^th Info-Security Conference on Tuesday and Wednesday and interviews with the Special Administrative Region’s CIO Daniel Lai and high profile IT legislator Samson Tam.

What I found out about the SAR is that when it comes to cyber security, many of the same key trends and themes discussed the world over are present here – perhaps with one notable exception, state-sponsored, APT-based cyber espionage.

Backtracking slightly, Tam is a Legislative Councilor for the functional constituency of Information Technology, which means in practice that he is not one of Hong Kong’s elected leg councillors but that he does know what he is talking about, having been chosen for the role based on his experience in the tech biz.

As in the UK, various political hot potatoes include digital copyright – the Copyright (Amendment) Bill 2011 is currently being considered – data breach notification laws – also being considered – and more funding for the region’s high-tech crime unit.

If anything, Hong Kong is a little way behind the UK and US in terms of the maturity of its cyber crime and digital copyright laws, and has only recently decided to plough more resources into IT, with the launch of a Technology and Communications Bureau.

What I’m wondering, though, is whether Hong Kong organisations – public and private – are at risk from quite the same threats as their counterparts in the UK.

There could be an argument for saying – as I alluded to in my last post – that to an extent Hong Kong institutions and enterprises are shielded from the kind of state-sponsored, or at least sanctioned, attacks which have caused so many problems for Western organisations because they are technically part of China.

In the past six months, the only major security incident that has really made the headlines here has been a DoS attack on the Hong Kong Stock Exchange. Now either I’m not paying enough attention, the English language media isn’t interested, firms are not reporting such incidents, or there are indeed fewer to report.

Not so said Tam, who claimed that HK has its fair share of problems to deal with, although interestingly he said most attacks came from “smaller countries with looser local controls”, and he played up the importance of cross-border police co-operation to combat such attacks.

“These attacks are mainly financially focused because Hong Kong is a small region which doesn’t have many political, cultural or religious tensions,” he added. Read into that what you will.

Earlier at the conference, Lai explained to me that his department – the Office of the Government CIO – works closely with the Hong Kong CERT to develop policy and best practice, but he was more vague on the nature of the threat landscape.

“We don’t really see espionage as such – it’s difficult sometimes to guess a hacker’s motives. Awareness raising and diligence are key,” he added.

I’m hoping to speak to the HK CERT next week so I may have more insight into this space then, but even if there was a degree of protection offered to the region when it comes to state-sponsored cyber espionage attacks, multinationals in Hong Kong and China certainly can’t afford to let their guard down.

Ian Christofis of Verizon and the Cloud Security Alliance argued at the event that China-based multinationals are increasingly under threat from IP theft thanks to malicious insiders. Perhaps looking at the whole scenario as China vs the rest of the world is overly simplistic.