Launching in China? Dream on Facebook

The debate over whether Facebook is set to launch in China has sparked off again this week as the social networking giant launches its IPO bid. To be honest it’s all headline grabbing claptrap which adds nothing new to the arguments that were made at the time the IPO filing was first made.

The most remarkable story came from state-run rag the China Daily, which, without a hint of irony, wondered out loud “Is China Facebook’s next step?” without once mentioning the fact the site is BANNED there.

Back when the IPO filing was first made with the SEC, I commented that it was obvious Facebook wants to appeal to potential investors and show it is considering expansion into the biggest web market in the world. Of course it would want to do this, especially as growth rates in other regions are slowing, but whether or not it can enter China is  completely out of its hands.

It won’t happen for several reasons:

• Facebook is blocked in China and would have to literally bend over backwards to accommodate the kind of rigorous censorship demanded of China’s home grown social media – the media backlash and damage to its reputation would hurt too much I imagine, to make this even a possibility.
• Even if it was prepared to censor content – and potentially bin parts of the platform deemed unsuitable – there’s no inclination the Chinese government would even want it in the PRC. Its Chinese rivals are doing just fine over there thanks very much.
• Similar to the above point, is there any suggestion Chinese users would take to the platform? Alright, around 500,000 are said to be accessing it from China with VPNs etc but remove the ability to connect in an uncensored way with users in other countries and you’ve kind of removed the reason why it may be popular to users there in the first place.
• China is in a period of super-paranoia at the moment. The Bo Xilai scandal and the Chen Guangcheng case are making the leadership look like a bunch of turkeys at a very politically delicate time, ahead of next year’s once-in-a-decade Party leadership handover. If ever Facebook had a chance of launching in the country, this isn’t it.
• Zuck has reportedly held numerous meetings with Chinese web firms, and most likely has already tried to set-up some kind of joint venture or new service for the huge market there. These efforts appear to have come to nothing.

As ex-CBS bod and Sinophile Bill Bishop writes: “Facebook is blocked, the government is not allowing the company to set up operations, even in a regulatory compliant joint venture with a trusted Chinese internet firm like Baidu, and the SNS market is already quite mature, overfunded and overcrowded.”

In short, dream on Facebook.

Is Hong Kong safe from Advanced Persistent Threats?

My past week has been dominated by Hong Kong’s 13^th Info-Security Conference on Tuesday and Wednesday and interviews with the Special Administrative Region’s CIO Daniel Lai and high profile IT legislator Samson Tam.

What I found out about the SAR is that when it comes to cyber security, many of the same key trends and themes discussed the world over are present here – perhaps with one notable exception, state-sponsored, APT-based cyber espionage.

Backtracking slightly, Tam is a Legislative Councilor for the functional constituency of Information Technology, which means in practice that he is not one of Hong Kong’s elected leg councillors but that he does know what he is talking about, having been chosen for the role based on his experience in the tech biz.

As in the UK, various political hot potatoes include digital copyright – the Copyright (Amendment) Bill 2011 is currently being considered – data breach notification laws – also being considered – and more funding for the region’s high-tech crime unit.

If anything, Hong Kong is a little way behind the UK and US in terms of the maturity of its cyber crime and digital copyright laws, and has only recently decided to plough more resources into IT, with the launch of a Technology and Communications Bureau.

What I’m wondering, though, is whether Hong Kong organisations – public and private – are at risk from quite the same threats as their counterparts in the UK.

There could be an argument for saying – as I alluded to in my last post – that to an extent Hong Kong institutions and enterprises are shielded from the kind of state-sponsored, or at least sanctioned, attacks which have caused so many problems for Western organisations because they are technically part of China.

In the past six months, the only major security incident that has really made the headlines here has been a DoS attack on the Hong Kong Stock Exchange. Now either I’m not paying enough attention, the English language media isn’t interested, firms are not reporting such incidents, or there are indeed fewer to report.

Not so said Tam, who claimed that HK has its fair share of problems to deal with, although interestingly he said most attacks came from “smaller countries with looser local controls”, and he played up the importance of cross-border police co-operation to combat such attacks.

“These attacks are mainly financially focused because Hong Kong is a small region which doesn’t have many political, cultural or religious tensions,” he added. Read into that what you will.

Earlier at the conference, Lai explained to me that his department – the Office of the Government CIO – works closely with the Hong Kong CERT to develop policy and best practice, but he was more vague on the nature of the threat landscape.

“We don’t really see espionage as such – it’s difficult sometimes to guess a hacker’s motives. Awareness raising and diligence are key,” he added.

I’m hoping to speak to the HK CERT next week so I may have more insight into this space then, but even if there was a degree of protection offered to the region when it comes to state-sponsored cyber espionage attacks, multinationals in Hong Kong and China certainly can’t afford to let their guard down.

Ian Christofis of Verizon and the Cloud Security Alliance argued at the event that China-based multinationals are increasingly under threat from IP theft thanks to malicious insiders. Perhaps looking at the whole scenario as China vs the rest of the world is overly simplistic.

Security experts speak their brains at InfoSecurity Summit Hong Kong

One of the best things about being in Hong Kong at this time of year is, for the first time in about seven years, I’m missing the annual slog-fest that is the three day Infosecurity Europe show in London. While the speaker line-up in the keynote theatre is always of good quality (at least on the first two days), the constant cajoling from desperate PR professionals trying to set up last minute briefings with their clients is power-sappingly depressing at best.

However, I haven’t managed to shun IT security completely over here, thanks to the 4th MIG InfoSecurity Summit at Wan Chai’s Hong Kong Convention and Exhibition Centre (HKCEC). Eschewing the vendor pitches, as always, I snuck into the panel debates to find some refreshingly honest discussions from the assembled IT experts.

The first was all nominally about disruptive tech, but some of the most interesting comments came about plain old threats. SH Lim, head of infosecurity at Hong Kong Jockey Club hit the nail on the head when he said the future entailed “a lot of us losing our hair”. Humour turned to exasperation soon after when discussing the problems of dealing with zero day threats and tardy patches.

“How fast can any organisation patch versus how fast can the malware writers write malware,” he added. “How do we test our apps within five days? Do we do a self-DOS by causing an app to fail by not testing a patch properly?”

SC Leung, senior consultant at the  HKCERT, went further, blaming cloud computing.

“Cloud computing is great technology but the criminals are using it more efficiently for web hosting and they can subscribe to cloud services to get bandwidth on demand,” he said.

“They can hack computers thanks to the computing power of Amazon and it’s very hard to trace them. We need to solve this problem with the cloud service providers.”

Fair enough. But blaming cloud computing for security threats is like blaming ammunition manufacturers for war. The causes need addressing more holistically to make a difference.

The second panel debate focussed much more on the changing role of the CISO. Nothing ground-breakingly new there but again some good advice for budding security chiefs, namely, brush up on your business skills and learn about risk management rather than get bogged down in tactical, technology-focussed issues.

There was also a word of warning that CISOs everywhere need to heed – beware the regulator.

Chinese government urges local mobile firms to build own platforms

This is a strange one. A report issued by part of China’s Ministry of Industry and IT (MIIT) has apparently warned the country’s home grown mobile phone makers to beware of getting sued by foreign firms looking to assert their patents.

The report is long and in Chinese, so I’ve had to take China Daily’s word for the content of the paper – never the best and most reliable source of the truth, but given the report is government led, the state-run paper is unlikely at least to have hidden any important facts.

The message is fairly clear – now that China produces most of the world’s mobile devices and now its domestic brands have edged out international competition in the People’s Republic, patent holders from abroad may start sniffing around.

All of which is fair enough. China is a dominant player in the global mobile market, but why was the report written now, and what are the alternatives?

Well, as IDC’s Melissa Chau told me, there aren’t really any. Even the supposedly home grown operating systems mentioned in the report from various Chinese operators, Baidu and Alibaba, are based on forks of Android. These have singularly failed to capture the popular imagination, she said.

If the government is suggesting, as appears to be the case, that mobile makers look for alternatives to Android – the OS which is currently battling Oracle over Java patents and Microsoft – then it is going to take some time.

I’ve no doubt that China’s domestic brands will get there in the end. In fact, Deloitte’s William Chou said as much when I chatted to him a month or two ago.

“No Chinese handset maker has a solid platform that can compete with Apple and Google yet but we are at a very early stage,” he said at the time. “Vendors like Huawei and Lenovo are providing smartphones not because they want to earn a profit from the sales but because they eventually want to dominate the application market.”

India could be Japan’s tech saviour as demand rockets

In my brief to cover the science and technology space in Asia for The Reg – yeah, pretty busy at the moment, thanks for asking – India is fast becoming a fertile source for stories.

It can be spoken of in the same breath as China in many ways in that they are both burgeoning nations with huge populations, a growing middle class and aspirations to lead the world in their own ways in the production and consumption of technology.

So it was no surprise when I read Gartner’s latest stats indicating Indian consumption of semiconductors is set to grow faster than any country this year – up by 20 per cent from 2011 to reach a whopping $9.2bn in revenue.

Compared to a global average of just four per cent growth it’s clear the country is undergoing a rapid transition.

Gartner research director Ganesh Ramamoorthy told me that the growth is likely to be sustained for some time to come, driven by huge demand for mobile phones, PCs and LCD TVs in the country.

Due to the low penetration of such kit in India at the moment, the potential is there for CAGR of 16 per cent to 2016, he added.

All of which is good news for Asian companies in general, because while India may be consuming all those semiconductors, it doesn’t make them.

“I do see China based semiconductor companies benefiting a lot because a substantial amount of semiconductor requirements of local manufacturers in India is imported from China,” said Ramamoorthy.

“The strong, growing demand for overall electronic equipment in India benefits other companies as well such as LG, Samsung, Panasonic, Toshiba etc, from countries like Korea and Japan.”

Japanese tech firms in particular have had a tough time of it of late and are struggling in the shadow of China. Salvation comes from strange places sometimes.

The battle to save Apple’s soul

Have just had time to take stock of all the crazy goings on with Apple and Foxconn last week and I think this story will run and run, much to Apple’s frustration, for a while to come yet.

I managed to track down Debby Chan, a project worker at non-profit organisation Students and Scholars Against Corporate Misbehaviour (SACOM) for a fascinating chat which generated some pretty dynamite pieces of information.

Bear in mind the following are all allegations, some from chats Debby has had with Foxconn staff, so it’s best to remain sceptical, but still:

• Local governments ‘repay’ Foxconn for choosing to locate factories in their area by helping to man them with vocational students. Apparently it doesn’t matter what the vocation is, they get shipped off anyway for a few months or more of misery which could mean them failing to graduate or having to drop out. This is basically forced labour.
• High profile they may have been but the FLA inspections of Foxconn’s factories are flawed because the company has prepared for them by giving workers more breaks, and by hiding the underage workers away – so they pass inspection.
• The FLA itself could be accused of favouring the interests of the big name companies like Apple which are members and sit on its board, making a mockery of these ‘independent’ inspections.

Now Foxconn has strenuously denied the allegations of underage workers and wages have been put up, while Apple CEO Tim Cook has made noises about micro-managing timesheets to make sure workers aren’t put under too much pressure.

But how much of this is just spin? Some people have suggested that this is Apple’s Nike moment and it’s important to remember that ultimately all a company wants to do is make money – sell products, maximise its profits and dominate the market. It’s capitalism, and it’s never been particularly pretty.

The only way of stopping these companies from doing what they want no matter how horrendous the human cost, is by helping their affluent, mostly white, middle class, western customers realise what’s going on.

So well done to Debby and the people at SACOM and their various partners for trying to bring these issues to light. It seems to be working, as witnessed by the inspections themselves, although as Chan explained to me, the time for inspections is over. There needs to be proper union representation in the factories and a way of monitoring conditions on an ongoing basis.

I think the arguments saying Foxconn is a relatively good payer in China and that some of the suicides at its plant could be blamed on the mental health of rural workers not being able to cope with such hard and monotonous work is missing the point.

I don’t know many people who’d rather not spend a little more on their shiny new iPhone/Pad/Pod etc if they could be assured it was manufactured in decent conditions by workers who receive a decent wage and are treated with respect.

The only worry is that the ever fickle customer will eventually get distracted and move onto some other piece of news long before the problems have been properly addressed, while Apple’s spin machine works overtime to claim enough improvements have been made.