Lenovo, Check Point & US Government Computer Security

Brad Feld wrote this morning on the issue of the US Government purchasing computers from Lenovo here. As Mr. Feld points out, the government also derailed the merger between Check Point and Sourcefire based on the argument that sensitive government agencies (using Sourcefire's intrustion dectection/prevention product) would only use security products developed domestically. I don't believe this issue is black and white and I’m not actually sure where I stand on it, so I’ll simply put forward a couple of points that I think add color to the debate.

First China and Israel do have a history of spying on the United States so it is not paranoid to believe that either country would attempt to target the our nations most sensitive computing resources. Second, China is taking the same precautions by shifting to Hengzhi chips so that sensitive government computers are built and controlled domestically.

However, while Lenovo and Check Point are headquartered in China and Israel that does not mean that they are puppets of the Chinese of Israeli governments. Imagine the ramifications to either company if it was found that they had written backdoors into their products and could spy on all of their customers… it could put either company out of business. Microsoft survived the famous NSA key scandal but I don’t think either Check Point or Lenovo has the same market power that Microsoft did/does.

Furthermore, if the problem is the government purchasing computers manufactured in China is there really any alternative? I believe that Lenovo been manufacturing many of IBM’s computers for several years anyway. Also, where do the “American” vendors, like Dell or HP, build their computers? I suspect that many of the major components are built in China.

Lastly, the previously hidden “Lenovo Tapes” do shed some light on Lenovo’s capabilities… definitely worth a look they are very funny.

http://www.lenovotapes.com/