Macau’s Cyber-security Law: More About Surveillance (And Censorship)

(THIS ARTICLE IS COURTESY OF GLOBAL VOICES)

 

Macau’s Cybersecurity Law: Less About Security, More About Surveillance (And Censorship)

Graffiti art of surveillance camera. Published and labeled for reuse on Pixabay.

The following article is based on a translation of a post that appeared first in Chinese on Hong Kong citizen media outlet inmediahk.net.

Macau, a former Portuguese colony and a special administrative region on the south coast of China, has begun public consultations on a proposed Cybersecurity Law.

The Macau government is proposing the legislation in an effort to ensure the “security of network communications.” The law would establish a local cybersecurity standing committee and a cybersecurity center which would monitor online information flows in binary code to keep track of and investigate future cyber attacks. The center would coordinate with government departments to supervise and implement protection procedures for companies in 11 crucial sectors, including internet operators, media organizations, water and energy suppliers, financial and banking companies, gambling companies and medical institutions, among others.

The law would also obligate telecommunication operators and internet service providers (ISPs) to implement a real-name registration system, in which all users would be required to be fully identified in all their online activities. The law would require ISPs to keep users’ online activity logs for at least one year.

Various critics say the proposed law will provide a legal framework for mass surveillance, much more so than improve network security.

To look into the rationality behind the legislation, the Chinese Q&A news team interviewed a senior information security analyst who works in one of the 11 crucial sectors listed in the consultation document, to get an insider’s perspective.

Q: Have any hacking incidents taken place in Macau in the past few years? Does the information security sector find it necessary to set up a mechanism for monitoring data flows?

A: There haven’t been any major hacking incidents [affecting public security] in Macau in recent years, neither the public nor the public sector has been attacked by hackers. (The WannaCry kind of ransomware is not target specific attack.)

[Editor’s note: according to media report, apart from the WannaCry ransomware, a Macau ISP operator was hacked in January 2013, but only 34 clients’ information were stolen. This, however, was not considered a serious security breach.]

There is no need to set up a mechanism for monitoring data flows. If we have to monitor data flows, we have to record and analyze all of the data, much like immigration officers unpacking travelers’ baggage. Moreover, this type of monitoring system cannot prevent a cyber attack.

To take it a bit further, here are the two most common forms of cyber attack:

1. Distributed Denial of Service Attack (DDOS): A massive DDoS would produce a tremendous amount of data. Recording the data flow would require a huge storage space and a good deal of manpower. In other words, you can’t possibly monitor data flows in a DDoS attack.

2. Hacking of website and private network: In the case of targeted hacking attack, the incident response team of the cybersecurity center would have to get evidence from the server under attack. Of course, evidence can be obtained from a network facility. However, recording and unpacketing all the data packet on the network is a very ineffective way of gathering evidence in the investigation of a cyber attack.

On the other hand, the data flow monitoring mechanism is effective for keyword filtering. For example, when the data packet contains keyword like “Vindication of June 4”, the monitoring system can send out an alert. But this is not a network security measure — it looks much more internet censorship, in the style of mainland China.

Q: The proposed Cybersecurity Law will affect the 11 crucial sectors the most. Has the commercial sector submitted any opinion so far?

A: Commercial sector representatives are still in the process of understanding the content of the proposal. For example, the proposal mentioned that operators of the 11 crucial sectors have to hand in a network security report, but it did not mention what should be included in the report. It also said that operators should conduct a qualification and professional background check when appointing key positions. But what do they mean by “qualification”? Should the employees obtain a license from China’s Ministry of Industry and Information? And what is the meaning of “background check”? Do they need to prove that they love China and Macau? These are major concerns from the information security sector.

Q: Has there been any consultation on the listing of 11 businesses as crucial sectors?

A: There was no consultation among the business sector. The proposal was released on 8 December 2017 without prior notification and we had just one week to prepare for the consultation, which made it a very rushed process.

Q: For the IT sector, what kind of mechanism is more reasonable?

A: As a cybersecurity worker, I don’t think the proposed cybersecurity management framework is capable of maintaining what the draft proposes, which is a “three-level monitoring system that involves top [government authorities] and bottom [business operators] who will integrate strategy and implementation in an organic manner”. To the contrary, the framework will obstruct cybersecurity work.

From the cybersecurity sector’s viewpoint, policy makers and executive personnel should be familiar enough with the technology in order to integrate strategy and implementation in an organic manner.

In the so-called three-level cybersecurity management framework, the business operators would be supervised by government administrative bodies.

Would the government authorities have the ability [i.e. technical know-how] to supervise and protect network safety or assist the business operators to defend against cyber attacks? Why not set up an independent department with professional knowledge to manage the cybersecurity work?

Q: Would the proposed law, such as the policy of SIM card real name registration, affect the economic interest of the business sectors, in particular the gambling, media and ISP sectors?

A: First, regarding real-name registration of SIM cards, the policy would have little effect on the gambling and ISP sectors. Currently when applying for service, users have to provide their identity card or passport for registration. As for media, this is rather sensitive. Reporters’ communication is subjected to wiretapping. If all SIM cards have to be registered with real name, there will be certain negative impact.

Second, regarding operators’ cybersecurity reports, the content of the reports may involve some business secrets and of course the business sector doesn’t want any third party (including the government) to get hold of their secrets. Would the government allow the operators to submit a security report that hides sensitive and important information?

Third, regarding the duty of cooperators, the proposal mentioned that operators have to allow representatives of the cybersecurity center to enter its facilities and offices and assist their work by providing information and cooperation as requested. For those who cannot fulfill their duties, they would be seen as violating the administrative regulation and subjected to a MOP$50,000-150,000 fine for a minor offense and a MOP$150,000-5,000,000 fine for a serious offense.

However, if a business is subjected to cyber attack, the first thing that they do is try to recover the system. In the case of gambling businesses, the security incident would be handled by internal security staff as well as cybersecurity subcontractors who have the most advanced tools and knowledge. Moreover, they have signed an agreement of confidentiality. However, according to the government proposal, the police and the director of Postal and Telecommunication services would be responsible for cybersecurity alerts and prevention measures. For the business sector, of course they would seek help from a professional security team rather than the government authorities. Yet, by doing so, will the business be fined? If the government demands that investigation should come before system recovery, who would cover the loss?

Q: Would the proposed law infringe citizens’ privacy and freedom?

A: It would create a chilling effect for the public. Real-name registration will assist the monitoring of data and people will be worried about the security of private communication. Moreover, currently, ISPs already have the power to monitor our online activities or even intercept the data in the network. With this legislation, such power would be in the hands of the police and people would not know if their communication is being intercepted.

China’s Leadership Will Never Tolerate Anyone Being Truthful

(THIS ARTICLE IS COURTESY OF THE SHANGHAI CHINA NEWSPAPER ‘SHINE’)

(CHINA’S COMMUNIST PARTY LEADERSHIP WILL NEVER TOLERATE ANYONE WHO DARES SPEAK ‘THE TRUTH’)(trs) 

China probes foreign companies labeling China’s territories as independent countries

Reuters

China’s aviation authority on Friday demanded an apology from Delta Air Lines for listing Taiwan and Tibet as countries on its website, while another government agency took aim at Inditex-owned fashion brand Zara and medical device maker Medtronic Plc for similar issues.

The moves follow a regulator’s decision on Thursday to suspend Marriott International Inc’s Chinese website for a week to punish the world’s biggest hotel chain for listing Tibet, Taiwan, Hong Kong and Macau as separate countries in a customer questionnaire.

The Civil Aviation Administration of China asked Delta to investigate the listing of Taiwan and Tibet as countries on its website, and called for an “immediate and public” apology.

The aviation authority also said it would require all foreign airlines operating routes to China to conduct comprehensive investigations of their websites, apps and customer-related information and “strictly comply with China’s laws and regulations to prevent a similar thing from happening.”

In a statement, Delta apologized for making “an inadvertent error with no business or political intention,” saying it recognized the seriousness of the issue and had taken steps to resolve it.

Separately, the same regulator that penalized Marriott – the Shanghai branch of the state cyberspace administration – accused Zara of placing Taiwan in a pull-down list of countries on its Chinese website.

Medtronic had also put “Republic of China (Taiwan)” on one of its websites, the office said in a WeChat post.

Medtronic issued an apology via social media, saying it had updated the website. An executive who answered the phone at Zara’s Shanghai office was not able to immediately comment.

Foreign ministry spokesman Lu Kang told a regular briefing on Friday that Hong Kong, Macau, Taiwan and Tibet were all part of China.

“The companies that come to China should respect China’s sovereignty and territorial integrity, abide by China’s laws, and respect the feelings of the Chinese people. This is the minimum requirement of any company going to another country to carry out business and investment,” he said.

The Sad Life And Death Of Kim Jong Nam: Ostracized By His Father And Murdered By His Brother

(THIS ARTICLE IS COURTESY OF THE WASHINGTON POST)

Kim Jong Nam led a life of loneliness and fear and seclusion, rejected by his father, orphaned by his mother, stuck in a shadowy exile where he constantly had to worry about spies and secret agents and reporters.And it all came to a pitiful end, with Kim slumped in a chair in a Malaysian airport clinic, his belly protruding from his navy-blue polo shirt, then dying in an ambulance en route to the hospital. He had been smeared with VX, a lethal nerve agent that is used as a chemical weapon.

“He’s like a country-and-western song — it’s sad, sad stuff,” said Michael Madden, editor of the North Korea Leadership Watch website.

Kim’s painful demise is a blow for the United States and South Korea, which have lost a potential source of intelligence on the world’s most secretive regime. They also have lost a potential replacement for his half brother Kim Jong Un, the North Korean leader who again has thrown down the gauntlet to the outside world.

“Kim Jong Un is testing nukes and missiles like crazy,” said Alexandre Mansourov, a North Korea leadership expert who once studied at Kim Il Sung University in Pyongyang. “Now he feels confident enough to send his goons around the world to assassinate people he doesn’t like.”

CCTV footage allegedly shows attack on Kim Jong Nam

Embed Share

Play Video0:57
CCTV footage released on Feb. 20 purportedly shows the attack on Kim Jong Nam, North Korean leader Kim Jong Un’s half brother, at Kuala Lumpur airport in Malaysia a week earlier. The footage has been edited for clarity. (CCTV via Fuji TV)

Kim Jong Un feels this emboldened because he keeps challenging the outside world, especially the United States, and it does nothing to stop him, Mansourov said. “It’s a sign of supreme confidence that he can get away with anything, that he can literally get away with murder.”

The blame for the well-planned attack on Kim Jong Nam in a Kuala Lumpur airport terminal on Feb. 13 is, however, being directed squarely at the leader of North Korea.

Malaysia says that Kim died because of exposure to VX, and it has implicated eight North Koreans in the attack, including a diplomat and a scientist.

South Korean intelligence officials have said that Kim Jong Un put out a “standing order” for his older half brother’s assassination years ago, but even so, analysts agree that he would have had to give the green light for this attack.

“The fact that so many North Korean agents were involved shows that the operation was planned well in advance and was done with Kim Jong Un’s blessing,” said Sue Mi Terry, a former North Korea analyst at the CIA.

It would not be the first time Kim Jong Un has acted in such a ruthless way. The 33-year-old has ordered the purge or execution of several hundred officials during his five years at the helm. These included his uncle, Jang Song Thaek, who had been a mentor to Kim Jong Nam and was accused of amassing too much power.

“This fits into the larger narrative of what Kim Jong Un wants to do,” said Ken Gause, a North Korea leadership expert at CNA, a Virginia-based consulting firm. “He’s getting rid of potential contenders to the throne.”

‘Without even one friend’

Kim Jong Nam was the result of a secret relationship between North Korea’s second-generation leader, Kim Jong Il, and his consort, an actress named Sung Hye Rim.

He led a lonely childhood in Pyongyang, “without even one friend,” Sung’s sister wrote in her memoir.

When he was 8, Kim moved to Moscow with his aunt and grandmother, but he hated it. He then moved on to Geneva. There he seemed to fit in better, although he still lived in a cloud of half-truths.

“He introduced himself as the son of the North Korean ambassador,” said Anthony Sahakian, a Swiss businessman who went to school with Kim, whom he knew as “Lee.”

“North Korea, South Korea — we were 13 years old. We didn’t know the difference,” Sahakian said.

But some things did make Kim different — for instance, he had a driver’s license that said he was older than he was.

“That was strange because he showed up in a Mercedes 600, driving it himself,” Sahakian said, referring to the huge sedan that was a favorite among dictators. “At the time, all we wanted to do was drive, so we were very jealous. We’d skip class and go somewhere else during the day to drink coffee.”

Kim was multilingual as a result of his international childhood. He spoke fluent English and French, and Sahakian said they conversed in Russian.

In 1988, when he was almost 18, Kim went back to Pyongyang and to a life of cloistered misery, the polar opposite from his freewheeling youth in Europe. To boot, he found that the affection his father once had showered upon him now was directed at a new family, which included a young boy called Jong Un.

Kim Jong Nam had talked about “life in the palace” being oppressive. “He had everything he could possibly desire, but he was in a black depression there,” said a school friend who spoke on the condition of anonymity to discuss sensitive details.

So Kim Jong Il struck a deal with his son: If he got married and had a child, he could leave, the friend said.

Kim Jong Nam married and had a son in 1995, although it is not known exactly when he left North Korea.

Certainly a turning point came in 2001, when the family was caught entering Japan on false Dominican Republic passports. Kim, whose passport name was Chinese for “Fat Bear,” told the authorities that they had wanted to go to Tokyo Disneyland.

After that, the family moved to Macau, where they were under Chinese protection and could live relatively freely, with Kim indulging his passion for gambling. He traveled to Beijing, where he was thought to have another family, and around Southeast Asia, popping up in Indonesia and Singapore.

He also traveled regularly to Europe — sometimes to see his oldest son, who had been studying in France, and sometimes on business, apparently buying wine or property for wealthy Asian clients.

He always kept his wits about him, said Sahakian, who had seen his old friend several times in Geneva in recent years. “He wasn’t paranoid, but he was worried,” he said. “When he was out he was careful, and he avoided talking to Asians because he was worried they were spies. He was on his guard, but it wouldn’t stop him.”

Dynastic competition

Although he had been mentioned as a potential leader in dynastic North Korea, friends say he did not have any interest in the prospect.

But he appears to have antagonized his younger brother just enough. In 2010, the day before Kim Jong Un was to make his first appearance as heir apparent in North Korea, Kim Jong Nam gave an interview to Japan’s TV Asahi in which he said that the choice was his father’s and that there appeared to be internal reasons for hurrying the process along.

“Personally speaking, I am opposed to the third-generation succession,” he said, a statement that might be considered anodyne elsewhere but was tantamount to treason in North Korea.

Madden, of North Korea Leadership Watch, said that there was always a chance of Kim Jong Nam’s being thrust into leadership. “Jong Nam still had a power base, and there was always a remote possibility that he would take power,” he said.

Terry, the former CIA analyst, agreed. “However improbable, there are always rumors that Kim Jong Nam could replace Kim Jong Un as the head of the regime at the behest of China or the U.S.” she said.

There have been reports in South Korea that Kim Jong Nam had acted as a middleman between South Korean President Park Geun-hye and officials in North Korea. Just a few days before his death, a South Korean newspaper reported that Kim Jong Nam had tried to defect to South Korea several years ago.

This would have given the regime ample reason to get rid of him, said Cheong Seong-chang, senior fellow at the Sejong Institute, a South Korean think tank.

Indeed, Kim’s defection would have been much more catastrophic for the regime than that of Thae Yong-ho, the deputy North Korean ambassador in London who fled to South Korea last year, said one former official in the regime.

“Imagine how detrimental the impact would have been if Kim Jong Un’s half brother were to speak out against Kim Jong Un,” said the former official, who spoke on the condition of anonymity out of concern for his safety. “It would have a much bigger impact than Thae Yong-ho is having now in South Korea.”

Thae has become an outspoken critic of the regime, calling for a flood of information into North Korea to encourage people there to flee or rise up.

The downside for the United States and South Korea is that they have lost the opportunity to recruit someone in the family to provide information. They also have lost someone who could be installed as a slightly friendlier leader in North Korea while still maintaining the Kim family bloodline — an important factor in Korean culture.

“They wanted him alive, not dead,” said Mansourov. “The only party interested in his premature departure was Pyongyang.”

Lemuella Skit

Lemuel Joshua Media-Blog

Write your Destiny

The Writer's world

Ocen Ambrose

entertainment

elcorazondelmar

Sentimientos, realidades y sueños. Tres cosas con las que convivir.

Relatos desde mi ventana

Sentimientos, emociones y reflexiones

Sobre todo, para nada

Blog de Noah Bhaalk-Cualquier parecido con la realidad es pura coincidencia

K E Garland

Inspirational kwotes, stories and images

%d bloggers like this: