Former feds take vital cyber skills to foreign companies

Thinkstock

Critics worry that Chinese telecom may be exploiting lax post-employment rules.

As a major Chinese telecommunications company suspected of espionage hires former U.S. government officials, critics are raising concerns about the adequacy of government post-employment restrictions, as well as the risk of national security threats.

Huawei, based in Shenzhen, China, has been methodically snapping up former senior federal officials, lobbyists and congressional staffers. Company officials say they are attempting to attract more U.S. business, partly by recruiting well-respected Westerners with government and security backgrounds.

The employment of more Americans at foreign firms can benefit the United States by fostering worldwide security standards and boosting stateside investments. But the unknown variable is to what degree Huawei, a multinational tech company founded by a former People’s Liberation Army member, acts on behalf of the Chinese military. A congressional investigation indicated the company might be inserting backdoors into products that can remotely siphon data or sabatoge computers. 

The firm, which is branching out worldwide, disputes claims that it is under control of an authoritarian government or tampers with clients’ technology. “Let me be clear: Huawei has not and will not jeopardize our global commercial success nor the integrity of our customers’ networks for any third party, government or otherwise—ever,” Charles Ding, Huawei corporate senior vice president, told a House committee in September. 

In July, Andy Purdy, the one-time head of the Homeland Security Department’s national cybersecurity division, became Huawei USA’s chief security officer. Purdy’s move to the company took former colleagues by surprise at his previous employer, federal contractor CSC, according to people familiar with the situation. 

Huawei has maintained a U.S. headquarters in Plano, Texas, for 11 years and has plans to hire Americans to fill 70 percent of its stateside jobs. 

During the past year, the company hired Doyce Boesch, a former Senate aide, and William Black, former chief of staff to Rep. Steny H. Hoyer, D-Md., as lobbyists. Huawei Global Chief Cybersecurity Officer John Suffolk previously worked for the U.K. government as the chief information officer and chief information security officer. A number of American attorneys, from organizations such as Arnold Porter LLP and the University of Virginia Law School, declined to comment because they or their practices have represented Huawei. 

The fear is less that U.S. personnel who had access to sensitive government information will intentionally divulge state secrets, and more that the line between Huawei’s business interests and China’s political interests is too direct. 

“Not that any of these people are of poor character at all,” says Chris Bronk, former diplomat with the State Department and now a cybersecurity research fellow at Rice University. One could look at Purdy’s move to Huawei as “taking his expertise to a foreign competitor, and that’s bad for the United States—or this is trust-building,” he says.

From Huawei’s perspective, a company spokesperson says, “It’s a global world. Global companies hire the best employees they can find. No global company has all of its people and all of its offices in one country. That’s what makes them global.” Purdy was unavailable for an interview. 

There is little precedent for dealing with Chinese employment after working in computer security for the federal government. Exit restrictions at DHS, the FBI and other cybersecurity- related agencies are largely prohibitions on doing business with one’s former department while employed by an overseas business. “In general, the FBI is not aware of any law, regulation or policy which would preclude an individual who has not been an FBI employee for more than a year, like any former U.S. government employee, from working for a private foreign-owned company,” bureau spokeswoman Kathleen Wright says. 

Pentagon spokesman Lt. Col. Damien Pickart says, “The Department of Defense does not have an official policy dictating where employees and service members can work after they leave the department, including foreign firms.” When a Defense employee with a security clearance exits the department, the individual is bound by a nondisclosure agreement not to divulge sensitive, classified or Pentagon proprietary information. When a cleared FBI employee departs, that individual, too, must sign a nondisclosure agreement, FBI officials say. Homeland Security officials say personnel can seek ethics advice from department attorneys about these restrictions.  

But curbs on disclosing sensitive information after leaving government are hard to enforce, as evidenced by the anti-secrets website WikiLeaks and a new book by a former Navy SEAL who helped kill Osama bin Laden. 

“Unless he does it with the purpose and intent of harming the United States, there is in the United States very little restriction on what someone with classified information can do,” a former intelligence community official says. The U.S. government would have to prove the offender meant to jeopardize American security interests by exposing classified information, as in the military’s prosecution of Pfc. Bradley Manning for sharing intelligence with WikiLeaks. 

Some say blocking former feds from joining companies such as Huawei could jeopardize American manufacturing partnerships and Chinese investments in U.S. communities. American firms operate there, and the communist state manufactures equipment for U.S. networks.

But the professional risks could be great for former U.S. government employees who join Chinese firms. 

The DHS secretary or U.S. attorney general could dictate to feds that “if you choose to leave your cleared employment in the U.S. government for a Chinese company it may be difficult if not impossible to re-enter cleared employment in the United States again,” Bronk says. “That’s the kind of thing that needs to be a reminder: You are burning a bridge.”

The former intelligence official says it would be difficult to renew or obtain a U.S. security clearance after exiting a Chinese company. “They would question his dedication and commitment to the United States,” he says.

The situation with Huawei has no historical parallel, sources say.  “This isn’t like going to a Soviet-owned company. This isn’t the Cold War. At the very least eyebrows would be raised if he filed an application,” says a cyber industry executive who offers guidance to the U.S. government and spoke on the condition of anonymity. “We don’t have a mutual defense pact with China,” Bronk says. “So this is something to worry about.” On the flipside, he adds, “maybe this represents a way that Huawei can talk to us about these issues. We have to talk to China anyway, so maybe it’s better to have Americans there.” 

Still, Congress members are wary and maintain that Huawei likely must comply with any request from the Chinese government to manipulate the U.S. supply chain. The House Intelligence Committee also accuses Huawei of stealing rival tech companies’ trade secrets. 

“It’s very hard to differentiate a ‘good’ Chinese company from a ‘bad’ Chinese company,” the intelligence official says. “They almost always have some form of government partnership.” The immediate concern is that Huawei, the second largest manufacturer of telecommunications equipment in the world, intentionally may be selling insecure technology. 

William Plummer, Huawei vice president for external affairs, said in a statement that the privately held, employee-owned company does business in almost 150 countries, “deriving around 70 percent of its revenues from outside of our headquarters market of China. Huawei is Huawei. Huawei is not China.”

The company has offered to let U.S. officials dismantle its software to study the firm’s source code, but that doesn’t seem to have mollified anybody. A company can reveal its source code without showing everything and trapdoors can be difficult to discern, the intelligence official says.

The U.S. cyber executive says former feds may not know what awaits them when they sign up with Huawei, because of the Communist state’s influence on industry shifts. “Governments today regard cybersecurity as an instrument of state power,” the executive says. “That a government would look at cyberspace as an instrument in support of its national interests, that’s all fine, but the unknown for the U.S. hire is whether he has aligned himself with the company or with a foreign nation-state’s national interests and policies.”

Plummer says such suggestions are absurd and reflect a misunderstanding of the “globalized, interdependent information and communications technology industry writ large.”

For the past decade, Huawei has sold telecom equipment to the United States in regions like the Great Lakes, and procured $30 billion in goods and services from American companies during the past five years, according to the firm.

“Huawei could be as popular as Sony in five years,” Bronk says. “Like it or not, the Chinese companies are not just going to build the low end of our gadgets and they are building devices of increasing sophistication.” 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.