Shhh… US Government Hacks at OPM Exposed More Than 21Million People

It was much worse than previously reported: more than 21 million people were “swept up in a colossal breach of government computer systems that was far more damaging than initially thought”. Find out more from the New York Times.

Shhh… Hackers Target Database of Chinese with Ties to US Government

Check out the NYT article below.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

By DAVID E. SANGER and JULIE HIRSCHFELD DAVISJUNE 10, 2015

WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.

The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.

Correction: June 10, 2015

An earlier version of a photo caption with this article misstated the name of the federal office building where employees handle national security information are required to list their foreign contacts. It is the Office of Personnel Management building, not Office of Personal Management.

Matt Apuzzo contributed reporting.

Shhh… Anonymous: CyberSecurity Bill's a Scam

The article below sums it up nicely: the Protecting Cyber Networks Act passed by the Congress this week was a surveillance bill in disguise.

Check out this video by the Anonymous:

House of Representatives Passes Cybersecurity Bills Without Fixing Core Problems

April 22, 2015 | By Mark Jaycox

The House passed two cybersecurity “information sharing” bills today: the House Permanent Select Committee on Intelligence’s Protecting Cyber Networks Act, and the House Homeland Security Committee’s National Cybersecurity Protection Advancement Act. Both bills will be “conferenced” to create one bill and then sent to the Senate for advancement. EFF opposed both bills and has been urging users to tell Congress to vote against them.

The bills are not cybersecurity “information sharing” bills, but surveillance bills in disguise. Like other bills we’ve opposed during the last five years, they authorize more private sector spying under new legal immunity provisions and use vague definitions that aren’t carefully limited to protect privacy. The bills further facilitate companies’ sharing even more of our personal information with the NSA and some even allow companies to “hack back” against potentially innocent users.

As we’ve noted before, information sharing is not a silver bullet to stopping security failures. Companies can already share the necessary technical information to stop threats via Information Sharing and Analysis Centers (ISACs), public reports, private communications, and the DHS’s Enhanced Cybersecurity Services.

While we are disappointed in the House, we look forward to the fight in the Senate where equally dangerous bills, like the Senate Select Committee on Intelligence’s Cybersecurity Information Sharing Act, have failed to pass every year since 2010.

Contact your Senator now to oppose the Senate bills.

Shhh… Emails Reveal Cozy Google-NSA Relationship on Previously Denied High-Level Policy Discussions

Here’s an exclusive story (below) from Al Jazeera neither Google nor the NSA wants you to know.

Email-NSA-Google

Email-NSA-Google2

Email-NSA-Google3

Exclusive: Emails reveal close Google relationship with NSA

National Security Agency head and Internet giant’s executives have coordinated through high-level policy discussions

May 6, 2014 5:00AM ET
by Jason Leopold

Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”

“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.”

The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show “how informal information sharing has been happening within this vacuum where there hasn’t been a known, transparent, concrete, established methodology for getting security information into the right hands.”

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.

Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”

“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”

“BIOS” is an acronym for “basic input/output system,” the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a “BIOS plot” by a “nation-state,” identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.

But some cybersecurity experts questioned the scenario outlined by Plunkett.

“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”

And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.

“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.

He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”

The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.

Two weeks after the “60 Minutes” broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.

Google’s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.

“General Keith.. so great to see you.. !” Schmidt wrote. “I’m unlikely to be in California that week so I’m sorry I can’t attend (will be on the east coast). Would love to see you another time. Thank you !” Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.

Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials — no mention of Alexander — were in Silicon Valley “picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.” Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.

A week after the gathering, Dempsey said during a Pentagon press briefing, “I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed — we all agreed on the need to share threat information at network speed.”

Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander’s email, he also could not attend the Aug. 8 briefing in San Jose, and it’s unknown if someone else from Google was sent.

A few months earlier, Alexander had emailed Brin to thank him for Google’s participation in the ESF.

“I see ESF’s work as critical to the nation’s progress against the threat in cyberspace and really appreciate Vint Cerf [Google’s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig’s [lead engineer for Android security] contributions to these efforts during the past year,” Alexander wrote in a Jan. 13, 2012, email.

“You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF’s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF’s efforts have measurable impact.”

A Google representative declined to answer specific questions about Brin’s and Schmidt’s relationship with Alexander or about Google’s work with the government.

“We work really hard to protect our users from cyberattacks, and we always talk to experts — including in the U.S. government — so we stay ahead of the game,” the representative said in a statement to Al Jazeera. “It’s why Sergey attended this NSA conference.”

Brin responded to Alexander the following day even though the head of the NSA didn’t use the appropriate email address when contacting the co-chairman.

“Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],” Brin wrote. “The one your email went to — sergey.brin@google.com — I don’t really check.”

Shhh… What Can You Do If Airport Checkpoints Demand for Your Smartphone Password?

Ever wonder if this could happen to you? A Canadian man was charged for not revealing the password of his smartphone when requested by airport’s border officials.

I wrote in an earlier column about how spies cope with airport security checkpoints but what can you do if you anticipate this (see article below) could happen to you at the airport?

I reckon at the very least, reset the password to your phone before you reached the checkpoint. If your phone has an external SD card, transfer all your files to the card before you remove and replace it with a spare and ideally empty SD card – hide the files-loaded SD card deep inside your hand-carry bag. And bingo if you have a spare or expired SIM card…

You have then done the best you could to preserve your privacy. Good luck.

Quebec resident Alain Philippon to fight charge for not giving up phone password at airport

Whether border officials can force you to provide password hasn’t been tested in Canadian courts

By Jack Julian, CBC News Posted: Mar 04, 2015 9:32 PM AT Last Updated: Mar 05, 2015 2:05 PM AT

A Quebec man charged with obstructing border officials by refusing to give up his smartphone password says he will fight the charge.

The case has raised a new legal question in Canada, a law professor says.

Alain Philippon, 38, of Ste-Anne-des-Plaines, Que., refused to divulge his cellphone password to Canada Border Services Agency during a customs search Monday night at Halifax Stanfield International Airport.

Philippon had arrived in Halifax on a flight from Puerto Plata in the Dominican Republic. He’s been charged under section 153.1 (b) of the Customs Act for hindering or preventing border officers from performing their role under the act.

According to the CBSA, the minimum fine for the offence is $1,000, with a maximum fine of $25,000 and the possibility of a year in jail.

Philippon did not want to be interviewed but said he intends to fight the charge since he considers the information on his phone to be “personal.”

The CBSA wouldn’t say why Philippon was selected for a smartphone search.

In an email, a border services spokesperson wrote, “Officers are trained in examination, investigative and questioning techniques. To divulge our approach may render our techniques ineffective. Officers are trained to look for indicators of deception and use a risk management approach in determining which goods may warrant a closer look.”​

Rob Currie, director of the Law and Technology Institute at the Schulich School of Law at Dalhousie University, said that under Canadian law, travellers crossing the Canadian border have a reduced expectation of privacy.

He said border officials have wide-ranging powers to search travellers and their belongings.

“Under the Customs Act, customs officers are allowed to inspect things that you have, that you’re bringing into the country,” he told CBC News. “The term used in the act is ‘goods,’ but that certainly extends to your cellphone, to your tablet, to your computer, pretty much anything you have.”

Philippon has been released on bail, and will return to court in Dartmouth on May 12 for election and plea.


Not tested yet in court

Currie said the issue of whether a traveller must reveal a password to an electronic device at the border hasn’t been tested by a court.

“This is a question that has not been litigated in Canada, whether they can actually demand you to hand over your password to allow them to unlock the device,” he said. “[It’s] one thing for them to inspect it, another thing for them to compel you to help them.”

Currie said the obstruction case hinges on that distinction.

“[It’s] a very interesting one to watch.”

Shhh… Simple Solutions to NSA's Embedded Spyware in Hard Drives

This may be bad news but it’s not the end of the world. There’s no need to push the panic button.

You may have read that the NSA have reportedly inserted spyware on the hard drives made by top manufacturers like Western Digital, Seagate, Toshiba, Samsung, etc – ie. the hard drives in literally every computers in the world. This global surveillance exercise, discovered by Moscow-based security software Kaspersky Lab, mainly targeted “government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activist” mainly in countries like Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

Now even if you’re not within that circumscribed range of victims, the fact remains that every computers can be compromised. But there are ways to circumvent the risks – you can never eliminate such risks but you can always minimize the impacts.

As I have pointed out in my public lectures, there are some simple tricks to protect your data (and your life if you’re an entrepreneur because your data is everything to your livelihood) even if you’re not an IT geek. One good practice is to never store a single file or doc, apart from the software and operating system, on your computer hard disk. And I’m not suggesting using the cloud given the well publicized risks. I meant storing your files on an external encrypted hard disk.

And together with several other simple tricks that I’ve shared publicly (for example, consider how you connect your devices online, when you should connect/disconnect the external hard drives to the computer…), there are indeed ways to protect your computers and data.

Shhh… China to Boost Cyber-Security with the World's First Quantum Communications Network – QC Satellite to Follow Next Year

Amid continuing Sino-US spats on cyber-espionage and related matters, China is beefing up its cyber and national security in a big way as it is reportedly just months away from launching the longest quantum communications network on earth stretching some 2,000 kilometer between its capital Beijing and financial center Shanghai to transfer data close to the speed of light with no hacking risks – initially to transmit sensitive diplomatic and classified information for the government and military with personal and financial data also on the cards for the near future.

And that’s ahead of the previously announced plan for 2016 to become the first country to launch a quantum communications satellite into the orbit.

Looks like Snowden was spot on again. In a post just a month ago, I wrote what he said about how the US (would and) is paying the price for focusing too much on the cyber offensive at the expense of cyber defense.

Meanwhile, following the recent cyber-attack on Sony Pictures, President Barack Obama’s homeland security and counter-terrorism adviser Lisa Monaco announced earlier this week a new intelligence unit – the Cyber Threat Intelligence Integration Center – to take the lead in tracking cyber-threats by pooling and disseminating data on cyber-breaches to other US agencies.

“Currently, no single government entity is responsible for producing coordinated cyber threat assessments,” according to Monaco.


China nears launch of hack-proof ‘quantum communications’ link

Published: Feb 9, 2015 11:13 p.m. ET

Technology to be employed for military and other official uses

BEIJING (Caixin Online) — This may be a quantum-leap year for an initiative that accelerates data transfers close to the speed of light with no hacking threats through so-called “quantum communications” technology.

Within months, China plans to open the world’s longest quantum-communications network, a 2,000-kilometer (1,240-mile) electronic highway linking government offices in the cities of Beijing and Shanghai.

Meanwhile, the country’s aerospace scientists are preparing a communications satellite for a 2016 launch that would be a first step toward building a quantum communications network in the sky. It’s hoped this and other satellites can be used to overcome technical hurdles, such as distance restrictions, facing land-based systems.

Physicists around the world have spent years working on quantum-communications technology. But if all goes as planned, China would be the first country to put a quantum-communications satellite in orbit, said Wang Jianyu, deputy director of the China Academy of Science’s (CAS) Shanghai branch.

At a recent conference on quantum science in Shanghai, Wang said scientists from CAS and other institutions have completed major research and development tasks for launching the satellite equipped with quantum-communications gear.

The satellite program’s likelihood for success was confirmed by China’s leading quantum-communications scientist, Pan Jianwei, a CAS academic who is also a professor of quantum physics at the University of Science and Technology of China (USTC) in Hefei, in the eastern province of Anhui. Pan said researchers reported significant progress on systems development after conducting experiments at a test center in Qinghai province, in the northwest

The satellite would be used to transmit encoded data through a method called quantum key distribution (QKD), which relies on cryptographic keys transmitted via light-pulse signals. QKD is said to be nearly impossible to hack, since any attempted eavesdropping would change the quantum states and thus could be quickly detected by data-flow monitors.

A satellite-based quantum-communications system could be used to build a secure information bridge between the nation’s capital and Urumqi, a city that’s the capital of the restive Xinjiang Uyghur Autonomous Region in the west, Pan said.

It’s likely the technology initially will be used to transmit sensitive diplomatic, government-policy and military information. Future applications could include secure transmissions of personal and financial data.

Plans call for China to put additional satellites into orbit after next year’s ground-breaking launch, Pan said, without divulging how many satellites might be deployed or when. He did say that China hopes to complete a QKD system linking Asia and Europe by 2020, and have a worldwide quantum-communications network in place by 2030.

Success stories

In 2009, China became the first country in the world to put quantum-communications technology to work outside of a laboratory.

In October of that year, a team of scientists led by Pan built a secure network for exchanging information among government officials during a military parade in Beijing celebrating the 60th anniversary of the People’s Republic. The demonstration underscored the research project’s key military application.

“China is completely capable of making full use of quantum communications in a regional war,” Pan said. “The direction of development in the future calls for using relay satellites to realize quantum communications and control that covers the entire army.”

The country is also working to configure the new technology for civilian use.

A pilot quantum-communications network that took 18 months to build was completed in February 2012 in Hefei. The network, which cost the city’s government 60 million yuan ($9.6 million), was designed by Pan’s team to link 40 telephones and 16 video cameras installed at city government agencies, military units, financial institutions and health-care offices.

A similar, civilian-focused network built by Pan’s team in Jinan, the provincial capital of the eastern province of Shandong, started operating in March 2014. It connects some 90 users, most of whom tap the network for general business and information.

In late 2012, Pan’s team installed a quantum-communications network that was used to securely connect the Beijing venue hosting a week-long meeting of the 18th National Congress of the Communist Party, with hotel rooms where delegates stayed, as well as the Zhongnanhai compound in Beijing where the nation’s top leaders live and work.

Next on the development agenda is opening the network linking Beijing and Shanghai. Pan is leading that project as well.

If all goes as planned, Pan said, existing networks in Hefei and Jinan would eventually be tied to the Beijing-Shanghai channel to provide secure communications connecting government and financial agencies in each of the four regions. The new network could be operating as early as 2016.

No room for hype

A quantum code expert said that so far, quantum-communications technology development efforts in China have basically focused on protecting national security. “How important it will be for the public and in everyday life are questions that remain unanswered,” said the expert.

To date, Pan said, technical barriers and the high cost of systems development have kept private capital out of what’s now almost exclusively a government initiative. Moreover, it’s still too early to tell whether the technology has any potential commercial value.

Pan has warned the public not to listen to investment come-ons that hype the money-making potential of quantum-communications businesses. At this stage of the game, he said, the focus is still on technological development, not commercial applications.

Nevertheless, since 2009, USTC has been building a commercial enterprise called Anhui Quantum Communication Technology Co. to produce equipment based on technology developed by Pan and his team. The company is China’s largest quantum-communications equipment supplier. Last September, it said it had started mass-producing quantum-cryptography equipment.

Anhui Quantum general manager Zhao Yong said the company’s clients include financial institutions and government agencies seeking to supplement, not replace, conventional communications systems. Their shared goal, he said, is to improve data security.

Once the technology has matured, said Wang Xiangbin, a physicist at Beijing’s Tsinghua University, its range of applications should be targeted to specific industries and regions because of its high barrier in technology and cost. Quantum communications is not a technology suitable for mass use via the Internet, for example, Wang told a group of scientists at a 2012 seminar.

Some experts say it’s wrong to assume that quantum communications is a flawlessly secure means of transmitting information. Another Tsinghua physics professor, Long Guilu, said quantum communication is only theoretically safe, since malfunctioning equipment or operational errors can open doors to risk.

Experimental systems built in 2007 by Chinese and U.S. physicists reportedly achieved secure QKD transmissions between two points more than 100 kilometers apart. But the experiment also taught scientists that data can be intercepted by a third party during a transmission.

In addressing the naysayers, Pan admitted that quantum communications is not perfect. But he defended it as safer than conventional means of communication. In fact, he said, no means of protecting data is more secure than quantum communications.

To test the capacity and safety of the network linking Beijing and Shanghai, Pan said his team plans to ask other communications experts to carefully study the system and look for potential security holes. The network could then be modified in ways that close any detected gaps and reduce hacking risks.

“Assessments and testing will be conducted after the network is completed,” said Pan, who remains convinced that any network using quantum cryptographic technology is more secure than any other communications channel.

Pan has been working on quantum-communications technology since the late 1990s, when he was a researcher at the University of Vienna and working in a partnership with Austrian physicist Anton Zeilinger. That team is credited with developing the first protocol for quantum communications.

Pan worked with Zeilinger about a decade after U.S. physicist Charles Bennett and colleagues at IBM Research built the world’s first functioning quantum cryptographic system. Based on their research, the first network was installed in the U.S. city of Boston.

Like their counterparts in China, researchers in the United States, Japan and European countries continue work to advance the technology. A key effort is aimed at extending that potential reach of quantum-communications systems, which for years were used only to span short distances.

Some experts have even wondered whether the new technology has been misidentified, since its key feature is high-level cryptography, not electronic communications.

“What we can do now is merely encrypt data, which is far from real quantum communications,” said one expert who declined to be named. “Theoretically it can’t be hacked, but in practice it has many limitations.”

Guo Guangcan, director of USTC’s quantum-communications lab, said networks now operating and those being built in China “achieve encryption only,” whereas true communications networks “involve content.”

“It’s not accurate to call it quantum communications,” said Guo.

Whatever it’s called, China appears determined to push ahead with the research and development that paves the way for a new era of secure communications. And according to Pan, that era is still at least a decade away.

“It will take 10 to 20 years to really put (the technology) into practice,” said Pan.

Rewritten by Han Wei

Spies and the Airport Screening Machine

The US works out a free ride for its spooks

I have always fancied having a smorgasbord of passports, each bearing a different name, country of citizenship and photo — just like the spies as we know them, or at least as we understand them from spy fiction and movies like James Bond and CIA agent Jason Bourne in the Bourne Trilogy movies.

However, airport security checks and immigration clearance must be a nightmare for real spies, undercover agents and intelligence officials these days as governments, increasingly wary of the growing sophistication of terrorists, have invented new technologies to try to detect them. Hence the increased tight security measures at airports over the world have created lots of inconvenience for the intelligence community. And the pseudo passports probably don’t even work, given the facial recognition checks on top of the fingerprint hassles that have become commonplace at immigration checkpoints across the globe.

The spymasters know and they care, and they set out to do something about it.

So in late July, the US Transportation Security Administration (TSA) – the agency within the US Department of Homeland Security that exercises authority over the security of the traveling public in America – reportedly put procedures in place to allow the employees of three US intelligence agencies to pass un-scrutinized through airport security checks with convenience… (Read the entire column here and there).