Safety first for IT executives in China

Senior executives in US IT companies have been advised by the US Government to follow extremely strict policies for visits to China which extend far beyond standard software protection.

The policies encourage them to leave their standard IT equipment at home and to buy separate gear only for use in China.

Mark Bregman, chief technology officer at security firm Symantec said he left his MacBook Pro behind in the US and took his MacBook Air whenever he flew to China. Bregman said he only ever used the Air in China and re-imaged the machine every time he returned home.

However, he said he was "pretty relaxed" when it came to following the security policies. "I don't let my IT department near my laptop," he said.

"I was advised by people in three-letter agencies in the US Government to weigh the machine before I left and when I got back," Bregman said.

"They also don't want me to take my phone. They said to buy a mobile phone in the US and throw it away when you come back."

Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.

He said the "software supply concern" was due to fears that Chinese developers would insert malicious code into software sold to American companies or the US government.

"If you're a big company doing development in China the US government asks, ‘Why should we trust you? We won't buy from you.'"

However, he said every software company used developers in China including Microsoft, Oracle and others.

And Bregman asked why the US should fear Chinese developers but not US developers, when terrorist attacks were carried out in the US by American citizens.

Instead of worrying about the software products produced in China, the US Government should look at the tools and processes software vendors use to test their code, he said.

Symantec, as a security vendor which analyses code for malware, should be considered very reliable, said Bregman.

Bregman said the US had never asked Symantec to gather evidence using its own products.

"I'm not paid by the US Government. Why would I do it?

"I want all governments and customers to be assured that the software I'm selling them does what I say it does and nothing more."