Firewalla vs The Great Firewall of China
Now that Hong Kong has been forced to be part of CCP China, and now has to conform to its state security guidelines, how can Firewalla clients be assured that our devices are secured against state-sponsored surveillance? Chinese companies with over 50 employees must have a state representative overseeing the company in accordance with state law; please comment on the actual and potential changes that have occured within Firewalla since the HK-induction that might alter the viability of the security provided by Firewalla devices.
-
Can @Firewalla please provide a comment on the recent political changes and how they will affect Firewalla internal operations?
Scope of the Law
The Cybersecurity Law is applicable to network operators and businesses in critical sectors. Network operators are defined as network owners, managers, and providers; a network is defined as any system comprised of computers and related equipment that gathers, stores, transmits, exchanges, or processes information. These definitions mean the law is applicable to almost all businesses in China that manage their own email or other data networks. “Critical sectors” encompasses businesses involved in communications, information services, energy, transport, water, financial services, public services, and electronic government services. Law firm Baker McKenzie has also publicly warned that any company that is a supplier or partner with firms in these sectors could also be subject to the law.
The law requires network operators to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request. The law also imposes mandatory testing and certification of computer equipment for critical sector network operators. These tests and certifications mainly relate to Article 21 of the law, requiring network operators to formulate internal security management systems and implement network security protections; adopt technological measures to prevent viruses or unspecified forms of cyber attacks; adopt technological measures to monitor and record the safety of a network; and undertake data classification, back-ups of important data, and encryption. These security measures are fairly standard, and form part of best practice recommendations for firms that gather and store important company and client data.
-
Their main office is in Santa Clara, and the device was designed in the US, but the shipping invoice came from Hong Kong and is produced in China. Prior to the annexation of HK, the worry was limited but now that situation has changed drastically. This is a security device we're talking about, so there is merit to the question.
-
After looking into this, this does seem to be a legitimate question. The take over of Hong Kong by the CCP is so recent though, I wonder if they (Firewalla) even know themselves what the implications are? Also, they are based out of San Jose California so I assume they wouldn't be considered a "network operator" in China even if the hardware was produced in China, although I could be wrong. IF it did consider them a "network operator" the law would require them to store data within China and have it open to spot checks whenever requested. Wow, what a disaster that would be! I think this would be such a long shot but it would be great for them to chime in here and at least let us know whether they think they would be forced to comply with this so called "Cyber Security Law", or whether it's completely irrelevant to them since they are indeed based in the US. Like you said though, this is a dpi network security device, and if somehow it became a way for the CCP to spy on us that would be a security and privacy nightmare, and especially ironic for us IT folks buying this to do the exact opposite!
-
We are in the same boat as many other technology companies in the US that rely on China as a place to manufacture. Remember, China is where all (or most) iPhones, Ipads, Android phones ... network routers, servers ... etc ... are manufactured.
As of the new laws in HK, we are following very closely on that. It is highly possible, in the near future we will stop shipping units to Hong Kong. (Currently, we do not ship to Mainland China)
-
On a related note, I have a comfast outdoor wireless device on my network (manufactured by a China company). I suspected something was off about it because it was the only device i could not see on my network. Well after installing Gold Plus i put that device under a microscope. The thing hacked my Firewalla by MAC spoofing it. It showed up as my Firewalla's WAN and LAN IP address. It had been doing that to my other Routers but i did not know it until now.
Please sign in to leave a comment.
Comments
8 comments