China Is Not Investigating IBM, Oracle and EMC, Even as Tensions Increase

Published on August 19, 2013
by Arik Hesseldahl


Executives at three U.S. giants in the enterprise IT space — IBM, Oracle and EMC — are becoming increasingly worried in the wake of reports suggesting they might be under investigation by authorities in China over concerns that their products might pose a security threat.

This is not the case, but AllThingsD inaccurately reported on Friday that there was an official investigation under way, basing the post on a Reuters story that cited China’s Ministry of Public Security, the country’s primary law-enforcement agency and others.

After additional reporting, we have determined that our story was incorrect, and we apologize to readers for being lax in our efforts to determine if there was an investigation happening.

Spokespeople for all three companies declined to comment for the record on the matter to AllThingsD, although sources inside all three said they were unaware of any investigations, whether formal or informal.

Still, there is certainly increased concern inside at least two of the companies — and indeed many other U.S. companies — due to a noticeable escalation in tension between the U.S. and China on the cyber-security front. Recent disclosures by the former NSA contractor Edward Snowden have suggested that U.S. spy agencies may have used their knowledge and access to products put out by U.S. companies to spy on Chinese government agencies and private companies.

A source at one of the three U.S. companies, who asked to be neither named nor identified by company affiliation, said there has been a clear uptick in mentions in local tech and business media of a growing desire among Chinese IT customers to “buy Chinese.” As yet, this desire hasn’t amounted to a specific action or change in buying habits, but the companies are bracing for such an impact in a key market.

None of the three companies break out their sales in China in earnings reports, reporting sales in that country as part of the Asia-Pacific region.

For its fiscal year 2012, IBM reported $26 billion, or about 25 percent of overall revenue, in the Asia-Pacific region. IBM said in its 10-K filing with the Securities and Exchange Commission that China was the fastest-growing of the so-called BRIC countries (Brazil, Russia, India and China), growing by about 18 percent during the year. Oracle has said that about $6.3 billion worth of sales in the Asia-Pacific region, including China, amounted to about 32 percent of its total sales in its fiscal year ended May 31. And EMC reported about $3 billion worth of sales in the Asia-Pacific region for the fiscal year ended Dec. 31, about 14 percent of total sales.

The Chinese market continues to grow strongly, although there is a long-term view within China that favors building up domestic champions in a given market. “China’s official IT policy across the board is to foster the development of home-grown tech standards and domestic powerhouses in all sectors,” said Mark Natkin, managing director of Marbridge Consulting, a telecom and IT market research and consulting firm based in Beijing.

It’s certainly clear that the disclosures by Snowden about PRISM, the NSA’s controversial monitoring program, have given Chinese officials a lot of ammunition to lob back at the U.S.

That is especially true after years of official hand-wringing over security concerns in Washington by Congress and the Obama administration about Huawei, the China-based networking equipment vendor. Earlier this year, Congress added a requirement to a spending law that effectively bans Huawei equipment from being purchased by federal agencies.

China’s commerce ministry has defended Huawei, and warned last year that efforts to hurt its ability to do business in the U.S. could ultimately harm U.S.-China relations.

Another sore point was a report published earlier this year by the security research firm Mandiant that essentially accused a unit of China’s People’s Liberation Army of attacking the networks of numerous U.S., British and Canadian companies.

As a counter to that, the growing suspicion within the country around Western tech companies operating in China is sometimes referred to locally as the “IOE problem,” referring to the trio of IBM, Oracle and EMC, who are the most visible there.

Still, no matter how badly China’s companies and government agencies may want to buy their IT hardware and software from local vendors, that’s unlikely for now. As an executive from one of the three companies put it: “The fact is, we all make a lot of great technology and they need it.”

Under current practices, when Chinese agencies and companies buy IT products from U.S. suppliers, those products are subjected to routine testing and reviews for security concerns in much the same way they’re evaluated in the U.S. Sources at all three companies said they’ve noticed no recent change in those policies or practices in the wake of the PRISM disclosures, although Chinese concerns have certainly increased.

As the executive of one of the three companies put it: “Is there suspicion in China about back doors in [our] products? Yes. Are there back doors in the products? No.”

But, given the amount of business at stake and the increased tensions, sources at two of the companies in question note that they are preparing for the Chinese government to be watching over their efforts more closely than ever.

Return to: China Is Not Investigating IBM, Oracle and EMC, Even as Tensions Increase