August 22, 2020 |
Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:All Posts by Malicious Life Podcast
When Western technology companies marketed research, goods, services and employees to China to help build the most impressive internet censorship and cyber spying apparatuses in the world, they were acting apolitically. The consequences of those actions, however, were far from apolitical. Take, for instance, the Falun Gong religious movement.
In a vacuum, Falun Gong isn’t the most attractive protagonist of a podcast episode. In addition to peace, meditation and transcendence, its founder, Li Hongzhi, is one of those religious leaders who also preaches about the immorality of homosexuality, and aliens on Earth influencing global politics. In the U.S. and Europe, Falun Gong is known for aligning with the alt-right, most notably by having founded The Epoch Times, a pro-Trump paper with a penchant for conspiracies. And the movement’s official emblem–the Falun–is basically just a bunch of swastikas. Now, look: on its own, I get it–for thousands of years before the Nazis, the swastika was a perfectly innocent symbol in ancient Buddhism. But considering Falun Gong was invented in the 1990s, you’d figure they could’ve gone with, like, anything else.
So Falun Gong may be off-putting. But in the mid-90s they came under the ire of the Chinese state in a way you wouldn’t wish upon your worst enemies. The movement was growing, and failing to comply with the secular government’s actions to reign in its influence. So the government banned their books and made their practice, in essence, criminal. The conflict between the Communist Party and Falun Gong was epitomized when, just after midnight on July 20th, 1999, hundreds, if not thousands of innocent members were forcibly taken from their homes and arrested by state police.
That event set the tone for what was to come. Throughout the 21st century, Falun Gong members have been targeted, surveilled and sent to prisons. According to various reports from Amnesty International, The Washington Post and others, those prisoners have been subject to forced labor, force feeding, sleep deprivation, brainwashing, and other forms of torture. They’ve been killed, and worse.
Worse like in 2006, when a human rights lawyer partnered with a former Secretary of State of Canada to investigate something odd that was happening in Chinese hospitals. You see, if you lived in Canada, and you needed an organ transplant, the average wait time would have been over half a year. And the Canadian healthcare system was pretty good, with a relatively high number of voluntary organ donors. What was odd was that in China, beginning in 1999, it only took one or two weeks for most people to receive organ transplants. That’s insanely quick, especially considering the rates of organ donation in the country were quite low. Where, then, were Chinese hospitals getting all those organs?
You’ve probably guessed it. I’ll save you from the more gruesome details, and just say two things. First: between 1999 and 2016, the research identified up to 1.5 million Chinese people who may have been killed for their organs. Second: in their report, the researchers transcribed phone calls with actual doctors who admitted to the practice. It’s likely that thousands upon thousands of Chinese people are walking around the world today with organs forcibly removed from people targeted simply because of their religious beliefs. Of course, the Western technology companies that helped build China’s digital policing and cyberspying capabilities couldn’t have predicted that their technology would be used in service of such horrific discrimination.
In this episode of our show, we’re going to talk about one of the most underreported, least-known, most important stories in technology. It involves a lawsuit–an ongoing one, being delayed by a Supreme Court case and complications of Coronavirus. Once a ruling in this lawsuit is reached, however, it will have ramifications across the world.
But since this case is still ongoing, our episode will be a little different than usual. Instead of telling you the whole story, then wrapping it up at the end, we’re going to let you decide. We’ll go through the arguments for and against so that all of you out there, for yourselves, can determine what you think should happen to the defendant.
So please: take a seat in the juror’s box. We’re about to begin.
INTRO TO PLAINTIFFS
Meet Paul Hoffman. He has a kind of “friendly uncle” energy to him–the kind of guy you could picture yourself going fishing with. He has that kind of face, too–doughy, a furry moustache. You wouldn’t guess, based on appearance alone, that Paul is one of the most respected human rights attorneys in the country. But he is. He’s argued before the Supreme Court of the United States on numerous occasions.
On April 18th, 2017, he’s arguing before the Ninth District Court of the United States, on behalf of anonymous members of the Falun Gong movement. The defendants: Cisco Systems Incorporated in San Jose, California, as well as John Chambers, the company CEO, and Freddy Cheung, VP of Cisco China. The subject is “Golden Shield”–the massive Chinese IT infrastructure project which combined internet censorship and pervasive Chinese state cyberspying.
The prosecution’s claim is simple. From their opening brief, quote: “Cisco designed, tailored, and integrated its products and features to target Falun Gong believers and to facilitate persecution, torture, and other abuses.” End quote.
“[Hoffman] …and it wasn’t just the Golden Shield. They could have sold the Golden Shield for just the crime control technology. They sat down with the Chinese, and the chinese wanted features in this system that would enable them to prosecute the Falun Gong in those ways that everybody knew they were doing. That’s what they wanted, that’s what they got.”
Did one of the most well-respected technology companies in America really collaborate in persecution and, by extension, allow for the torture of millions of innocent people? Cisco would certainly have something to say about that.
INTRO TO DEFENSE
Unlike Paul Hoffman, Kathleen Sullivan is exactly how you’d imagine an all-star corporate lawyer. She’s well-put-together, well-spoken and clear and always matter-of-fact. If she were your law school teacher, you could expect a tough semester ahead. If she were your aunt, you wouldn’t even consider misbehaving during a Thanksgiving dinner.
And she’s extremely well-accomplished–former Harvard Law professor, former Dean of Stanford Law School, and the first and only woman ever named partner at one of the U.S.’s top 100 law firms. When Barack Obama was president, Kathleen was being considered for a position on the Supreme Court. If all that isn’t enough for you, consider this: in 2005, she took the California bar exam and failed. In response, many in the legal community questioned the viability of the test itself. Do you realize how good you have to be to fail a test that has been around for decades, and then have people blame the test? She did end up taking it again the following year, and she passed.
In Doe v. Cisco, representing the defense, Kathleen stands up to make her opening argument.
“[Sullivan] I’d like to suggest that the court should begin where Mr. Hoffman ended, and that is with the words ‘United States’, or in that particular instance the words ‘San Jose.’ Because that’s the easiest grounds to you to affirm here. The plaintiff failed to allege conduct in the territory of the United States that constitutes aiding and abetting the alleged international law violations here, and after Kiobel – that’s essential for the survival of their claim.”
It’s no accident that, within 30 seconds of her opening statement, Kathleen is referencing “Kiobel.” Since you weren’t a juror on that case, let’s fill you in.
In 2013, Esther Kiobel–the widow of a man sentenced to death by the Nigerian dictatorship of the ‘90s–sued Royal Dutch Petroleum, known better as “Shell,” the oil company. The case made it all the way to the Supreme Court.
Her claim, in that case, was that Shell oil company had been complicit in human rights violations carried out against her husband and eight other activists, collectively known as the “Ogoni Nine.” Those Nigerian citizens had been protesting Shell’s presence in their lands, and for doing so were targeted and killed by government soldiers. According to Esther Kiobel, Shell knew of and even encouraged that government violence.
Sound familiar? The Kiobel case had massive ramifications for how international companies could be sued for actions taken outside of United States borders.
Representing the plaintiffs was a renowned human rights lawyer – Paul Hoffman. And his opponent, representing the defense? None other than Kathleen Sullivan. Her first words in the courtroom, as she steps up to make her opening argument, are these:
“Mister Chief Justice and may it please the court – this case has nothing to do with the United States. It’s Nigerian plaintiffs, suing an English and Dutch company, for activity alleged to have aided and abetted the Nigerian government for conduct taking place entirely within Nigeria.”
You can sense the confidence in her words. Her argument was air-tight: a European company, operating in Africa, can’t be sued in the United States, even if the plaintiffs now lived there.
By the end of Kiobel versus Royal Dutch Petroleum, little was decided regarding what crimes Shell had actually committed in Nigeria. Because they didn’t matter. The case would be dismissed, in a 5 to 2 ruling, on the grounds that it wasn’t relevant to the U.S. judicial system.
You can tell, now, why Cisco hired Kathleen Sullivan to argue on their behalf in Doe versus Cisco. She wasn’t just a good lawyer–she was the lawyer who beat Paul Hoffman, in the Supreme Court, on a case involving the corporate aiding of human rights abuses in a foreign country.
This is, then, the first argument you – the jury – must consider: does the US judicial system have any jurisdiction over crimes committed by China, on Chinese citizens? It’s a legal question, but also a moral one.
“[Sullivan] There are a lot of things in our system that… the French believe in rounding up people who send neo-nazi stuff over the internet. The British believe in rounding up people who encourage jihad over the internet. We don’t agree with those things, but other systems might. And it’s not up to a United States company to determine the foreign policy of the United States. IF the foreign policy of the US says that it’s Ok to sell internet equipment to France, Britain and China – so this court should not create a lavish, lenient, aiding and abetting case based on international tribunals.”
Basically, Kathleen Sullivan asks: what right does one country have to judge the laws of some other country? But, then again, even the judges know that this argument has its limitations:
“[Judge] If you had a system identifying jews in Europe to be rounded up to be sent to…concentration centers. […] If we manufactured an internet device and sold it to Germany for this specific purpose of rounding up Jews who we knew would then be sent to concentration camps – that would not be a violation of International law?…”
The judge’s hypothetical makes sense, right? In what court in the world could you get away with selling poison gas to Hitler? By the same token, should we not hold a technology company liable for selling networking equipment to a government which was known to persecute innocents?
IS KNOWING ENOUGH?
Let’s move on with our case. The prosecution says that Cisco’s executives in America had to know what would be the consequences of their business decisions.
“[Hoffman] The State Department, every year since 1999, has described what this campaign of persecution is, has described that it inclues torture and extra-juditial killing and forced labor and the use of psychiatric hospitals. There had been widespread reports in the media, there had been reports by the UN, by Human Rights organizations. So, Cisco, doing any Due Diligence or just existing in the world would know.”
According to the prosecution, if Cisco simply knew that their actions would lead to such persecution and torture, that knowledge in itself would be grounds for criminal punishment.
Now, don’t worry, listeners, I can hear what some of you out there are thinking. “But Ran, it’s not exactly a crime to sell your product. The role of a company is to make good things, not monitor how those things are being used by customers.”
Listeners, I hear you. It’s a good point. Say, for example, I were to use this podcast to broadcast to the world that Nate Nelson is ugly and stupid. You wouldn’t blame the microphone company for capturing my voice so crisply, would you? A microphone could be used for a podcast, or it could be used to call Nate Nelson ugly and stupid. The microphone manufacturer would be responsible for neither the podcast, nor that one hundred percent accurate fact about Nate.
“[Nate] Hey!…actually, now that I think about it, you have a point.”
Similarly, Cisco could sell technology to China for lawful purposes without being complicit in their unlawful uses of that same technology.
“[Sullivan] Just like you could look in any newspaper and see that American police commit excessive force against certain minorities and against certain gangs. That doesn’t mean that a company that sells Cruzer cars or surveillance cameras or computer technology to hook the patrol car up to the squad room is aiding and abetting the use of excessive force. They’re aiding and abetting the law enforcement. Golden Shield is a law enforcement device.”
I must admit, Sullivan does have a point here. Except, to the prosecution, Cisco didn’t just know about China’s human rights abuses and sell to them anyway. They actually participated in those abuses.
“[Hoffman] They enabled the Chinese to find 90% of the Falun Gong and they put it in their marketing material. They were better than anybody else because they could find more Falun Gong to put into this system of persecution. That’s what they did.”
In other words, it may be that companies like Cisco not only knew that their equipment would aid in the persecution of Falun Gong members, but they actively marketed to the government how their equipment would be better at persecuting Falon Gong than the competition. If the prosecution has the evidence they claimed to have, it might mean that Cisco Systems, its VP in China, and the CEO of the entire company were accomplice to human rights abuses against members of Falun Gong.
So, that was the 2nd argument in our case: is it enough to know about a crime, to be considered as taking part in it? To what extent is a company responsible for crimes done using its products – if the crime committed isn’t even considered a crime in China? Yeah, it’s a tough question. ucky for me – it’s you, the listener, who needs to decide.
Let’s assume, for the sake of the argument, that Cisco did know about the crimes committed against Falun Gong members by China. Even so, we need to ask ourselves if Cisco’s equipment had what’s known as a “substantial effect” in the criminal act. What is a ‘substantial effect?’
Well, here’s what the prosecution alleges Cisco did, according to the appellate brief. Quote:
“By integrating Falun Gong databases with an “Internet Surveillance System,” which identifies and tracks Falun Gong believers’ Internet activities, Cisco’s technology fed sensitive and tailored information on detainees used during interrogation, forced conversion, and torture sessions to Chinese security. Cisco further integrated these Falun Gong databases into China’s anti-Falun Gong security infrastructure, including its police detention centers, clandestine jails, Public Security mental hospitals devoted to political opponents, and other detention and torture sites. Cisco’s designs show how to track, monitor and identify Falun Gong believers to further their religious persecution.”
If we assume, for the moment, that the prosecution has the evidence necessary to back up these claims, we should ask ourselves: is this enough to prove a guilty act? Does tracking, monitoring, identifying and feeding personal information about Falun Gong members have a substantial-enough effect on those people’s persecution and torture? Kathleen Sullivan, naturally, disagrees:
“[Sullivan] There’s a fundamental disconnect between identifying members of Falon Gong, which could lead to perfectly lawful means of re-education or punishment under Chinese law – they wouldn’t be in our system, but they could be lawful – there’s a fundamental disconnect between saying that the identification then is what enables the torture. The torture takes place far away in time and place. It’s done exclusively by Chinese actors in Chinese locations in Chinese prisons, in Chinese labor camps.”
According to the defense-
“Customary international law suggests that such assistance “must be ‘specifically’—rather than ‘in some way’—directed towards” the commission of that crime.”
In other words, a crime shouldn’t be vague–you either acted in service of a crime, or you did not. If so, how substantial are routers and databases to the violations of Human Rights conducted by China on Falun Gong members? Again, it’s not an easy question to answer.
In summary, we have three overarching points of concern in the case against Cisco. First: jurisdiction. Can crimes committed by the government and police in China be causally tied to business executives in California? Second: is it Cisco’s responsibility to know how their technology will be used? If they knew about Chinese human rights abuses, is that alone enough to indict them for their business dealings, or would they have had to intentionally collaborate in the crimes against Falun Gong? Third: Did Cisco “substantially” contribute to the crimes of the Chinese government? And if so, does it matter whether that contribution was “specifically directed” towards persecution and torture?
With Coronavirus being what it is, the final decision in Doe I vs. Cisco Systems Inc. will likely not come around for a while. But you, the juror, have now heard the main arguments. What do you think? Write to me on Twitter, @RanLevi, and we’ll share some of your responses at the end of our next episode of Malicious Life.