Major audit and consulting firms advise US executives to use burner phones in Hong Kong due to growing data security concerns, reflecting changing corporate security practices.
Corporate travel policies to China and China controlled regions, for my entire adult life, have always been any data that goes into China is going to be exfiltrated. So clean devices for travel, no sensitive information on those devices, those devices get refreshed when they get back. And not plugged into the main network.
This is over multiple international corporations, with headquarters in different countries. Many countries, China included, use their national security and spying apparatus for business advantage for national companies. China’s just a little more enthusiastic than everyone else
The difference between clean devices for travel, and burner devices, is you’re not trying to be anonymous. You’re just minimizing the amount of data you’re exposing. Burner implies people attempting to be anonymous, which isn’t a great idea for a corporations, especially in China. Many corporations have a fiduciary duty to record their communications, so a burner device would imply they’re trying to circumvent their compliance obligations, which they’re not trying to do.
The title is a little sensational.
Corporate travel policies to China and China controlled regions, for my entire adult life, have always been any data that goes into China is going to be exfiltrated. So clean devices for travel, no sensitive information on those devices, those devices get refreshed when they get back. And not plugged into the main network.
This is over multiple international corporations, with headquarters in different countries. Many countries, China included, use their national security and spying apparatus for business advantage for national companies. China’s just a little more enthusiastic than everyone else
The difference between clean devices for travel, and burner devices, is you’re not trying to be anonymous. You’re just minimizing the amount of data you’re exposing. Burner implies people attempting to be anonymous, which isn’t a great idea for a corporations, especially in China. Many corporations have a fiduciary duty to record their communications, so a burner device would imply they’re trying to circumvent their compliance obligations, which they’re not trying to do.
The significance is that Hong Kong used to be exempt from such requirements, because it was viewed as sufficiently separate from China. No longer.
I concur. It’s not only China, depending on the company’s market it can also be the US, Russia and probably others.