Let me talk about myself: I am Abel, father, son, brother, friend, systems engineer and also lover of good food, philosophy, world history, current affairs and good movies. Now let’s talk about the stuff you might be interested about, because as far as I know “anyone can drink a cold beer”.
Disclaimer: This post does not serve as legal advice and should be considered only as guidelines in your GDPR or China cyber-security planning. Therefore you should work with your legal counsel to make the right decisions based on your business needs and circumstances.
What is GDPR?
General Data Privacy Regulation, or GDPR, takes effect on May 25, 2018. Then the legislation will had a big impact on the way marketers approach their work and the way organizations obtain, store, manage or process the personal data of EU citizens. Even though NiHao Cloud stores its user data outside of the EU, the new law still applies to us, and thus our services comply with GDPR regulations.
How we keep your data safe
Data security has always been the top priority for Sesamedisk by NiHao Cloud. When designing, deploying and maintaining our network, services and applications, we strive to offer solutions that meet the industry’s strictest privacy regulations. Here is how we are compliant with GDPR:
1. Infrastructure:
We choose the biggest and most secure hosting partner AWS (Amazon Web Services) to setup Sesamedisk by NiHao Cloud platform. Now, we ensure a maximum security of you personal data by utilizing AWS tools and services in areas that are applicable for Sesamedisk by NiHao Cloud. Therefore your data is secured by AWS and their GDPR ready compliance certificates: Learn more on how Amazon AWS helps us conform GDPR:
2. Sesamedisk byNiHao Cloud Service:
Sesamedisk by NiHao Cloud only collects essential data to provide professional services for our users/customer. here we include users ID/name, email address, device type & IP. so, this data can be seen by every organization administrator, as required by GDPR.
When users delete their accounts from Sesamedisk by NiHao Cloud and unsubscribe from marketing mailing lists, we do not keep email addresses and you will not receive any more communications from us.
3. List of Vendors
Sesamedisk by NiHao Cloud has carefully chosen 3rd party marketing and support vendors that comply with GDPR.
Websites: are based on current tech that is compliant with GDPR.
Support & Chat: We use support & chat system provided by Zendesk. Learn more about how they abide by GDPR on their website :
Cloud Mailing Notifications: NiHao Cloud uses Drip to send important notifications regarding service and educational or promotional emails. Learn more on how Drip conforms GDPR via their website.
Recommended Resources
Below are a few links for you to assess your own company policies regarding general data collection:
IP loss in China; 6 most common mistakes SMEs & entrepreneurs make.
This article is about IP loss landscape in mainland China. We did a summary analysis of the 6 more common mistakes companies make. here are the results, therefore let’s just get to it.
1. First let’s understanding the IP Legal Landscape and why IP loss happens.
IP landscape.
Many of the “complaints” are made by senior executives who actually do not clearly understand the complexities of IP. Aside they also do not know the mistakes their own companies may have made in protecting it. For example, filling a weak patent application or failing to register their IP at all ( an all-too-common mistake)*
We are interested IP loss because At Sesame Disk by Nihao Cloud one of our main goals is to keep the information safe at all times. Second we have had our selves living in china for many years a lot of experiences with IP protection and theft attempts. As a result we created NiHao Cloud in part because of this.
2. Not preparing the way in advance.
Who are you?
Well known IPR lawyer in China, Dan Harris, in his article Protect Your IP From China: It Is Possible? He states that your IP has value, and if it can be copied with minimum effort, it will be copied. This means you must, therefore, prepare for this reality in advance.
3. Wrong assumptions about china.
Believing that since the company has done what is necessary to secure its rights in North America and Europe, there is nothing special they need to do in China. This is a BIG mistake.
Can you really win in China?
When we asked former lawyer Dan Harris, what’s the most common mistake regarding IP loss in China. Mentioning apart from legal issues, he answered that biggest and most frequent mistake lawyers see. Is on the IT side where foreign companies/start-ups hire a bunch of people in China to write code. These foreign companies do not form a company in China and do not hire coders as employees. In other words, everything these companies do is illegal. Then, years later when the software is done, Chinese partners just walk off with it. At this point there is nothing the foreign company can do about it. This is because the entire operation was illegal in the first place.
4. Not knowing how to keep your trade secrets safe.
Be non-public – it must not be known by the general public or by competitors;
B- What is a Trade SECRET?
Have actual or potential commercial value. As in it must give the owner a competitive advantage or be capable of generating economic benefit.
C- What is a Trade SECRET?
It is information that your competitors would want to know and would give them a commercial advantage.
Guarded by confidentiality measures – the owner must take reasonable measures to protect the confidentiality of the information.
Trade secrets may have many forms. include recipes or formulas, know-how, the status of products. Also services under development, valuable business information. This information or data might be in the form of:
customer lists
cost and price information
suppliers and contractors
contract terms
marketing strategy and plans
etc.
What you need to know about Trade Secrets in Mainland China:
The Asian Red GIANT
China, like most other countries, provides a legal framework for the protection of trade secrets. As such the law provides for remedies in the case that your trade secrets are unlawfully disclosed. This being said you might know some other forms of IP rights such as patents and copyrights that have a finite term. Otherwise trade secrets can theoretically enjoy an infinite term of protection as long as the trade secret remains just that – a secret. However, once the information becomes public information, it no longer enjoys any legal protection. Therefore prevention is the golden rule when it comes to protecting your trade secrets. This is because once the secret is out, there is usually very little that can be done. In addition keeping trade secrets safe involves using a combination of physical, technical and contractual barriers.
Furthermore “Many firms choose to keep their competitive edge by opting not to patent their inventions and trying instead to keep them as trade secrets”
5. Not adopting preventive measures to protect IP loss.
IP Secrets Security
6. Underestimating the importance of proper IT systems to protect IP loss in China.
Bigger companies have their own established IT teams overseas that might be or may not familiar with IT challenges in China. As a matter of fact and especially with the GFW (the Great Firewall of China). Moreover your company should also choose a right IT company in China for services you might need. For example setting up new IT infrastructure in China tends to be complicated as compared to many other places.
According to Niels-Uwe Behrens, an IT expert long established in the Chinese IT sector; underestimating the importance of the role of IT in IP protection is a very common mistake:
“ I have been working in IT in China for more than 20 years. For instance it never stops surprising me how many companies have completely unsecured and open IT systems.”
Also we asked Niels about the current state of IT security awareness in China.
In my experience, I would say that roughly 80% of SMEs in China have at least one or more serious security issues. What’s more in many cases this breaches could be exploited by amateur opportunistic hackers. Not to mention in most cases it is not the hackers to be worried about. Even when 50-80% of the world’s IP hacks are traced back to China.
SMEs in China
In my experience, there are 2 types of SMEs in China: The first type take security seriously. This means their IT infrastructure is set up properly and in a secure way. Additionally their corporate culture prevents any IP leaks.
The second type of organization is less concerned and chooses not to pay much attention to a proper IT set-up since it works as it is. These companies usually adopt the attitude of; “real hackers go after big corporations, not small SMEs like us”, or “we don’t have any data of such importance. Therefore there is no need to encrypt and be overly concerned about security”.
When we think of IP theft we all tend to imagine that there must be some secret hacker organizations that go inside servers rooms and steals secret data in an action movie like fashion. But in reality, everything is much more simple than that. In most cases, especially in China, most trade secrets are stolen by the employees, former or current, who have access to corporate emails or even data server on their personal laptops. In most cases these laptops are not encrypted and can be easily stolen or hacked. Once someone has access to your corporate email or access to the main server, all your important data are at risk of getting out in the open.
This kind of data leaks can be used and will be used to publish your trade secrets or even out-compete your business. Eventually, this event will be registered as one of IP theft cases that are growing ever since 2005.
Civil courts IP cases US vs China
Some additional facts of crucial importance about China
In China employee fluctuation can sometimes reach up to 75% annually, therefore, tendency of data leakage is very high. In Chinese mentality, it is very common that once employees get fired, they feel some sort of ownership of the work they have been doing for the company, and sometimes even devices like laptops or computers have been taken from the workspace. It’s is also very common that entire databases are copied to USB flash drives and later on used to start new businesses and compete with a former employer.
For security reasons bigger foreign companies tend not to use Chinese social media, such as Wechat, Baidu Cloud or QQ, for file sharing or chatting, since these are constantly monitored by the Chinese government. It is better to keep your most important IP and communications isolated securely in your own private server, maintained by yourself or a trusted third party.
Insider IP theft
To maintain safe and reliable IT systems many SMEs are turning to managed service arrangements. From HR point of view, it is much cheaper and more effective to outsource most of the technology hassles to dedicated foreign IT experts, rather than looking for own IT specialists. For an economical monthly fee, these SMEs get a whole IT team responsible for maintaining and updating their systems with the latest security patches.
Finally
Regardless of your approach to IT security, keep in mind that organizations are increasingly dependent on technology, and it is, therefore, important to be as proactive as possible to keep technologies up to date and secure important data from both external and internal threats that tend to increase every year.
Do you have a story about China IP loss? Please share your experience in the comments below.
GFW or the Great Firewall of the Chinese Mainland is the subject of this article, basics you need to understand, how it works. Here you will find the basics of what you need to know about it. After reading this you should be able have a discussion about the GFW. Aside you will be able to continue a deeper research on how to avoid colliding with it head on.
In this article, I would like to explain how Chinese Mainland is controlling their Internet. As I would call it, Chinese Mainland is running a “Mainland Intranet” which is protected by The Great Firewall of China (GFW).
At Sesame Disk / Nihao Cloud we have had a long history of dealing with this “Beast” called the GFW. Give us a try.
Mini Office Firewall
We can compare this with your office or home where your router protects your computers. Meaning the router has local “Parental” like settings that gives access to the Internet. Aside it also controls or blocks websites with possible harmful content for your kids. At least that’s how some companies block Facebook during office hours as well.
Bigger Router- BiggerWall
The GFW works similar but on a much larger scale. Instead of just dealing with your small office, the GFW is filtering all the traffic going in and out of Chinese Mainland.
here I will explain how Internet Traffic works in a short and simple way. By the way you don’t need to be a geek to understand it :).
Understanding Internet Traffic Rules.
Cities in China
Question like. So how does an actual E-Mail gets sent or received over the Internet? Furthermore, how can we browse websites or stream movies?
what happens is more or less the following. First the data to travel fast back and forth it has to follow Internet traffic rules. Second, using these rules all the data gets delivered in little IP packets. Where IP is like a packaging mechanism for internet communications. For instance, lets imagine we want to look at a funny cat video on Youtube. Right away we click to load the video. Internally Youtube server dissembles that video into thousands of little packets and sends it to your laptop/PC/phone. Then these packets get reassembled back into a video again. This happens very fast.
All you need to know from this, that all Internet Traffic travels in little packets.
IP Address
IP Addresses
So how did Youtube know where to send those little packets? On the Internet every destination: computer, website or cellphone has to have an IP Address to send and receive data on the Internet. Google for “my IP” and you can see your own IP address. IP addresses are a bunch of numbers because computers can then convert them into 1’s and 0’s but we need domain names so we can memorise it.
Otherwise, instead of sesamedisk.com, you would see 52.79.32.36. Not the most memorable web address right?
Whats is DNS?
DNS – Domain Name Server
For the “Internet” to understand those Domains names, we have Domain Name Service (DNS). DNS servers translate domain names back into an IP address that.
(sesamedisk.com → 13.124.52.38). There are thousands of those DNS Servers that translate Domain Names into IP Addresses.
OK, enough of dry and boring theory and back to how does the Great Firewall of China and how it works.
DNS Spoofing
The first and most efficient way to block websites is by DNS spoofing or “DNS Cache Poisoning”.
DNS Poisoning
So let’s go back to our cat video. When we type youtube.com on the browser, DNS Server receives a request to check what youtube.com means and send you to the right IP address. This process happens to any Internet communication like web browsing etc.
Any DNS requests for websites outside of Chinese Mainland will be taken to a Deep Package Inspection (DPI) by the GFW. This means, that each little IP Package will be opened and checked for the content like a customs control.
If any pattern found in that Package matches unwanted content a bogus IP Address will be returned and the Website will not open …
That’s why if you are in China and try to reach Youtube.com you will receive this website:
Result of the DNS poisoning done by the GFW.
What they do in many cases is that they take your request for let say nihaocloud.com and resend it to another IP that is also in their list of DNS poisining.
VPN & Encrypted Traffic
VPN Technology
Even though GFW knows that this traffic is encrypted but it can only can guess what is inside. Here lies the biggest opportunity to get the traffic across the GFW. Now GFW is UNCERTAIN, whether this is a simple Youtube access which can be blocked, or this is the most important connection for the financial transactions where by cutting this connection could cause huge damage to the economy.
In other words you need an encryption that is good enough not to be penetrated by current algorithms, as the GFW has deep inspection algorithms. Uses AI to “guess” what is inside packages, etc.
UNCERTAINTY- that’s the biggest headache for the GFW.
The keyword here is “Collateral Damage” which could be caused by blocking encrypted packets. This Collateral Damage has to be kept to a minimum.
understand collateral damage as the term invented by the Americans to describe questionable things that happened under their watch in the Middle East.
So what is the GFW is doing with this?
As we can imagine the staff behind the GFW are not stupid and came up with an “Active Probing” mechanism. The GFW is now looking for the encrypted traffic and guessing the encryption / VPN Protocols.
Then a Probing Servers at GFW takes encrypted packets and forwards the Package to the receiver then waits for the reply. From those replies, the GFW can decide what to do with that Package, drop it or let it go through.
So to sum it up the GFW is working in 2 ways:
DNS Poisoning
Active Probing
One more interesting thing to know is that different networks in Chinese Mainland are running through different filtering. While public Networks like China Unicom or Telecom have strongest filters, Networks for Universities (eg the CERNet – China Education and Research Network) is filtered less harshly.
We should keep in mind that the GFW is a very dynamic Beast. It is always trying to find the optimal balance between Collateral Damage and efficiently blocking the Internet. So some Services can be blocked today, but not tomorrow and again blocked the day after.
Those who live in Chinese Mainland know that during big public events or holidays the GFW is controlling much tougher than usual. Also, the GFW is learning and being constantly developed and improved. So what we understand today might change tomorrow. The Chinese Government invests on it as if their lives dependents on it. At the end… Who knows?
All we know can be found by research and testing but nobody will explain how it really works. I would also like to mention that this article is not only based on my own 20 year IT experience in Chinese Mainland but also on a Research, presented at the annual Conference of the CCC –Chaos Computer Club Hamburg.
So there will be always a battle between the GFW and VPN Providers and there will always be the problem of Collateral Damage and nobody wants to hurt the economy.
The GFW is well prepared and will always be as far as the Chinese government is concerned. Also, do not forget that Chinese Mainland also has placed legal notices to fight this battle offline.
UPDATE: Sesame Disk / NiHao Cloud was interviewed by BBC Business daily, about China’s Internet Privacy Clampdown. You can listen to the full episode here.
