Sunday, November 10, 2019

Experts warn of spying risk in AFP deal with China-backed telco (Pt. 1)

From Rappler (Nov 10, 2019): Experts warn of spying risk in AFP deal with China-backed telco

Rappler obtains copies of the military’s co-location agreements with Dito Telecommunity, Globe Telecom, and Smart Communications. Security analysts say the arrangements leave military communications open to intercepts.

PART 1

MANILA, Philippines – The Philippine military is opening up its bases and camps to Chinese government presence by way of a telecommunication company's cell sites – and it says that's all right, despite warnings that it would leave itself vulnerable to spying.

On September 11, the Armed Forces of the Philippines (AFP) signed a memorandum of agreement with the Mindanao Islamic Telephone Company (Mislatel), allowing the company to "build facilities in military camps and installations,” on communication towers within AFP properties.

Mislatel, which has rebranded as "Dito Telecommunity (Dito)," is a consortium of Filipino businessman Dennis Uy’s holdings firm Udenna Corporation with a 35% stake, his listed company Chelsea Logistics with 25%, and the Chinese government-owned and -controlled China Telecom with 40%.

Why should this matter? 

This means the Chinese government, through China Telecom, has a 40% equity in Mislatel/Dito.

More than just a shareholder, China Telecom will be in charge of building Dito's nationwide telecommunication infrastructure, as Uy admitted his companies have no such expertise or experience.

China Telecom, by its country's law, is mandated to spy for its government. Chapter 1, Article 7 of China’s National Intelligence Law states, "Any organization or citizen shall support, assist, and cooperate with the state intelligence work in accordance with the law..."

Under President Rodrigo Duterte, the Philippines has moved closer to China. Duterte has downplayed his country's international law-backed claim to sovereign rights in the West Philippine Sea in exchange for loans and pledges of financial cooperation.

He agreed to joint exploration of the West Philippine Sea's oil and gas reserves. He's kept mum about China's encroachment on Philippine waters, its abuses – even aggression – against Filipinos, especially fishermen. He has also allowed the entry of Chinese nationals working in the offshore gaming industry and Chinese-financed construction projects.

All this while Chinese coast guard and naval ships criss-cross and even patrol the West Philippine Sea nearly unchallenged. Besides a perfunctory, unimplementable order to drive these vessels out, Duterte has largely tolerated this, too.

Given this context, shouldn't the deal with a China-backed telco raise concerns within the military itself? No, the AFP said, because they have "safeguards in place" and the telco's equipment would be "separate" from the military's. Exactly how they would see to this, the AFP's top brass would not elaborate.

5 critical points

To better understand this "co-location" arrangement between the military and Mislatel/Dito, Rappler obtained a copy of their memorandum of agreement (MOA), as well as those of Globe Telecom and Smart Communications, and sought help from 3 independent subject matter experts to examine them.

Here, in a nutshell, is what we found out:
  • The MOA with Dito does not provide real safeguards against information breaches.
  • It does not explicitly limit where the telco can place its facilities within military properties. In fact, the contract states that Mislatel/Dito may co-locate its facilities in "all sites owned by AFP."
  • Part of the exchange deal is for Dito to help "design, develop, and upgrade" the AFP's information systems, products, and services – which would require access to the military's communication systems.
  • A provision allows Dito to relocate its facilities "to any designated place" inside the military property should the AFP require it. This is vague compared to another telco's version of this provision, and may be taken advantage of by Dito's Chinese component.
  • A security provision unique to Dito's MOA inherently acknowledges that the arrangement may enable Dito to obtain classified information from the AFP, but "guarantees" that it would not – which raises false hopes, experts say.
Are there other concerns? 

Beyond these, the experts warned of the more insidious and far-reaching effects of having operatives from China Telecom accessing Philippine military properties and dealing closely with officers privy to vital information and influential in the country's security establishment.

The matter also touches on the lack of an overarching cybersecurity facility or program to protect the entire country's communications and information databases from interception.

The 3 subject matter experts interviewed for this story, and who examined the military's MOAs with Dito, Globe, and Smart are the following:
  • Jose Antonio Custodio, defense analyst and former consultant of the National Security Council
  • An information security practitioner of more than 30 years who “built telcos from scratch,” and who spoke to Rappler on condition of anonymity
  • A retired high-ranking military officer, who spoke to Rappler on condition of anonymity



CO-LOCATION AGREEMENT. The first page of the memorandum of agreement between the Armed Forces of the Philippines and Dito Telecommunity, allowing the telco to build facilities in military properties. Photo obtained by Rappler

The Dito agreement

Dito's deal with the military allows the telco to “co-locate some of their Microwave Relay and Base Transceiver Stations for mobile communications services and equipment with that of the AFP” for "economic, technical and security reasons,” the MOA says.

This saves Dito money otherwise spent on building new towers.

Co-locating with the military protects the 3rd telco, too, from rebel attacks – an incentive that Globe and Smart also seized in their earlier decision to set up towers in military camps. Communist guerrillas have been attacking their towers since the 1990s.

The deal also allows the military to do the same with Dito’s own properties: “AFP may possibly intend to co-locate its future telecommunication sites with that of Mislatel (Dito).”

The MOA requires Dito to “consult with and obtain concurrence and approval” of the AFP in all installation plans involving military facilities, and to make sure not to “undermine” any military function.

Dito will cover all expenses that their co-location with the military will incur, including taxes.

The AFP, meanwhile, “shall determine the specific location as well as the rental value” of the property it will lend Mislatel/Dito, making sure the location is “aligned with the Master Development Plan of the bases/camps/reservations, to ensure that the needs of the AFP are the priority.”

Does the contract involve money? As in the deals with Globe and Smart, the military will not receive cash from Mislatel/Dito for the use of its properties. Instead, “settlement of accounts shall be by offsetting arrangement.”

Dito will give the AFP the following services equivalent to the rental value of the co-located properties:
  • "Supply, delivery and installation of fix[ed] and mobile CEIS (Communications, Electronics and Information Systems) equipment and accessories"
  • “Design, development, upgrade of AFP information systems, products and services from affiliates like video conferencing, IPVPN (Internet Protocol Virtual Private Network), application services, consultancy”
  • “ICT (Information and Communication Technology)-related training of AFP CEIS personnel to be provided by Mislatel or by a third party that regularly offer[s] the required training for the AFP personnel.”
The MOA stipulates other responsibilities of both parties such as maintaining and repairing the sites, guidelines for their exchange of services, liabilities, and grounds for termination.



ALL SITES. The 3rd provision in this article of the memorandum of agreement between the Armed Forces of the Philippines and Dito Telecommunity allows co-location in 'all sites owned' by either party. Photo obtained by Rappler

Where exactly will Dito put up its cell sites? The MOA’s article on “Exchange of Services” says, “The AFP shall allow co-location in the sites it owns.” The provision then points to an “Annex A,” a list of the specific locations in AFP properties co-located with the telco.

In the case of Dito, this “Annex A” is blank.

A note at the bottom of the empty list says, “Sites to be determined after the approval of site survey thru Confidentiality Agreement.”

Location of Globe and Smart towers
Globe’s “Annex A” lists 42 AFP properties, while Smart’s contains 31.

They include some crucial locations such as Malacañang Park and the Philippine Navy Headquarters in Manila, Villamor Air Base in Pasay City, the Naval Station in Sangley Point, Cavite City, Clark and Basa Air Bases in Pampanga, the Philippine Army Headquarters and the Marine Barracks in Fort Bonifacio, Taguig City, and the AFP General Headquarters, Camp Aguinaldo, in Quezon City.

Because the AFP granted Dito a “similar arrangement” with those of Globe and Smart, Custodio said the 3rd telco will likely lobby for access to the same sites given to the first two.

Besides, another provision in the same article of the MOA states, “The AFP shall allow Mislatel (Dito) to co-locate its facilities in all sites owned by AFP,” emphasis ours. The AFP also gets the same arrangement from Dito, for as long as its equipment does not interfere with the telco’s.

Likewise, “Mislatel (Dito) in any way is not allowed to reconfigure or exploit the configuration of equipment without authority from the AFP.”

Although the AFP told the media that Dito's cell sites would be built “not precisely inside camps” and be limited to “military reservations,” the MOA itself does not mention these.



RELOCATION/RECOVERY. The third provision under this section of the contract between the military and Dito Telecommunity allows facility relocation 'to any designated place' within the military property. Photo obtained by Rappler

Are there marked differences in the contracts with the 3 telcos? Yes. One such difference is a sub-provision under the “Relocation/Recovery of Facilities” provision.

Across the 3 MOAs, the “Host shall have the right to recall or modify the allocated space and use of support facilities to satisfy their own priority requirements.” This goes both ways – for AFP properties lent to Dito and vice versa.

All 3 contracts give the “Co-locator,” let’s say the telco, 180 days to comply with the AFP’s request to relocate its cell site.

So in case the military wants the telco to move its cell site, the telco is required to do so within half a year. But who decides on the new location?

Globe’s MOA states, “For this purpose, the Co-locator may relocate its facilities to a place mutually agreed upon by the Host and the Co-locator within the Host’s premises,” emphasis ours.

Smart’s and Dito’s MOAs state, “For this purpose, the Co-locator may relocate its facilities to any designated place with[in] the Host’s premises,” emphasis ours.

Rappler’s telco information security source said this was probably due to “cut-and-paste” – the drafters of the 3rd telco’s MOA must have patterned it after the earlier two. In fact, the Dito contract's wording closely resembles Smart's.

Smart’s MOA was notarized on October 24, 2018, according to the date stamp on the copy obtained by Rappler. The notary date stamp on our copy of Globe’s contract is 3 years earlier – November 11, 2015.

This just means that Smart’s contract was renewed more recently than Globe’s, our telco source said. Smart’s contract is actually older because it was the first telco to seek co-location with the military, the source added.

When Globe applied for the same arrangement, the wording on relocation/recovery of facilities was tightened from “any designated place” to “a place mutually agreed upon by the Host and the Co-locator” because the first phrase was deemed imprecise, the telco source said.

An opening for China

“It’s vague. It’s ambiguous,” Custodio said of the provision in the MOA of Dito.

“Because they based it on an earlier MOA, it’s the same, yes. This one is similar to Smart’s. The difference is in the entities. Dito is partly-Chinese owned, 40% owned by the Chinese government, which has a law that states that a Chinese company is mandated to serve Beijing,” he said.

“We don’t know why from a very precise language with Globe, we jumped to something that was ambiguous with Dito. But the point is, if you’re a Chinese intelligence operative, you’re going to take advantage of that. And basically, any Chinese presence in Mislatel will definitely have an intelligence background or an intelligence network behind him. Any Chinese presence. Not the Filipino component but the Chinese component. That is a given already and the AFP should know that,” Custodio said.

Was this deliberate or a mere lapse? According to Custodio: "I don’t know with the AFP. But now this gives the Chinese an opening."

The telco information security source said it could have been an honest mistake because it appears to have been patterned after Smart’s contract.

“Vague ‘yon eh. ‘Yung sa Smart kasi, nauna na ‘yan talaga eh, at the time, wala naman kasing suspicion of such thing eh,” the telco source said. (That’s vague. Smart’s contract just really came earlier and at the time, there was no suspicion of such thing.)

“It should be ‘mutually agreed’ and it should be ‘at the designated place decided by the host as the appropriate location.’ Should always be the host because they’re the property owner,” he added.

The telco source agreed that the provision in the Dito contract, and Smart’s for that matter, may be prone to exploitation – and needs to be amended.

“Should be ‘mutually agreed,’” he stressed. (To be concluded) – Rappler.com

READ: Conclusion | Experts warn of spying risk in AFP deal with China-backed telco

https://www.rappler.com/newsbreak/in-depth/244539-experts-warn-spying-risk-military-contract-china-backed-telco

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.