Are Foreign-Owned IT Asset Disposition Companies Stealing Your Data?

There’s been a lot of talk in recent years about a data breaches. The theft and sale of stolen data, including personally identifying information (PII), corporations’ trade secrets, and world governments’ most embarrassing classified information has become both commonplace and lucrative. In fact, data is widely considered more valuable than commodities like oil or gold.

At the same time, an age-old problem has gotten renewed attention over the last few years: countries that do not abide by international intellectual property (IP) or copyright laws. Right or wrong, one country in particular is consistently accused of impropriety in this area: China.

Along with China, other governments around the world have upped their investment and expertise in data theft, with teams of specialized state actor hackers with adorable-sounding nicknames on their payrolls. Two of the other countries accused? Russia and Iran.

Additionally, many countries have banned their government agencies and their contractors and subcontractors from using other countries’ technologies. Reasons from general privacy to national security concerns are cited when banning these countries that are often hostile foreign powers. Examples of this practice include Canada prohibiting the transport of data outside the country by agencies via international cloud service providers; the US blacklisting Huawei mobile and networking devices and Kaspersky security software; and Germany banning Microsoft, Google, and Apple cloud services, to name just a few.

Finally, one glaring blind spot for data theft is in the IT asset disposition (ITAD) arena when IT assets are retired and when ITAD vendors of wildly varying legitimacy, competency and certification are engaged to process them. E-waste is the world’s fastest growing type of waste, and tons of data-bearing devices are being retired every day by consumers, corporations, and government agencies. ITAD vendors, among other things, are tasked and trusted to destroy such data before reselling the devices into secondary markets or physically destroying and recycling data drives or entire devices.

But it is important to recognize that improprieties can and do occur in the ITAD space, in fact there has already been one documented case of criminal convictions from a recycler. American recycling company, Total Reclaim Inc., was either reselling retired IT assets they were paid to destroy or “downstreaming” them to a company in Hong Kong for less expensive recycling, depending on whose version of events you believe, the owners or the prosecutors.

A complex relationship becomes more complex: enter China

Based on these many examples it’s clear that the relationship between ITAD, data destruction and responsible recycling is a complex one. But there is an even stranger disconnect to consider: What happens when major IT companies under foreign ownership are responsible for a growing amount of data belonging to U.S. corporations and worse, U.S. government agencies?

Two examples of this disconnect are USB Recycling and Green Tech Solution, U.S. subsidiaries of investment firm Tianjin Sheng Xin Non-Financing Guarantee Company based in Tianjin, China. In 2017 and 2018, the Chinese parent company invested almost $76 million into converting old textile plants in North and South Carolina into recycling plants, that are now focused on processing electronics such as old computers and mobile telephones bought from schools, industry, and big companies.

Recently, on November 18, 2019, USB Recycling announced that they’ve joined TERRA (The Electronics Reuse & Recycling Alliance) to provide electronics recycling options for residents of North Carolina, South Carolina and Virginia. This will allow USB Recycling to offer “secure data destruction services” to more than 14.6 million residents in 146 counties from their and Green Tech Solution’s facilities in the Carolinas.

Another larger, less obvious example is Ingram Micro, a distributor of information technology products owned by HNA Technology of China. In December 2016, Chinese company Tianhai Investment (now known as HNA Technology), acquired Ingram Micro in an all-cash transaction. During this leveraged buyout, the company borrowed a huge sum from the Agricultural Bank of China (ABC). ABC is also known as AgBank and is one of the “Big Four” banks in the People’s Republic of China. Founded in 1951, approximately 83% of ABC is owned by China’s Ministry of Finance, Central Huijin Investment Company and the National Social Security Fund.

It is not difficult to conclude that the Chinese government eagerly sought control of Ingram Micro, which was ranked 64th on the 2016 Fortune 500 list  with 33,000 employees, subsidiaries, and channel partners, which would give China access to a sizable global client base and IT infrastructure.  Since then, Ingram Micro has expanded its global ITAD services offering significantly, including the addition of new facilities and a recently announced channel partner program.

Read more in Telecom Reseller here.