Skip to main content

IBM allowed the Chinese government to review its source code

IBM allowed the Chinese government to review its source code

Share this story

IBM has agreed to let the Chinese government review the source code of a number of its products, according to a new report by The Wall Street Journal. For IBM, it's part of a larger move into the Chinese market, assuring officials that its products are secure before taking on more contracts within the country. The Chinese government has been increasingly interested in code review in recent years, although the request has usually been rebuffed by US companies with the support of the Obama administration. IBM appears to be the first company to agree to the recent demands.

Source code has been a traditional sticking point for software companies looking to enter the Chinese market. The Chinese government has long been concerned about backdoors installed by US intelligence agencies, and sees source code review as a way to ensure the software is working as promised. At the same time, Chinese companies have a long history of trade-secret theft, often with tacit government approval. Earlier this month, The New York Times reported an attack targeting the technology behind Samsung Pay, linked to a Chinese group.

As a result, US companies have resisted government-led code review in favor of alternative systems, although many of the alternatives have been equally fraught. Skype opted to create a separate Chinese-run version of its software, known as Tom Skype, but faced severe criticism for potentially exposing users to surveillance by the Chinese government. Skype shuttered the program in November of 2013.

IBM's code review took place in a secure room, ensuring that it could be analyzed but not copied en masse. It also was confined to a fairly brief period of time, leading to speculation that the offer may have been more of a symbolic gesture than a practical opportunity to detect backdoors in the software. Still, there's real concern that insights from the code review could be used to compromise the software in other instances in the future.