In 2008 Brian Shields made a disturbing discovery. The security adviser to Nortel Networks, which would soon file for bankruptcy, had been investigating just how badly the company’s internal systems had been infiltrated by hackers. It couldn’t have been much worse—the hackers had even accessed the files of the company’s CEO, Mike Zafirovski. A group based in China, according to Shields, had been rifling through Nortel’s confidential material for about a decade, making off with proprietary information. His attempts to warn his superiors about the extent of the problem, he’s said, were mostly brushed aside. Shields went public about the extent of hacking at Nortel last year, speaking with the Wall Street Journal and then others, and has since given many talks at security conferences about the ordeal. He’s not shy about blaming the widespread hacking plot for contributing to the company’s demise, pointing out that China’s Huawei Technologies arose as a serious competitor soon afterward. (Huawei has repeatedly rejected any connection as false.)
The hacking at Nortel isn’t unique. In recent years Coca-Cola has been infiltrated by a group of hackers connected to the People’s Liberation Army in China, according to Mandiant, a security firm. The company said more than 100 of its clients had information stolen, and other companies, such as Google, have been vocal about similar problems. With each new revelation, governments must take these long-simmering risks more seriously. Which helps to explain a recent bombshell decision by Industry Minister James Moore: in a brief press release, the government announced that after conducting a national security review, it would not allow the proposed sale of Allstream, a division of Manitoba Telecom Services, to Accelero Capital Holdings. The only explanation for quashing the $520-million deal was a cryptic reference to a fibre-optic network operated by Allstream that services governments. Naguib Sawiris, the man behind Accelero, is based in Egypt and has business interests in North Korea, which may have raised red flags.
The rejection demonstrates just how important national security concerns are becoming in mergers and acquisitions, and how they crash headlong into the federal government’s stated openness to foreign investment. Nowhere is this tension greater than when telecommunications equipment is involved. It provides a gateway to track phone calls, e-mails, documents—essentially all kinds of data that reveal what a government or a company is up to. While 20 years ago protecting sensitive military outposts was necessary to deal with threats from other countries, safeguarding digital information is just as important today. So far, the government’s attempt to juggle security and foreign investment has only resulted in confusion. Sawiris, for one, has had it. “I am finished with Canada,” he told an English-language Egyptian news website recently. “The world is big, and my money can go anywhere.” With BlackBerry now courting bidders, finding a balance has never been more crucial. Erring in either direction could cost the country billions in either lost deals or lost intellectual property. Just a few careful tweaks to current vetting policies could be make-or-break for deals in the future.
In fairness to the government, concerns about espionage are justifiable. The explosion in electronic communication technology has facilitated spying on a level never seen before. Even Canada may have been surveilling the energy and mining ministry in Brazil for economic reasons. Not even the U.S. military is properly equipped to deal with the threat, according to the head of the U.S. Cyber Command. “The platform we have today is not defensible,” Gen. Keith Alexander told a Washington audience. “I would guarantee you that the adversary could penetrate it, and it’d take us months to find it.”
In security circles, China and Russia, countries where industry and governments are closely aligned, are said to be particularly aggressive at trying to infiltrate corporate networks in search of proprietary technology. “They take the view that spying on commercial interests is simply good sport. And if those companies are not smart enough to protect their intellectual property, well, shame on them,” says Ray Boisvert, a former assistant director at Canadian Security Intelligence Service and now CEO of a private security firm. “There’s an increasing number of countries doing this because they’ve gained the capability.” Western countries are believed to engage in the practice, too. A Wikileaks diplomatic cable from 2009 quotes the head of a German satellite company complaining that France is the “evil empire” when it comes to stealing technology. Industrial espionage conducted by France is “so bad that the total damage done to the German economy is greater than that inflicted by China or Russia,” said the executive.
Operation: Brazil Nuts
Was CSEC really conducting industrial espionage for Canadian corporations?
Check out the full story
Despite the prevalence of threats, Canada has been lax playing defence. A report from the auditor general last fall pointed out that since 2001 the government had made numerous commitments to shore up its critical infrastructure against cyber threats, but “the progress in achieving these commitments has been slow.” The government pledged to build relationships with the operators of critical infrastructure—be it in telecom or the energy sector—to share information and offer technical support. “The government has made little progress in building these partnerships,” the report concluded. The Canadian Cyber Incident Response Centre, set up by the government in 2005 to offer advice on mitigating threats, was criticized for not operating 24 hours a day, as originally planned. (Perhaps they assume hackers only work nine to five.)
But the government has been aggressive in ensuring certain assets don’t fall into what it views as the wrong hands. In 2008 it nixed the $1.3-billion sale of a division of MacDonald, Dettwiler and Associates to an American firm. The government didn’t reveal the reasons for its decision, but politicians had fretted that some of MDA’s satellites were used to monitor Canada’s sovereignty in the north, and didn’t want that responsibility turned over to a foreign company.
The following year, the government even amended the Investment Canada Act to include a new provision for national security. The government now has the authority to block any deal—regardless of the size, and even if the foreign investor is not acquiring majority control—if the transaction is found to weaken national security. As for what exactly constitutes such an issue, the act doesn’t say. “In terms of clarity and transparency, there really is very little right now,” says Oliver Borgers, a partner in the competition law group at McCarthy Tétrault. “But if a national security review is formally launched, that’s a very bad sign for the deal.”
The process can vary widely. The government may receive confidential information from intelligence agencies like CSIS or Communications Security Establishment Canada, and not necessarily inform either party what the issues are. There may be no opportunity for investors to even attempt to salvage the deal. National security reviews are rare, and it’s unclear how many acquisitions have been spiked as a result. Lawyers say if it looks like a deal is going to be rejected, the foreign investor might choose to simply walk away rather than be branded a security risk. That may have been the case with VimpelCom, a Netherlands-based company whose biggest shareholder is a Russian oligarch, when it attempted to buy Wind Mobile. After Industry Canada dragged out its takeover review for months, VimpelCom backed out in June.
Anthony Lacavera, CEO of Wind, says he doesn’t know if national security concerns led to VimpelCom’s decision, but he is troubled by the government’s rejection of Allstream’s sale to Accelero. “It sends a very bad message to foreign investors,” he says. “As an entrepreneur trying to raise capital abroad, you’re just putting a lot of nails in my coffin.” Lacavera brought Sawiris to Canada in the first place, when Sawiris invested nearly $1 billion to back Wind through his company, Orascom Telecom, a few years ago. The deal was subjected to a lengthy review process, and Sawiris was given the green light. The federal government was so desperate to see competition in telecom that it even overruled the Canadian Radio-television and Telecommunications Commission when the regulator decided the transaction didn’t comply with foreign ownership rules. To see the same government change its mind about Sawiris, without explanation, is discouraging, Lacavera says.
The move is particularly perplexing because the government has spent five years trying to bring more competition to telecom. While Allstream is outside of the consumer realm, had Sawiris acquired it, he theoretically could have combined it with Wind. That company then would have had a shot at becoming the fourth national carrier the Conservatives desire. “I just don’t see how a foreign carrier could look at how the government talks the talk, but when push comes to shove on this issue, doesn’t walk the walk, and not decide Canada is something best given a pass,” says Michael Geist, a law professor at the University of Ottawa.
But given the nature of Allstream’s business, it’s not hard to imagine legitimate security concerns arising. Nor is it unusual for the government not to disclose its reasons, since the information could be confidential. “The Canadian government is not out of line in doing national security reviews,” says Anthony VanDuzer, a law professor at the University of Ottawa who focuses on international trade and investment. The process isn’t really more opaque than in other countries, either. However, there are steps the government can take to lessen the uncertainty for investors, while still remaining vigilant on security. For starters, it could provide a bit more clarity about what could cause a national security issue. Other countries have at least offered hints. U.S. legislation, for instance, references “major energy assets,” as well as individuals or companies from countries that “comply with any boycott of Israel.”
An even better option would be to create a new process allowing investors to submit a proposed deal and have the government quickly sign off on whether the transaction would raise security concerns, before the two parties progress any further. The Canadian Bar Association recommended such a procedure prior to the amendment of the Investment Canada Act in 2009, arguing it would lead to “greater predictability and transparency.” The U.S. already has pre-closing clearance, as the review is called, but Canada opted not to implement it. Lawyers and advisers just have to work harder to anticipate potential issues. “We do need to engage national security experts to help us give complete and proper advice to clients,” Borgers says.
As it stands, foreign investors can still be blindsided by regulatory decisions with very real consequences for businesses. MTS, for example, is stuck with Allstream, an asset for which there is currently no other buyer. There will be more such instances down the road, now that BlackBerry is up for sale. The company operates an ultra-secure network that handles sensitive data for corporations and governments around the world. Lenovo Group, based in China, is reportedly interested in buying the entire company. But Lenovo would have a very difficult time passing a national security review, given the government’s new-found focus on the issue. It is “very important” that any transaction not raise security concerns, Prime Minister Stephen Harper recently told Bloomberg. Because BlackBerry provides extensive services for American businesses and government bodies, such a deal would also be subject to approval from the Committee on Foreign Investment in the U.S., a government panel that examines national security risks. The unfortunate consequence is that the pool of realistic bidders for BlackBerry, a troubled company in need of new owner, is smaller than it would be otherwise.
Global investment and trade has never been more robust, but security concerns will serve as a barrier. National interest, no matter how shifting and ill-defined, will always come first.