US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

Written by

The US government has urged domestic businesses not to invest in Chinese IT kit or data services over fears companies there will be coerced by the Communist Party into enabling cyber-espionage.

The business advisory from the Department of Homeland Security (DHS) clarified what many have known for some time: that the People’s Republic of China (PRC) is on a mission to become self-sufficient in technology and a global tech superpower over the coming decades.

A key part of this strategy is to steal intellectual property from foreign firms and governments. The same tactic is used to enhance the PRC’s military capabilities, the advisory noted.

Local Chinese firms are compelled to covertly assist intelligence officers according to the requirements of the 2017 National Intelligence Law (aka the Cybersecurity Law), and an updated version in 2020 which is designed “to force foreign markets to remain open to Chinese data services providers.”

A third law from 2020 requires foreign commercial crypto firms to provide encryption keys to the PRC government.

Together, these make Chinese tech firms a bad bet for US businesses, because they mean the state can force local providers to send customer data and encryption keys to Beijing, and install backdoors in equipment, the advisory argued.

“The PRC’s data collection actions result in numerous risks to US businesses and customers, including: the theft of trade secrets, of intellectual property, and of other confidential business information; violations of US export control laws; violations of US privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to US businesses,” it said.

The warning extends to fitness trackers, mobile applications and even foreign data centers built with Chinese equipment, among other things.

It can be seen in the context of a bipartisan crackdown on perceived abuses by China that have been ongoing for years, as the Asian giant seeks to grow its economic, technological and military strength.

Most recently, legislation has passed the Senate designed to prevent Chinese firms listed on US stock exchanges from escaping regulatory scrutiny, as they have for over a decade, and — just this week — to punish foreign firms looking to steal American IP.

What’s hot on Infosecurity Magazine?