Biden Administration Investigates Chinese Telecoms Over Potential Data Exploitation in the US

Recent reports indicate that the Biden administration is conducting an investigation into China Mobile, China Telecom, and China Unicom. The probe is centered around concerns that these companies may have the ability to exploit access to American data through their U.S. cloud and internet businesses, by potentially providing it to Beijing. Sources familiar with the matter have shared this information under the condition of anonymity.

Commerce Department's Inquiry

The investigation is being led by the Commerce Department, and it has been revealed that the department has subpoenaed the state-backed companies. Additionally, it has completed "risk-based analyses" of China Mobile and China Telecom. However, the probe into China Unicom is not as advanced as the investigation into the other two companies.

Despite their limited presence in the United States, these Chinese firms provide cloud services and route wholesale internet traffic. This grants them access to American data, even after being barred from providing telephone and retail internet services in the country by telecom regulators.

Response from Concerned Parties

When approached for comments, the Chinese companies and their U.S.-based lawyers did not respond. The Justice Department declined to comment, and the White House referred questions to the Commerce Department, which also declined to comment. The Chinese Embassy in Washington expressed the hope that the United States will "stop suppressing Chinese companies under false pretexts" and added that China will continue to defend the rights and interests of Chinese companies.

Investigation Findings

Although no evidence has been found to suggest that the companies intentionally provided sensitive U.S. data to the Chinese government, the investigation is part of a series of efforts by Washington to prevent potential harm to American companies, individuals, and national security as a result of Chinese firms' access to U.S. data.

Regulatory Decisions and Potential Threats

Regulators are yet to make decisions on how to address the potential threat posed by these Chinese telecom firms. However, they have the authority to probe internet services sold into the U.S. by companies from "foreign adversary" nations. This could potentially lead to blocking transactions allowing the Chinese companies to operate in data centers and route data for internet providers.

Blocking key transactions could significantly impact the ability of these Chinese firms to offer competitive American-facing cloud and internet services to global customers, potentially crippling their remaining U.S. businesses. Experts and sources have emphasized the significance of addressing these risks posed by Chinese telecom firms.

Previous Actions Against Chinese Companies

China Telecom, China Mobile, and China Unicom have been under scrutiny in Washington for some time. The FCC denied China Mobile's application to provide telephone service in 2019 and revoked China Telecom and China Unicom's licenses to do the same in 2021 and 2022 respectively. In April, the FCC barred the companies from providing broadband service, citing concerns over national security risks.

Concerns over U.S. Operations

One major factor in the FCC's decision was a 2020 report from other U.S. government agencies that highlighted instances where China Telecom misrouted internet traffic through China, posing risks to the data and communications traffic of the United States.

The reach of the Chinese telecom companies extends deep inside the U.S. internet infrastructure. According to the FCC, there are "serious national security and law enforcement risks" posed by Points of Presence (PoPs) when operated by firms that pose a national security risk. China Telecom has been found to have 8 American PoPs at internet exchange points, raising concerns about potential vulnerabilities in the flow of internet traffic.

Security Implications

Industry experts have emphasized the vulnerability of traffic flowing through these points, highlighting the risks of metadata analysis, accessing data contents, and decryption. The potential security implications have raised concerns among regulators and security experts.

Furthermore, the Commerce Department's investigation also covers the U.S. cloud offerings of the Chinese telecom firms. Regulators are concerned that these companies could access personal information and intellectual property stored in their clouds and provide it to the Chinese government, or disrupt Americans' access to it.

Specific Concerns

The Commerce Department officials have expressed particular concerns about a data center part-owned by China Mobile in California's Silicon Valley. Ownership of such a data center could potentially enable mishandling of client data, raising security concerns.

Experts in the field have highlighted the potential risks associated with the ownership of data centers, emphasizing the possibility of unauthorized access and manipulation of client data. The ownership of a data center, as opposed to leasing space, presents unique security challenges.

As the investigation into these Chinese telecom firms continues, the implications for U.S. national security and data protection remain at the forefront of regulatory actions.