The US Department of Homeland Security has issued a stern warning to American businesses about using technology and services from Chinese companies. The new DHS Business Advisory is the latest escalation in tensions between the United States and China, amid ongoing accusations that Chinese companies – and those linked with the People’s Republic of China (PRC) – have been using their tech footprint to steal data from foreign companies.
“The PRC presents a grave threat to the data security of the U.S. government and U.S. businesses,” the DHS said in an announcement. “It has both the intent and ability to covertly access data directly through entities under the influence or jurisdiction of PRC laws, often without the knowledge or consent of the non-PRC businesses or institutions that maintain rights to the data.”
Of primary concern is the relationship that Chinese companies have with the country’s government. Previous allegations have accused such businesses of adding “backdoor” access so that China’s security apparatus can covertly access the data of foreign firms, or of routinely handing over that information. They’re claims companies like Huawei, ZTE, and others have stringently denied.
However, similarly of concern according to the DHS, are the rules that may – willing or otherwise – compel those Chinese companies to grant access. “This advisory highlights the persistent and increasing risk of PRC government-sponsored data theft due to newly enacted PRC laws that can compel PRC businesses and citizens – including through academic institutions, research service providers, and investors – to take actions related to the collection, transmission, and storage of data that runs counter to principles of U.S. and international law and policy,” the DHS explains.
It’s been a tough few years for Chinese tech firms trying to do business in the US. The Trump administration was quick to single out companies like Huawei, accusing them of effectively being PRC stooges at best, and outright collaborators with the Chinese government at worst. Huawei was placed on the so-called entity list, a blacklist of firms unable to deal with American businesses. In 2019, the US Department of Justice charged Huawei with fraud and sanctions violations, among other things.
Most recently, drone-maker DJI was added onto the entity list. TikTok faced pressure to divest itself, in part, to US ownership, in a high-profile spectacle that seemed to fizzle out as the Trump administration turned its attention to the election.
As for the DHS’ advice to American businesses, while general caution is advised, the agency flags “particularly sensitive” data that it says care should be especially taken over. That includes technology and data related to export-controlled products; intellectual property including trade secrets; biotech, genomic data, and medical test data; personally-identifiable and other sensitive information; and geolocation data.