Alexandra Alper
WASHINGTON (Reuters) – The Biden administration is investigating China Mobile (NYSE:), China Telecom (NYSE:) and China Unicom (NYSE:) over concerns the companies could exploit access to U.S. data through their cloud and internet businesses. in the USA, providing them. to Beijing, three sources familiar with the situation said.
The companies still have a small presence in the US, such as providing cloud services and routing wholesale US internet traffic. That gives them access to Americans’ data even after telecom regulators blocked them from providing telephone and retail Internet services in the United States.
The Chinese companies and their U.S. lawyers did not respond to requests for comment. The Justice Department declined to comment, and the White House referred questions to the Commerce Department, which declined to comment. The Chinese Embassy in Washington said it hopes the United States will “stop suppressing Chinese companies under false pretenses,” adding that China will continue to protect the rights and interests of Chinese companies.
Reuters found no evidence that the companies knowingly provided sensitive U.S. data to the Chinese government or committed any other wrongdoing.
The investigation is the latest effort by Washington to stop Beijing from using Chinese firms’ access to U.S. data to harm companies, Americans or national security as part of a deepening technology war between geopolitical rivals. This shows that the administration is trying to close any remaining avenues for Chinese companies, already targeted by Washington, to obtain US data.
Regulators have not yet decided how to address the potential threat, two of the sources said. But with the power to review Internet services sold in the U.S. by companies from “foreign hostile” countries, regulators could block transactions that allow them to operate in data centers and forward data to Internet service providers, the people said.
Blocking key transactions could in turn impair the ability of Chinese firms to offer competitive U.S. cloud and Internet services to global customers, hurting their remaining U.S. businesses, experts and sources say.
“They’re our biggest global adversary, and they’re very sophisticated,” said Doug Madory, an Internet routing expert at Internet analytics company Kentik. “I think (U.S. regulators) wouldn’t feel like they were doing their job if they weren’t trying to minimize every risk.”
ROUTING THROUGH CHINA
China Telecom, China Mobile and China Unicom have long been in Washington’s crosshairs. The FCC rejected China Mobile’s application to provide telephone services in 2019 and revoked China Telecom’s and China Unicom’s licenses to provide similar services in 2021 and 2022, respectively. In April, the FCC went further and banned companies from providing broadband services. An FCC spokesman said the agency stands by its concerns.
One of the factors influencing the FCC’s decision was a 2020 report from other US government agencies that recommended revoking China Telecom’s license to provide telephone services in the US. He cited at least nine cases in which China Telecom misrouted Internet traffic through China, putting it at risk of being intercepted, manipulated or blocked on its way to its destination.
“China Telecom’s U.S. operations… provide Chinese government-sponsored actors with the ability to disrupt and misdirect data and communications traffic into the U.S.,” authorities said at the time.
The telecommunications company sought to overturn the FCC’s decision, but a U.S. appeals court rejected its arguments, noting that the agencies presented “compelling evidence that the Chinese government can use Chinese information technology companies as vectors for espionage and sabotage.”
ACCESS POINTS, CLOUD UNDER CLOSE CHECK
The influence of Chinese telecom companies extends deep within the US internet infrastructure.
According to China Telecom’s website, China Telecom has 8 US Points of Presence (PoPs), which are located at Internet exchange points and allow large-scale networks to connect with each other and exchange routing information.
China Telecom did not respond to requests for comment about its U.S. points of presence.
According to the FCC, there are “serious national security and law enforcement risks” that PoPs pose when they are run by firms that pose a threat to national security. In cases where China Telecom’s PoPs are located at internet exchange points, the company “could potentially access and/or manipulate data where it is in the preferred path of U.S. customer traffic,” the FCC said in April.
Bill Woodcock, executive director of Packet Clearing House, an intergovernmental treaty organization responsible for the security of critical Internet infrastructure, said traffic passing through these points would be vulnerable to metadata analysis, which could gather key information about the source, destination, etc. d. data. size and delivery time. They can also provide deep packet inspection, where parties can view the contents of the data and even decrypt it.
Commercial investigators are also looking into the cloud offerings of companies in the US, which are the subject of a 2020 Justice Department probe into China Mobile, China Telecom and Alibaba (NYSE:), which prompted the investigation, the people said. The investigation was later expanded to include PoP and China Unicom, whose cloud business was small at the time of the inquiry, the two sources added. Alibaba did not respond to a request for comment.
Regulators worry that companies could access personal information and intellectual property stored in their clouds and provide them to the Chinese government or deny Americans access to them, two sources said.
Commerce Department officials are particularly concerned about one data center partly owned by China Mobile in California’s Silicon Valley, one of the people said.
China Mobile did not respond to requests for comment about the data center.
Reuters was unable to determine the reason for the government’s special interest in China Mobile’s data center, but ownership of it provides greater opportunity for mishandling of customer data, according to Bert Hubert, a Dutch cloud computing expert and former member of the board that regulates Dutch intelligence and security agencies. .
He noted that ownership would make it easier to interfere with customer servers at night, for example by installing backdoors to allow remote access or bypass encryption. These steps will be much more difficult in a data center with strict security policies, where the company simply rents space.
“If you have your own data center, you have your own unique piece of China in the U.S.,” he said.