DHS Warns Against IT Services, Equipment From Chinese Telecom Firms
The agency’s report names Chinese telecoms Huawei and ZTE specifically as threats to U.S. companies, service providers, and network operators.
The United States Department of Homeland Security (DHS) is warning American companies and government agencies against using data services and equipment from IT companies based in or linked to China.
The fifteen-page Data Security Business Advisory published Tuesday calls out embattled Chinese telecoms Huawei Technologies and ZTE Corp. specifically as threats to U.S. companies, service providers, and network operators.
“Practices that give the PRC [People’s Republic of China] government unauthorized access to sensitive data – both personal and proprietary – puts the U.S. economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a China-linked firm,” said Acting Secretary of Homeland Security Chad F. Wolf in the new business advisory.
[Related: DOJ Charges Huawei With Violating RICO Act, Conspiracy To Steal Trade Secrets]
The business advisory covers what the DHS refers to as the “persistent” and “increasing risk” of Chinese government-sponsored data theft as a result of new laws -- namely, the 2017 National Intelligence Law -- that can compel Chinese businesses and citizens, including academic institutions and research groups, to collect, transmit, and store data in some cases that go against principles of U.S. and international law and policy. The advisory said that Chinese firms that own and operate data centers, both within China and abroad, are subject to laws that require ”secret cooperation” with Chinese intelligence services, which could require these companies to share data with that government, even if those actions are illegal under the jurisdiction in which these firms operate.
China also has a new data security law set to come into play in 2021 that the advisory said will offer the government more surveillance powers.
For Huawei and ZTE, the advisory said that the Communist Party of China (CCP) subsidizes the use of hardware, software, and telecom infrastructure for the creation and operation of data centers, which allows the two Chinese telecoms to come to the global market with cheaper prices. “The spread of such equipment may even affect unwitting U.S. service providers (e.g., where intermediary contracted equipment suppliers have “rebranded” Huawei or ZTE equipment as their own for use in U.S. networks),” according to the advisory.
Both Huawei and ZTE aren’t strangers to accusations of compliance with the Chinese government and stealing trade secrets from other countries.
Huawei in February was charged by the U.S. Justice Department with violating the RICO (Racketeer Influenced and Corrupt Organization) Act and conspiracy to steal trade secrets from wireless giant T-Mobile. The company’s CFO Meng Wanzhou, a deputy member of Huawei’s board of directors, in December 2018 was arrested in Canada while transferring between flights in relation to Skycom in relation to the sale of HP products to Iran in violation of U.S. laws on sales to Iran.
ZTE, alongside Huawei, were designated as national security risks with the U.S. Federal Communications Commission (FCC) in 2019 voted unanimously to ban U.S.-based telecom providers from using an $85 billion government subsidy program, the Universal Service Fund (USF) to buy equipment or services from the two Chinese telecom providers.
The DHS warns that joint IT projects with Chinese firms won’t be safe from data being shared inappropriately, and named Chinese-made mobile app TikTok and even fitness trackers as a risk because the Communist Party could potentially harvest data from these services.
“Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC,” the advisory said.