By Alexandra Alper
WASHINGTON (Reuters) – The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns that the companies could exploit access to U.S. data through their U.S. cloud and internet businesses by providing it to Beijing, according to a statement three sources familiar with the matter.
Authorities from the Commerce Department are conducting the investigation, which has not previously been reported. They have subpoenaed the state-backed companies and completed “risk-based analyses” of China Mobile and China Telecom, but have not progressed as far in their investigation into China Unicom, the people said, declining to be named because the investigation is not is public. .
The companies still have a small presence in the United States, for example by offering cloud services and routing large-scale American Internet traffic. That gives them access to Americans’ data, even after telecom regulators barred them from offering telephone and retail Internet services in the United States.
The Chinese companies and their U.S.-based lawyers did not respond to requests for comment. The Justice Department declined to comment and the White House referred questions to Commerce, which declined to comment. The Chinese embassy in Washington said it hopes the United States “will stop suppressing Chinese companies under false pretenses,” adding that China will continue to defend the rights and interests of Chinese companies.
Reuters found no evidence that the companies deliberately provided sensitive U.S. data to the Chinese government or committed any other misconduct.
The investigation is Washington’s latest attempt to prevent Beijing from abusing Chinese companies’ access to U.S. data to harm businesses, Americans or national security, part of a deepening technology war between the geopolitical rivals. It shows the administration is trying to close off any remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.
Regulators have not yet made any decisions on how to tackle the potential threat, two of the people said. But, equipped with the power to investigate Internet services sold in the U.S. by “foreign adversary” companies, regulators can block transactions that allow them to operate in data centers and route data to Internet service providers, the sources said.
Blocking key transactions could in turn damage Chinese companies’ ability to offer competitive, America-focused cloud and internet services to global customers, crippling their remaining U.S. businesses, experts and sources say.
“They are our main global adversary and they are very sophisticated,” said Doug Madory, an Internet routing expert at Internet analytics firm Kentik. “I don’t think U.S. regulators would feel like they were doing their job if they didn’t try to support every risk.”
ROUTE THROUGH CHINA
China Telecom, China Mobile and China Unicom have long been in Washington’s crosshairs. The FCC rejected China Mobile’s application to provide phone services in 2019 and revoked the licenses of China Telecom and China Unicom to do the same in 2021 and 2022, respectively. In April, the FCC went further and banned the companies from providing broadband services to offer. An FCC spokesperson said the agency supports his concerns.
One factor in the FCC’s decision was a 2020 report from other U.S. government agencies that recommended revoking China Telecom’s license to provide U.S. phone services. It cited at least nine cases in which China Telecom misdirected internet traffic through China, putting it at risk of being intercepted, manipulated or blocked from reaching its intended destination.
“China Telecom’s U.S. operations provide opportunities for Chinese government-sponsored actors to disrupt and misdirect U.S. data and communications traffic,” authorities said at the time.
China Telecom has previously denied the government’s allegations, telling U.S. agencies that routing problems are common and occur on all networks.
The telecom company tried to reverse the FCC decision, but a U.S. appeals court rejected its arguments, noting that the agencies presented “compelling evidence that the Chinese government could use Chinese information technology companies as vectors of espionage and sabotage.”
ENTRY POINTS, CLOUD UNDER INVESTIGATIONS
The reach of Chinese telecom companies extends deep into the American internet infrastructure.
According to its website, China Telecom has eight U.S. Points of Presence (PoPs) located at Internet exchange points, allowing large-scale networks to connect and share routing information.
China Telecom did not respond to requests for comment about its US-based PoPs.
According to the FCC, PoPs pose “serious national security and law enforcement risks” when operated by companies that pose a national security risk. In cases where China Telecom’s PoPs are located in Internet exchange points, the company “may be able to access and/or manipulate data where it is on the preferred path for U.S. customer traffic,” the FCC said in April.
Bill Woodcock, executive director of Packet Clearing House, the intergovernmental treaty organization responsible for the security of critical internet infrastructure, said the traffic flowing through these points is vulnerable to metadata analysis, which can capture important information about its origin, destination and the scope and time of delivery. They can also enable deep packet inspection, where parties can get a glimpse of the data’s contents, and even decryption.
Trade investigators are also examining the companies’ U.S. cloud offerings, the focus of the Justice Department’s 2020 referral of China Mobile, China Telecom and Alibaba that prompted the investigations, the people said. The investigation was later expanded to include PoPs and China Unicom, whose cloud businesses were small at the time of the referral, two people added. Alibaba did not respond to a request for comment.
Regulators fear the companies could gain access to personal information and intellectual property stored in their clouds and provide it to the Chinese government or disrupt U.S. access to it, two sources said.
Commerce Department officials are particularly concerned about a data center partly owned by China Mobile in California’s Silicon Valley, one of the sources said.
China Mobile did not respond to requests for comment about the data center.
Reuters could not determine the reason for the government’s specific interest in China Mobile’s data center, but owning a data center offers greater opportunities to mishandle customer data, said Bert Hubert, a Dutch cloud computing expert and former member of a board that supervises the Dutch intelligence and intelligence services. security services.
He noted that ownership would make it easier to meddle with customers’ servers at night, for example by installing backdoors to allow remote access or bypass encryption. These actions would be much more difficult in a data center with strict security policies, where the company only rents space.
“If you have your own data center, you have your own unique piece of China within the US,” he said.
(Reporting by Alexandra Alper; additional reporting by Casey Hall; Editing by Chris Sanders and Anna Driver)
