The Department of Homeland Security has today published a report saying US companies should avoid “data services and equipment” from companies in China. The 15-page report says that businesses are exposing “themselves and their customers to heightened risk” when dealing with the People’s Republic. That includes sharing data flows to servers and companies in the country, as well as using devices created by companies with “an ownership nexus in the PRC.”
Broadly speaking, the report repeats the two major objections that US officials have raised about US companies using Chinese technology. Firstly, that the country’s new legal regime can order people to divulge confidential information to officials. Secondly, that Chinese companies which benefit from the government’s financial and technical support cannot be seen as neutral. The risk that officials can quietly order the inclusion of backdoors or easily exploited vulnerabilities make government surveillance easy.
“Stolen intellectual property,” adds the document, has been “essential” to bolstering the technical knowledge and capabilities of the People’s Liberation Army. And as well as stolen knowledge, the report says that China uses its growing technological footprint to monitor opposition figures and dissidents. It cites the example of a Huawei-built, China-funded data center in Papua New Guinea which, when finished, was described by Data Center Dynamics as being built with “glaring errors that opened the facility up to spying.”
As ZDNet reports, this is another in a series of pronouncements from acting DHS chief Chad F. Wolf, who on Monday said that China was a “clear and present danger” to democracy. That story also quotes FBI Director Christopher Wray from the summer, who said that around half of its counterintelligence cases are related to China. While the new administration will look to put its own people in leadership positions, it may be the case that they’re singing from the very same sheet.