The Department of Homeland Security issued a business advisory warning to American businesses about the risks of using data services and equipment from firms associated with China.
This advisory cites the increasing risk of government-sponsored data theft due to newly enacted laws in China that can compel Chinese businesses and citizens to collect, transmit, and store data in ways that run counter to the U.S. and international law and policy. For example, the laws require companies to store data within Chinese borders and turn over routine data to the government under the pretense of national security. The advisory also highlights China’s history of manipulation, misuse, and exploitation of that data.
“For too long, U.S. networks and data have been exposed to cyber threats based in China which are using that data to give Chinese firms an unfair competitive advantage in the global marketplace,” Acting Secretary of Homeland Security Chad Wolf said. “Practices that give the PRC government unauthorized access to sensitive data – both personal and proprietary – puts the U.S. economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”
Any person or entity that chooses to procure data services and equipment from certain Chinese government-linked firms, or store data on software or equipment developed by such firms, should be aware of the potential economic, reputational, and, in certain instances, legal, risks of doing so.