On land Biden e Trump, who will meet face-to-face for the first time on Thursday evening, will be able to agree: the protection of computer data, especially from possible interference by China. Now that the march towards the US elections is starting to become more intense, every disruptive action is monitored and Chinese telecommunications companies have now come under the spotlight of the Biden administration: China Mobile, China Telecom and China Unicom are under investigation by the US Department of Commerce for risks arising from data exploitation.
The risk of sensitive US data leaking to China
The investigations, according to reports Reuters, were undertaken following fears that those communications companies could provide to the Chinese government i data collected collected through theirs cloud and internet activities in the United States. The companies still have a small presence in the United States, after the restrictions of the past: for example they supply cloud services and funnel US internet traffic. This allows them to access Americans' data, even after telecom regulators had banned them from providing telephone and internet services retail in the United States.
Washington has long been making every effort to prevent Beijing from exploiting Chinese companies' access to US data to harm companies, Americans or national security, as part of an ever-deepening technological war between geopolitical rivals.
US regulators have not yet made decisions on how to address the potential threat, two sources told Reuters. But, equipped with the authority to probe Internet services sold in the United States by companies from “foreign adversary” nations, the authorities they could block transactions that allow it to operate in data centers and route data to internet providers, the sources said. Blocking key transactions, in turn, could reduce Chinese companies' ability to offer competitive America-facing cloud and internet services to global customers, crippling their remaining U.S. businesses, experts and sources said. “They are our main global adversary and they are very sophisticated,” Doug Madory, an Internet routing expert at Internet analytics firm Kentik, told Reuters. “I think (US regulators) wouldn't feel like they were doing their job well if they weren't trying to protect every risk.”
China Telecom, China Mobile and China Unicom have long been in Washington's sights
The US Federal Communications Commission (FCC) in 2019, under President Trump, denied China Mobile's request to provide telephone services and revoked the licenses of China Telecom and China Unicom. The same was done in 2021 and 2022, under the Biden presidency. Last April, the FCC went further and banned the companies from providing services to broadband connection. An FCC spokesperson said the agency remains concerned, however.
One factor influencing the FCC's decision was a 2020 report from other US government agencies that recommended revoking China Telecom's license to provide telephone services in the United States. The report mentioned at least nine cases in which China Telecom had incorrectly routed internet traffic through China, putting it at risk of being intercepted, manipulated or blocked from reaching its intended destination. “China Telecom's operations in the United States ... offer Chinese government-sponsored actors the ability to disrupt and divert U.S. data and communications traffic,” authorities said at the time.
China Telecom has previously denied the government's allegations and told U.S. agencies that routing problems are common and occur on all networks. The telecommunications company sought to overturn the FCC's decision, but a U.S. Court of Appeals rejected its arguments, noting that the agencies presented “convincing evidence that the Chinese government can use Chinese IT companies as vectors for espionage and sabotage."
What are the access points? The cloud under the lens
Regulators fear that companies will gain access to personal informations and Intellectual Property stored in theirs cloud e provide them to the Chinese government o cut off Americans' access to them, two of the sources said.
The action of Chinese telecommunications companies extends deep within the infrastructure US Internet. According to its website, China Telecom has 8 American Points of Presence (PoPs) located at Internet exchange points, which allow large-scale networks to connect to each other and share routing information. China Telecom did not respond to requests for comment on its US PoPs. According to the FCC, there are “serious safety risks national and law enforcement” posed by PoPs if operated by companies that represent a risk to national security. In cases where China Telecom's PoPs reside at Internet exchange points, the company "can potentially access and/or manipulate data when it is on the preferred path for U.S. customer traffic," the FCC said in April.
Bill Woodcock, executive director of Packet Clearing House, the intergovernmental organization that deals with the security of critical Internet infrastructure, said that traffic passing through these points would vulnerable to metadata analysis, which can capture key information about the source, destination, size and delivery times of data. They could also enable deep packet inspection, where parties can glimpse the contents of the data, and even decryption. Commerce investigators are also examining the companies' U.S. cloud offerings, which were at the center of the Justice Department's 2020 referral into China Mobile, China Telecom and Alibaba, which sparked the investigations, according to the sources Reuters. The investigation was later expanded to include China Unicom, whose cloud business was small at the time of the referral.
Concern over a Californian data center owned by China Mobile
Commerce Department officials are particularly concerned about a data center partly owned by China Mobile in California's Silicon Valley, according to one of the sources. The reason for the government's specific interest in China Mobile's data center is not yet known, but ownership of a data center offers more opportunity to manipulate customer data, according to Bert Hubert, a Dutch cloud computing expert and former member of a board that regulates Dutch intelligence and security agencies. Hubert noted that ownership would make it easier to hack into customer servers at night, for example by installing backdoors to enable remote access or bypass encryption. These actions would be much more difficult in a data center with strict security policies, where the company simply rents the space. “If you have your own data center, you have a piece of China inside the United States,” he said.