We study the threats and problems of technology produced by the People’s Republic of China and suggest policy solutions to protect the security, privacy, and prosperity of the people of the United States. There are three categories of threats associated with the PRC information technology. These are:
- Malicious hardware, software, and components
- Data theft and exfiltration
- Unethical and illegal business practices.
ChinaTechThreat.com is a website owned and operated by Strand Consult, an independent company which has provided strategic research to the global mobile industry for more than 25 years. Strand Consult created ChinaTechThreat.com following its research on Huawei beginning in 2005. Strand Consult observes that the problems of PRC technology extend beyond a single company or entity and that policy to address problems related to Huawei require a greater understanding of the PRC and its practices. Simply put, restrictions on Huawei alone are neither a coherent policy nor sufficient to protect Americans’ privacy, security, and prosperity from the PRC. Policies to address these concerns need to account for how the PRC controls information technology and its set of practices around PRC-based firms. Given the interconnectedness of digital technologies, it is not just the networks themselves that are in question, but the devices attached to them and the services that run across them.
While the focus on PRC technology is long overdue, the discussion of network security is frequently oversimplified. Indeed, the singular focus on Huawei misses the fact that Huawei sells products for the other layers, and that many other Chinese state-owned firms should be scrutinized. For example, Baidu, WeChat, Alibaba, and Huawei in artificial intelligence and smart cities solutions in the applications layer; Huawei and ZTE in transport; and laptops by Lenovo, the world’s leading maker of laptops as well as a leader in servers.
While cyber threats stem from many countries, the overwhelming perpetrator is the PRC. It is important to focus on China because:
- Increasingly information technology products and services consumed in the US are developed and manufactured in the PRC
- The PRC and its many owned and affiliated entities conduct business with a set of practices antithetical to Western laws and norms of free and fair competition, privacy, and data protection.
- US companies working in and with China operate under unfair and unsafe conditions, if not illegal per international treaties. Notably PRC companies receive far better treatment abroad than US companies receive in China.
- The process to review the safety and security of IT products and services in the US is insufficient, poorly communicated, poorly monitored, and inconsistent across federal, state, and local jurisdictions.
We focus on the government of China, not the people of China
China Tech Threat brings attention to threats and risk of information technology (IT) produced by entities owned and affiliated with the government of People’s Republic of China (PRC). This is a specific set of problems with a specific set of solutions. Note that the government of the PRC is related to a system, a set of institutions, and an organized community called the Chinese Communist Party, the founding and sole governing political party of the PRC.
Fortunately, efforts to address PRC information technology threats can strengthen the ability of nations and firms to protect against threats from other countries; build alliances and greater trade among like-minded nations; and improve privacy, security, and prosperity for Americans.
Roslyn Layton, PhD
Co-founder, China Tech Threat
Roslyn Layton is an international technology policy expert with domain expertise in network analytics, internet, and mobile telecommunications. In addition to her work with China Tech Threat, she is Senior Vice President at Strand Consult and Visiting Researcher at Aalborg University’s Department of Electronic Systems, Center for Communication, Media and Information Technologies in Copenhagen, Denmark. She serves as the Program Committee Chair for the 49th Telecom Policy Research Conference and is a Senior Contributor to Forbes. She contributes to the security committee of the IEEE Future Networks.
Dr. Layton served on the US Presidential Transition Team for the Federal Communications Commission (FCC). She earned a Ph.D. in business economics with a focus on internet regulation from Aalborg University (her doctoral thesis measured mobile application innovation across countries, noting China’s rise), an M.B.A. from the Rotterdam School of Management (Netherlands), and a B.A. in international service from American University.
Co-founder, China Tech Threat’
CEO, Stand Consult
John Strand is global mobile telecom industry veteran, having described and predicted many important technological trends. For more than 25 years, he has published strategic research to help industry and policy leaders navigate an increasingly complex global landscape. See http://understandingmobile.com/