China Tech Threat applauds Senators Ted Cruz (R-TX) and Josh Hawley (R-MO) for the new bill Countering Chinese Attempts at Snooping (C-CAS) Act of 2020. The bill would prohibit the use of federal funds by the US government employing the use of information communication technology produced by Chinese technology companies. The bill makes a necessary and important advancement to counter Chinese government surveillance, espionage, theft, and sabotage perpetrated against the US. Here are China Tech Threat’s key takeaways and suggestions for the bill.
- The bill takes a comprehensive approach to China’s military-industrial fusion.
The threat of Chinese technology is far more than Huawei and ZTE, makers of telecom infrastructure equipment. The bill takes the necessary view to include software-based application and services and highlights the search engine Baidu, the social network Tencent, and ecommerce platform Alibaba. However, the bill would be remiss if it did not specify device companies such as Lenovo (the world’s largest maker of laptops) Dà-Jiāng Innovations (DJI), the leading maker of drones, and Xiaomi, a leading maker of smartphones.
While the American military leadership is employed by career soldiers, China’s civil-military fusion is fluid, with members of the bureaucracy and business being called upon as de facto military. This is enshrined with China’s Cybersecurity Law which allow the government to confiscate any data collected on Chinese information technology, and the Intelligence Law which compels any Chinese subject to spy on behalf of the government upon request.
- The bill will create an essential Do Not Use/Do Not Buy list.
A key cybersecurity challenge for users is knowing which products and services to avoid. In the same way as people expect Do Not Call/Do Not Track, they want an easy reference for vulnerable devices. Such a list would help the Department of Defense employees and contractors to whom the relevant information is not communicated, as China Tech Threat detailed in the report of $33 million in 2018 spent on restricted Lenovo computers and Lexmark printers.
The bill proposes that the Departments of Defense and State prepare such a list and update it periodically. However, there needs to be an independent measure to establish what makes a Chinese company owned and affiliated with the government. One idea is to include any company listed on the Hang Seng or “Red Chip” Index. By definition, these are firms that have a minimum 25 percent ownership of the Chinese Communist Party, but list on the Stock Exchange of Hong Kong to blur the connection to the party while accessing foreign capital. Chinese tech companies’ indices include the Hong Kong Red Chip Tech Index and the Shanghai Exchanges Star Market. However, some method would need to account for firms are not listed, like Huawei which purports to be employee owned, but is not.
The language of the bill needs to be clarified so that the restrictions apply not just to the purchase of technology but “use” of applications and services that do not require a fee. Such an update would be important to include many vulnerable Chinese apps such as TikTok, WeChat, QQ, TaoBao and so on.
- The bill should apply to federal and state employees.
The proposed bill will go a long way to protect some 4 million federal and military workers whose safety and privacy are at risk from use of Chinese devices, as their personal data can be siphoned to the Chinese government. However, there are also significant risks to 8 million employees at the state level as well as Americans themselves who are put at risk when their states use vulnerable equipment. China Tech Threat’s report “Stealing From the States: China’s Power Play in IT Contracts” provides a state-by-state analysis of the purchase of vulnerable equipment. It also observes how federal policy fails the states by not communicating the risk and providing inadequate defense, training and resources. As such, the bill should specify that no federal funding can go to state agencies which use said Chinese technology.
- The bill will help stop proliferation of vulnerable Chinese technology at the United Nations
The rise of China at the United Nations (UN) has been observed by many outlets. The country heads 4 of the 15 agencies of the global body, and its influence in others is on the rise, notably with the reported corruption between the Chinese government and the World Health Organization. The bill would require that if the United Nations does business with any of the organizations on the list, the US will decrease its funding by the same amount as the value of the UN’s contracts with that company. Cruz and Hawley are right to find meaningful ways to bring accountability to the UN, particularly as the US is by far its largest donor.
More largely, if Chinese vendors are supplying the UN, then there is no way that American communications within the organization can be secure. Reducing funding of specialized UN agencies should be explored in any event. Federal Communications Commission (FCC) Commissioner Mike O’Reilly details the many problems with the International Telecommunications Union, now under Chinese control with goals to replace the free and open internet with its state-centered model and drive the regulation of technology with Chinese Communist Party preferences. He proposes a G-7 model as an alternative. Roslyn Layton describes how private donations are on track to outpace government contributions for the World Health Organization, showing that decoupling from the organization can increase freedom and restore American stewardship over its public health, which was unwisely outsourced.