The U.S. Department of Homeland Security (DHS) issued a warning on Tuesday to American businesses about data security risks from Chinese communications equipment and services.
The 15-page advisory warns U.S. companies about the threat of data theft through partnerships with Chinese companies. China’s state-owned entities are known to share information and technology with the country’s government and military, and a 2017 national intelligence law requires Chinese businesses to support the country’s intelligence operations—which include gathering data on U.S. citizens.
The Chinese government “has both the intent and ability to covertly access data directly through entities under the influence or jurisdiction of [the People’s Republic of China] laws, often without the knowledge or consent of the non-PRC businesses or institutions that maintain rights to the data” the memo states.
The PRC presents a “grave threat” to the data security of the U.S. government and American businesses, it adds. “This advisory highlights the persistent and increasing risk of PRC government-sponsored data theft due to newly enacted PRC laws that can compel PRC businesses and citizens – including through academic institutions, research service providers, and investors – to take actions related to the collection, transmission, and storage of data that runs counter to principles of U.S. and international law and policy.”
The advisory encourages U.S. companies that choose to conduct business with Chinese counterparts to reduce the amount of data stored in China, step up protections of proprietary information and bolster the terms of service agreements. “Practices that give the PRC unauthorized access to sensitive data – both personal and proprietary – put the U.S. economy and businesses at direct risk for exploitation,” acting Homeland Security Director Chad Wolf said in a statement. “We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”