On Thursday, China Tech Threat released a report rife with new research into how 28 U.S. states have created massive vulnerabilities for their citizens by purchasing at least $230 million worth of technology made by Chinese-owned and operated companies Lexmark and Lenovo since 2015.
While the Chinese Communist Party (CCP) is capable of exploiting many kinds of technology to spy on Americans, steal from them, or commit cyberattacks, Chinese companies are especially dangerous because of the CCP’s 2017 National Intelligence Law, which obligates Chinese companies to turn over any information Beijing demands. That puts Americans’ financial, personal, and health data at risk, in addition to sensitive organizational and government data.
The report’s three key findings are as follows:
- Chinese companies that have been banned or restricted from U.S. military and national security networks – e.g. Lenovo, Lexmark, Hikvision, and DJI – can still contract with state governments. Lexmark and Lenovo can access sensitive personal and financial information held by courts, police departments, elections departments, education departments, children and family services, and other social service providers and agencies. In the case of Hikvision and DJI, they can also collect facial recognition and critical infrastructure data.
- Despite escalating threats from China and greater awareness of national security vulnerabilities at the state level, state government contracts and purchases from Lexmark and Lenovo have continued, and in some cases increased significantly since China Tech Threat issued its first state contracts report in 2020.
Our latest review of contract information and public databases from 28 states found that states have cumulatively awarded a total of $230 million worth of contracts for Lexmark or Lenovo since 2015, with individual states spending as much as $47 million.
It is not just the volume of purchases that are of concern, but the types of state agencies using them. Numerous state government offices responsible for stewarding sensitive personal information have wired products made by Chinese-owned or operated companies into their networks. To give a few examples, the Delaware Department of Elections, the Hawaii Department of Taxation, and the South Dakota Department of Emergency Management have all used products by Lexmark or Lenovo. - Actions such as Georgia Senate Bill 346 and Florida Executive Order 22-216 have inaugurated a new wave state government action to ban Chinese ICTS (information and communications technology systems) from state government contracts. 2023 is poised to be a transformative year for states tackling Chinese tech threats.
Read the entire report here.