The Threat

Overview

In 2015 the Chinese government launched the “Made in China 2025” plan and targeted 10 global industries which the country should dominate in 10 years (including information technology, pharmaceuticals, robotics, automobiles, strategic manufacturing etc.).  The Chinese are succeeding on executing their plan to date, gaining global market share for everything from phones and mobile services to telecommunications infrastructure for smart cites. Countries and firms around the world need to consider what this means for their local economies and industries.

National Security

There are numerous examples of Chinese actors penetrating American military and corporate networks to steal secrets.  In recent years, Chinese hackers stole or compromised design plans of the F-35 Joint Strike Fighter, C-17 transport plane, F-22 fighter jet, Patriot missile system and various naval platforms.  A growing number of Justice Department indictments have demonstrated how state-sponsored Chinese actors have led phishing campaigns to target U.S. government agencies as well as private sector aviation and aerospace firms.

A 2018 report by the U.S.-China Economic and Security Review Commission calls out the supply chain risks not just from Huawei and ZTE, but also Inspur, Legend Capital/Holdings, Lenovo, Lexmark, Lishen Power Battery Systems, Tianma Microelectronics, TPV Technology Ltd, Tsingua Holdings, and Shenzen Laibo HiTech Co. Ltd. These firms are reportedly involved with China’s military, nuclear, and/or cyberespionage programs. Products or services from these firms could present itself as a supply chain attack or fail through a compromised product, such as batteries, acoustic components, magnets, shielding materials, or cables and power connectors. Such information might even be shared outright in a corporate intelligence sharing agreement, whether voluntary or compelled as a requirement of doing business with the Chinese firm.

Similarly, the largest maker of computers, Lenovo, has been called out for its support from the Chinese government, access to state owned intellectual property, and reported links to Chinese state-led cyberespionage efforts. Notably, its products are banned by use of intelligence agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States (Five Eyes Countries) since the mid-2000s, when British military intelligence discovered “backdoors” and suspicious components in Lenovo products. Concerns about the company have been raised by the Department of State, US Navy, Department of Defense, and Department of Homeland Security.

ZTE was fined $1 billion by the Commerce Department for illegally trading with Iran and North Korea.

Intellectual Property Theft

A 2017 report by the bipartisan IP Commission concluded that Chinese theft of American intellectual property currently costs between $225 billion and $600 billion each year. In one high profile example, Huawei is currently under criminal indictment for stealing designs for T-Mobile’s testing robot, “Tappy,” which imitates a person using a phone and monitors phone metrics.  Huawei was already found guilty in a civil lawsuit in 2017.

IP theft has been a major issue for non-Chinese companies for many years. While China has taken some steps to protect intellectual property in China (notably since its own companies started to patent technologies), it still has a long way to meet the standard of the USA and most European countries.

Personal Privacy

There is increasing focus on personal privacy on internet platforms (search engines, social networks, ecommerce marketplaces etc), online services, and digitally connected devices. How digital personal information is used and protected is highly regulated in the European Union, and the United States is in the process of strengthening its framework.  China does not share the Western democratic tradition and its focus on individual rights, freedom of speech, due process, and so on. Consumers in the US and Europe buy many electronic products from China, and many of these products are connected to one’s mobile phone with Chinese software which collects personal data which is then stored and processed on servers in China. It is not clear whether and to what extent these products and services comply with US and EU privacy and data protection laws.

The backdoors and software on devices manufactured by Chinese companies can expose personal information and track online activity without a user’s knowledge.  One example is Lenovo installing “Superfish” software in as many as 750,000 personal computers between 2014 and 2015.

In 2017, The Federal Trade Commission and 32 state attorneys general settled with the company over charges that it harmed consumers by preloading software on some laptops that compromised security protections to deliver ads to consumers that they would not normally see. The software thwarted basic consumer protections by hijacking encrypted web sessions, allowing attackers to snoop on browser traffic and potentially steal sensitive data, such as banking and financial information.

Former FTC Acting Chair Maureen Ohlhausen explained, “It’s the online equivalent of someone intercepting your mail, opening it, reading it, closing it back up and then putting it back in your mailbox.” A security analyst called it “quite possibly the single worst thing I have seen a manufacturer do to its customer base.”  More recently, the company endured criticism for its Fingerprint Manager Pro, which potential exposed login credentials and fingerprints to hackers, and its Watch X, which sent unencrypted communications about user locations to a Chinese server.

The Chinese tech threats to national security, intellectual property, and personal privacy are real. Government, industry and consumers need to focus on these challenges.