Citing sources, Reuters reported that the United States is investigating China Telecom and China Mobile for network and cloud risks.

China mobile billboard

Peter Parks | AFP | Getty Images

The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the companies could provide U.S. data to Beijing through their U.S. cloud and network operations, three people familiar with the matter said.

U.S. Commerce Department authorities are investigating and have not previously reported. They have subpoenaed state-backed companies and completed “risk-based analyses” China Mobile and China Telecombut were less advanced in their exploration China UnicomThe people spoke on condition of anonymity because the investigation is not public.

The companies’ U.S. operations remain small, such as providing cloud services and routing wholesale U.S. Internet traffic. This allows them to access Americans’ data even if telecommunications regulators ban them from providing telephone and retail Internet services in the United States.

The Chinese companies and their U.S.-based lawyers did not respond to requests for comment. The Justice Department declined to comment and the White House referred questions to the Commerce Department, which declined to comment. The Chinese Embassy in Washington said it hopes the U.S. will stop suppressing Chinese companies under false pretexts, adding that China will continue to defend the rights and interests of Chinese companies.

Reuters found no evidence that the companies knowingly provided sensitive U.S. data to the Chinese government or committed any other type of misconduct.

How the escalating U.S.-China tech war will hurt U.S. companies

The investigation is the latest effort by Washington to prevent Beijing from using Chinese companies to gain access to U.S. data to harm companies, Americans or national security, and is part of a deepening tech war between geopolitical rivals. That suggests the administration is trying to shut down any remaining access to U.S. data for Chinese companies that have been targeted by Washington.

Regulators have not yet made a decision on how to respond to the potential threat, two people familiar with the matter said. But with the power to investigate Internet services sold to the United States by companies from “foreign hostile” countries, regulators can block transactions that would allow them to operate in data centers and transmit data for Internet providers, sources said.

Blocking key deals could in turn weaken Chinese companies’ remaining U.S. operations by reducing their ability to offer competitive U.S.-oriented cloud and network services to global customers, experts and sources said.

“They are our main global adversaries and they are very sophisticated,” said Doug Madory, a network routing expert at network analytics firm Kentik. “I think (U.S. regulators) will not feel like they are doing their best if they don’t try to contain all risks. own responsibilities.”

Routes through China

China Telecom, China Mobile and China Unicom have long been in Washington’s crosshairs. The FCC rejected China Mobile’s application to provide telephone services in 2019, and revoked the licenses of China Telecom and China Unicom to provide telephone services in 2021 and 2022 respectively. In April, the FCC further banned the companies from providing broadband services. An FCC spokesman said the agency stood by its concerns.

One factor in the FCC’s decision was a 2020 report from other U.S. government agencies that recommended revoking China Telecom’s license to provide U.S. phone service. The report cited at least nine examples of China Telecom misrouting network traffic in China, putting it at risk of being intercepted, manipulated or prevented from reaching its intended destination.

“China Telecom’s U.S. operations … provide Chinese government-sponsored actors with opportunities to disrupt and misdirect U.S. data and communications traffic,” authorities said at the time.

China Telecom has previously denied the government’s accusations and told U.S. agencies that routing problems are common and occur on all networks.

The telecom company tried to overturn the FCC’s decision, but a U.S. appeals court rejected its argument, noting that the agencies presented “compelling evidence that the Chinese government may use Chinese information technology companies as vectors for espionage and sabotage.” .

Access points, cloud under scrutiny

Chinese telecom companies have deep reach into U.S. network infrastructure.

China Telecom has eight points of presence (PoPs) in the United States, which are located at Internet exchange points, allowing large networks to connect to each other and share routing information, according to its website.

China Telecom did not respond to a request for comment on its U.S. PoP.

David Shen of the United States: China’s policies are causing disruption to other parts of the world

According to the FCC, “serious national security and law enforcement risks” arise when PoPs are operated by companies that pose national security risks. The FCC said in April that if China Telecom’s PoPs resided at network exchange points, the company “could potentially access and/or manipulate data along the preferred path of U.S. customer traffic.”

Bill Woodcock, executive director of the Intergovernmental Treaty Organization Packet Clearinghouse, which is responsible for the security of critical network infrastructure, said traffic flowing through these points is vulnerable to metadata analysis, which can capture information about the source, destination, size of the data. and delivery time. They may also allow deep packet inspection, where parties can see the contents of the data and even decrypt it.

Commerce Department investigators are also looking into the companies’ U.S. cloud services, which was the focus of the Justice Department’s 2020 transfer of China Mobile, China Telecom and Alibaba, the people said, and triggered the investigation. The probe was later expanded to include PoP and China Unicom, which had small cloud operations at the time of the investigation, two people familiar with the matter added. Alibaba did not respond to a request for comment.

Regulators are concerned the companies could access personal information and intellectual property stored in their clouds and provide it to the Chinese government or disrupt Americans’ access to it, two sources said.

Cloud data protection and the future of AI workloads

Commerce officials are particularly concerned about a data center in Silicon Valley, Calif., partly owned by China Mobile, one of the sources said.

China Mobile did not respond to a request for comment about the data center.

Bert Hubert, a Dutch cloud computing expert and former member of the Dutch Intelligence and Information Regulatory Commission, said that Reuters could not determine why the government was particularly interested in the Chinese mobile data center, but that one data center had mishandled customers. Data offers greater opportunity.

He noted that ownership would make it easier to interfere with customers’ servers overnight, such as by installing backdoors to enable remote access or bypass encryption. In data centers where security policies are strict and companies only rent space, these actions will be even more severe.

“If you have your own data center, then you have your own unique piece of China in the United States,” he said.