China is known for widespread data theft and unethical business practices. Despite the low cost goods that Chinese companies have brought to the global economy, recent news has highlighted these businesses often engage in economic espionage, intellectual property theft, personal data breaches, and even cybersecurity attacks targeting sensitive national security information. The increased concern over the Chinese security threat is compounded by Chinese law, specifically Articles 7 and 12 of the National Intelligence Law of the People’s Republic of China, that essentially requires Chinese companies release any data the government mandates.
The U.S. government has prohibited American firms from doing business with telecommunication and technology giants Huawei and ZTE, designating both as national security threats. Further, the U.S. has recently charged two Chinese hackers over a decade of online theft, including stealing hundreds of millions of dollars, intellectual property, and digital currency.
The U.S. government is also lobbying European allies against x-ray screening company Nuctech, arguing the company represents a significant security risk. Nuctech has been accused of unfair business practices, corruption, and close ties to both the Chinese government and military. National security experts are concerned Nuctech will use backdoor technology to pass on sensitive data – manifests, personal information and more – to the Chinese government, Nicknamed the “Huawei of airport security,” many Nuctech products are installed at airports and global critical infrastructure sites.
In June 2020, India tightened their regulations on Huawei’s involvement in India’s telecommunications networks and banned the popular social media app TikTok, claiming it posed a threat to “sovereignty and integrity.” Australia’s government is also investigating TikTok along with WeChat over allegations the companies share user data with the Chinese government.
All these incidents raise the question: should security and telecommunications equipment that protects vital national security data be selected based on lowest cost alone when Chinese government-subsidized and controlled companies are competing? Can these Chinese firms be trusted with sensitive data and access to critical networks? Or do the risks of data theft outweigh the potential cost benefits?