China
Mobile
billboard
Peter
Parks
|
AFP
|
Getty
Images
The
Biden
administration
is
investigating
China
Mobile,
China
Telecom
and
China
Unicom
over
concerns
the
firms
could
exploit
access
to
American
data
through
their
U.S.
cloud
and
internet
businesses
by
providing
it
to
Beijing,
three
sources
familiar
with
the
matter
said.
Authorities
at
the
Commerce
Department
are
running
the
investigation,
which
has
not
been
previously
reported.
They
have
subpoenaed
the
state-backed
companies
and
have
completed
“risk-based
analyses”
of
China
Mobile
and
China
Telecom,
but
are
not
as
advanced
in
their
probe
of
China
Unicom,
the
people
said,
declining
to
be
named
because
the
probe
is
not
public.
The
companies
still
have
a
small
presence
in
the
United
States,
for
example,
providing
cloud
services
and
routing
wholesale
U.S.
internet
traffic.
That
gives
them
access
to
Americans’
data
even
after
telecom
regulators
barred
them
from
providing
telephone
and
retail
internet
services
in
the
United
States.
The
Chinese
companies
and
their
U.S.-based
lawyers
did
not
respond
to
requests
for
comment.
The
Justice
Department
declined
to
comment
and
the
White
House
referred
questions
to
Commerce,
which
declined
to
comment.
The
Chinese
Embassy
in
Washington
said
it
hopes
the
United
States
will
“stop
suppressing
Chinese
companies
under
false
pretexts,”
adding
that
China
will
continue
to
defend
the
rights
and
interests
of
Chinese
companies.
Reuters
found
no
evidence
the
companies
intentionally
provided
sensitive
U.S.
data
to
the
Chinese
government
or
committed
any
other
type
of
wrongdoing.
watch
now
The
investigation
is
the
latest
effort
by
Washington
to
prevent
Beijing
from
exploiting
Chinese
firms’
access
to
U.S.
data
to
harm
companies,
Americans
or
national
security,
as
part
of
a
deepening
tech
war
between
the
geopolitical
rivals.
It
shows
the
administration
is
trying
to
shut
down
all
remaining
avenues
for
Chinese
companies
already
targeted
by
Washington
to
obtain
U.S.
data.
Regulators
have
not
yet
made
decisions
about
how
to
address
the
potential
threat,
two
of
the
people
said.
But,
equipped
with
the
authority
to
probe
internet
services
sold
into
the
U.S.
by
companies
from
“foreign
adversary”
nations,
regulators
could
block
transactions
allowing
them
to
operate
in
data
centers
and
route
data
for
internet
providers,
the
sources
said.
Blocking
key
transactions,
in
turn,
could
degrade
the
Chinese
firms’
ability
to
offer
competitive
American-facing
cloud
and
internet
services
to
global
customers,
crippling
their
remaining
U.S.
businesses,
experts
and
sources
said.
“They
are
our
chief
global
adversary
and
they
are
very
sophisticated,”
said
Doug
Madory,
an
internet
routing
expert
at
internet
analysis
firm
Kentik.
“I
think
(U.S.
regulators)
would
not
feel
like
they
were
doing
their
job
if
they
weren’t
trying
to
shore
up
every
risk.”
Routing
through
China
China
Telecom,
China
Mobile
and
China
Unicom
have
long
been
in
Washington’s
crosshairs.
The
FCC
denied
China
Mobile’s
application
to
provide
telephone
service
in
2019
and
revoked
China
Telecom
and
China
Unicom’s
licenses
to
do
the
same
in
2021
and
2022
respectively.
In
April,
the
FCC
went
further
and
barred
the
companies
from
providing
broadband
service.
A
spokesman
for
the
FCC
said
the
agency
stands
by
its
concerns.
One
factor
in
the
FCC’s
decision
was
a
2020
report
from
other
U.S.
government
agencies
that
recommended
revoking
China
Telecom’s
license
to
provide
U.S.
telephone
service.
It
cited
at
least
nine
instances
where
China
Telecom
misrouted
internet
traffic
through
China,
putting
it
at
risk
of
being
intercepted,
manipulated
or
blocked
from
reaching
its
intended
destination.
“China
Telecom’s
U.S.
operations…
provide
Chinese
government-sponsored
actors
with
openings
to
disrupt
and
misroute
U.S.
data
and
communications
traffic,”
authorities
said
at
the
time.
China
Telecom
has
previously
denied
the
government’s
allegations
and
told
U.S.
agencies
that
routing
problems
are
common
and
occur
on
all
networks.
The
telecoms
company
sought
to
reverse
the
FCC
decision,
but
a
U.S.
appeals
court
rejected
its
arguments,
noting
that
the
agencies
presented
“compelling
evidence
that
the
Chinese
government
may
use
Chinese
information
technology
firms
as
vectors
of
espionage
and
sabotage.”
Access
points,
cloud
under
scrutiny
The
Chinese
telecoms
companies’
reach
extends
deep
inside
the
U.S.
internet
infrastructure.
According
to
its
website,
China
Telecom
has
8
American
Points
of
Presence
(PoPs)
that
sit
at
internet
exchange
points,
which
allow
large-scale
networks
to
connect
to
each
other
and
share
routing
information.
China
Telecom
did
not
respond
to
requests
for
comment
about
its
U.S.
based
PoPs.
watch
now
According
to
the
FCC,
there
are
“serious
national
security
and
law
enforcement
risks”
posed
by
PoPs
when
operated
by
firms
that
pose
a
national
security
risk.
In
cases
where
China
Telecom’s
PoPs
reside
in
internet
exchange
points,
the
company
“can
potentially
access
and/or
manipulate
data
where
it
is
on
the
preferred
path
for
U.S.
customer
traffic,”
the
FCC
said
in
April.
Bill
Woodcock,
executive
director
of
Packet
Clearing
House,
the
intergovernmental
treaty
organization
which
is
responsible
for
the
security
of
critical
Internet
infrastructure,
said
traffic
flowing
through
these
points
would
be
vulnerable
to
metadata
analysis,
which
can
capture
key
information
about
the
data’s
origin,
destination,
size
and
timing
of
delivery.
They
also
might
allow
for
deep
packet
inspection,
where
parties
can
glimpse
the
data’s
contents,
and
even
decryption.
Commerce
investigators
are
also
probing
the
companies’
U.S.
cloud
offerings,
the
focus
of
the
2020
referral
from
the
Justice
Department
on
China
Mobile,
China
Telecom
and
Alibaba
that
prompted
the
investigations,
the
people
said.
The
probe
was
later
expanded
to
include
PoPs
and
China
Unicom,
whose
cloud
business
was
small
at
the
time
of
the
referral,
two
of
people
added.
Alibaba
did
not
respond
to
a
request
for
comment.
Regulators
fear
that
the
companies
could
access
personal
information
and
intellectual
property
stored
in
their
clouds
and
provide
it
to
the
Chinese
government
or
disrupt
Americans’
access
to
it,
two
of
the
sources
said.
watch
now
Commerce
department
officials
are
particularly
concerned
about
one
data
center
that
is
part
owned
by
China
Mobile
in
California’s
Silicon
Valley,
according
to
one
of
the
sources.
China
Mobile
did
not
respond
to
requests
for
comment
about
the
data
center.
Reuters
could
not
determine
the
reason
for
the
government’s
specific
interest
in
China
Mobile’s
data
center,
but
ownership
of
one
provides
greater
opportunity
to
mishandle
client
data,
according
to
Bert
Hubert,
a
Dutch
cloud
computing
expert
and
former
member
of
a
board
that
regulates
Dutch
Intelligence
and
security
agencies.
He
noted
that
ownership
would
make
it
easier
to
meddle
with
clients’
servers
at
night,
for
example,
by
installing
backdoors
to
enable
remote
access
or
bypass
encryption.
Those
actions
would
be
much
tougher
in
a
data
center
with
strict
security
policies
where
the
company
merely
leases
space.
“If
you
have
your
own
data
center
you
have
your
own
unique
piece
of
China
within
the
U.S.,”
he
said.
