The U.S. Commerce Department has initiated a probe into three significant Chinese telecom firms—China Mobile, China Telecom, and China Unicom—amid concerns about potential misuse of American data. The investigation aims to determine whether these companies are sharing data with Beijing through their cloud and internet services.
Current Investigation Status
Risk-based evaluations for China Mobile and China Telecom have been finalized, whereas the inquiry into China Unicom is still underway. These investigations remain undisclosed to the public, with subpoenas issued to the implicated firms.
Despite prohibitions on providing telephone and retail internet services, these companies operate in the U.S. on a smaller scale, offering services like cloud computing and routing wholesale internet traffic.
No responses have been received from the Chinese firms or their U.S.-based legal representatives. The Justice Department and the White House have refrained from commenting, while the Chinese Embassy has called on the U.S. to cease actions against Chinese companies. The Federal Communications Commission (FCC) has voiced serious national security and law enforcement concerns.
Historical Context
This investigation is part of a broader regulatory crackdown on Chinese telecom firms. In 2019, the FCC rejected China Mobile’s application for telephone services. This was followed by the revocation of licenses for China Telecom and China Unicom in 2021 and 2022, respectively. In April 2023, the FCC banned these companies from offering broadband services, citing risks such as the misrouting of internet traffic through China and potential data interception, manipulation, or blockage.
Technical and Security Risks
The presence of these companies in U.S. internet infrastructure poses considerable technical and security risks. China Telecom’s Points of Presence (PoPs) in the U.S. are particularly susceptible to metadata analysis and deep packet inspection. Additionally, there are concerns that cloud services may grant access to personal information and intellectual property, risking data disruption. Specific attention has been directed towards China Mobile’s partially owned data center in Silicon Valley, where ownership magnifies the potential for data mishandling.
Experts emphasize China's sophistication as a global adversary. Doug Madory of Kentik highlighted the risk posed by China’s advanced capabilities, while Dutch cloud computing expert Bert Hubert noted that ownership of data centers allows for more opportunities to install back doors or bypass encryption.
The U.S. Commerce Department’s investigation into China Mobile, China Telecom, and China Unicom underscores ongoing efforts to protect national security by scrutinizing foreign access to U.S. data. While these measures may be disruptive, they are considered essential to mitigate risks amid escalating U.S.-China tech tensions. As the investigation progresses, further regulatory actions may be implemented to block transactions and operations in U.S. data centers, emphasizing the importance of addressing national security concerns linked to Chinese firms’ access to American data.