Microsoft’s disclosure over the summer of a Chinese espionage campaign that used forged credentials to break into U.S. government agencies and businesses is a reminder that China has sophisticated cyber capabilities and is willing to use them. But this is more than just having a product with vulnerable code.

If companies have business operations in China — as many of America’s largest and most influential tech companies do — they may be unwitting accomplices to China’s surveillance operations, according to a new report published by the American Security Project. Yet this remains absent from discussions of risk in many technology firms’ public financial statements.

It is a curious omission, because the risks are high: Chinese law requires that companies located there provide the Chinese Communist Party’s security services with access to source code and other sensitive data if demanded. Chinese law also requires that security researchers — including those working for tech companies — share vulnerabilities in computer code with the government first.

Ten years ago, then-National Security Agency contractor Edward Snowden leaked classified documents purporting to show that American tech companies were required under U.S. law to furnish information about foreigners to the U.S. intelligence community. In the painful aftermath of the leaks, American tech companies faced such grave reputational harm that many of them reported the risks as material in their financial disclosures. They also fought hard for — and won — the right to be more transparent with their customers and the broader public about how often the U.S. intelligence community required them to cooperate. If U.S. surveillance posed such a grave risk to the business fortunes of American tech companies, surely China’s must as well.

To be sure, there is a world of difference between the American legal framework for intelligence operations and China’s. Ours is embedded in a democracy, with limits prescribed by law and subject to layers of oversight by all three branches of government. We openly debate the contours of this framework, as Congress is doing now with respect to the surveillance authorities authorized by the Foreign Intelligence Surveillance Act. China gives security services carte blanche to pursue their investigations and operations, with no known limits.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *