SinoTech

Didi Fined $1.2 Billion for Violating Data Security Laws

By Raquel Leslie, Brian Liu
Tuesday, August 2, 2022, 8:01 AM

China’s cybersecurity regulator fined Didi Global Inc. $1.2 billion on July 21 for violating cybersecurity and data laws, drawing to a close a year-long probe into the ride-hailing giant. The Cyberspace Administration of China (CAC) said in a statement that the firm had breached three major laws concerning cybersecurity, data security, and personal information protection that together formed a regime that the government recently expanded to regulate its cyberspace and require companies to improve their handling of data. Two of these laws—the Personal Information Protection Law and the Data Security Law—were not applied to the company’s practices until after CAC’s investigation into Didi began.

In a separate statement, the CAC said investigators found that Didi had illegally obtained “screenshot information” from users’ smartphone photo albums and collected data on facial recognition and family relationships. The CAC also accused Didi of unspecified national security violations in its data processing activities. In addition to the $1.2 billion penalty, the regulator imposed a personal fine of 1 million yuan ($148,000) each on Cheng Wei, Didi’s chairman and CEO, and Liu Qing, the company’s president. Didi issued a statement on July 21 accepting the judgment and promising to strengthen its protection of personal information.

Didi’s regulatory woes first began last year when it pressed ahead with its U.S. stock listing despite being urged by the CAC to wait until the company had conducted a thorough self-examination of its network security. Just days after Didi’s $4.4 billion initial public offering on the New York Stock Exchange on June 30, 2021, the CAC announced a probe into the company’s handling of customer data. CAC alleged that Didi “illegally collected and used users’ personal information” and ordered that the ride-hailing app be removed from Chinese app stores. The regulatory actions made the company a poster child for Beijing’s crackdown on the tech industry, wiping tens of billions of dollars from its market capitalization and hitting domestic revenues hard. Didi’s investors voted in May to delist from the New York Stock Exchange and pivot to Hong Kong. There is no clarity yet as to whether or when Didi will be allowed to return to app stores or resume new user registrations.

Didi’s fine is the largest penalty imposed on a Chinese tech company since the CAC fined Alibaba $2.75 billion and Meituan $527 million last year. Authorities, however, have changed their tone toward the crackdown in recent months as they face pressure to revive a slowing economy battered by coronavirus restrictions. In mid-July, China posted its lowest growth rate since the beginning of the pandemic as unemployment neared historic highs and consumer spending stagnated. In May, Chinese Premier Li Keqiang rallied the tech industry when he pledged stronger support for the digital economy. By closing the investigation into Didi, Beijing could be sending a signal that the worst of the crackdown is over in order to restore investor confidence.

But Chinese authorities’ concerns about data security are not without merit. The Chinese tech industry has a history of excessive data collection and leaks. And these risks to national security are not isolated to the private sector. Earlier this month, hackers claimed to have breached a Shanghai police database that had left the personal data of 1 billion people unsecured for months. Just one day after Didi’s fine was announced, China’s transport ministry tightened existing rules governing how online ride-hailing firms should handle and share their data with regulators. Legal experts say the Didi penalty and latest regulatory constraints could force Chinese tech companies to reassess how they collect, store, or seek to profit from the personal information of Chinese citizens.

Senate Passes $280 Billion Bill Aimed at Boosting U.S. Chip Production and Competitiveness With China

On July 27, the Senate passed bipartisan legislation aimed at boosting U.S. technology competition with China. The bill, dubbed the “CHIPS-plus” Act, passed in a 64-33 vote, with 17 Republicans voting in favor of the bill. The legislation would provide $52 billion in subsidies and tax credits for companies to manufacture semiconductor chips in the United States, and $200 billion in investments in scientific research into artificial intelligence, robotics, quantum computing, and various other technologies. Under the CHIPS Act, the Commerce Department will be responsible for doling out billions of dollars in subsidies to expand and build new semiconductor manufacturing facilities in the United States. 

This latest CHIPS-plus Act is a slimmed-down version of the broader China competition package that passed last year. An earlier version of the bill that had included broader competition measures against China passed the Senate last year but stalled in the House after Senate Minority Leader Mitch McConnell threatened to block the bill if Democrats pushed economic legislation through the budget reconciliation process. This latest version stripped various provisions aimed at combating Chinese economic espionage from the final bill, over the objections of Republicans like Sen. Marco Rubio.

The bill addresses a decades-long decline in the U.S. share of global semiconductor chip production. In 2022, the United States produced 12 percent of global semiconductor chips, down from 37 percent in the 1980s. President Biden has made reshoring chip manufacturing a priority in his administration, to insulate American supply chains from over-reliance on foreign producers, and to reshore jobs in heartland states like Ohio, which have suffered substantial losses in manufacturing jobs over the past four decades. The bill is part of a broader economic strategy—including sanctions against Chinese chip manufacturers—to keep apace with China on chip development and manufacturing. Some commentators have questioned the effectiveness of such measures, however, as Chinese chip manufacturers have continued to successfully develop advanced chips in spite of U.S. sanctions.

The bill has received mixed reception among semiconductor companies. Firms like Nvidia, AMD, and Qualcomm—so called “fab-less” chip designers—that outsource their chip manufacturing are concerned that a disproportionate amount of the CHIP Act’s manufacturing subsidies would benefit firms like Intel, which design and manufacture their own chips. These fab-less firms support enacting the FABS Act, a bill in the House that would provide a tax credit for both chip manufacturers and designers.

While President Biden has committed to signing the bill into law, the legislation faces an uncertain future in the House. In a memorandum to all House GOP offices sent on July 27, Republican leadership recommended that all House GOP members vote against the bill in response to Sens. Chuck Schumer and Joe Manchin pushing climate, health, and tax legislation through budget reconciliation. While the previous version of the bill had passed the House on a party-line 222-210 vote, House Majority Leader Steny Hoyer has indicated that the House may seek additional amendments before the bill is put to a vote. With a slim Democratic majority, Speaker Nancy Pelosi can afford to lose only four votes to pass the bill without any Republican support. The political math points to a protracted fight ahead for lawmakers as Pelosi plans on putting the bill to a vote as early as next week.

Other News

China’s Top Tech Minister Placed Under Investigation for Alleged Corruption 

On July 28, Chinese state media reported that China’s anti-corruption agency launched an investigation into Xiao Yaqing, the head of the Ministry of Industry and Information Technology (MIIT). Xiao oversaw a large swath of China’s economy, including 5G, semiconductors, electric vehicles, and cross-border data flows. Xiao is the first sitting minister to be swept up in President Xi Jinping’s anti-corruption campaign since Xi started his second term as party chief in 2017.

The announcement from the Central Commission for Discipline Inspection (CCDI) said that Xiao was under investigation for alleged “violations of discipline and law.” Though the CCDI provided few details, investigations into “violations of discipline and law” have typically led to more specific corruption charges. Bill Bishop of Sinocism speculates that the probe stems from undisclosed issues involving Xiao’s son-in-law. Observers have also noted that Xiao was one of the few ministers absent from the list of delegates to the 20th Party Congress, the body that elects members of the Communist Party’s top policymaking body.

The timing of the anti-corruption probe may be an indication that Xi is seeking to clamp down on domestic opposition ahead of the 20th Party Congress, and follows several other high-profile investigations announced over the past week. On July 27, CCDI announced that Chen Shuang, the former CEO of China Everbright Group—one of China’s largest state-owned conglomerates—was under investigation for suspected violations of the law. Chen’s investigation followed announcements of investigations from two of China’s anti-corruption agencies—the CCDI and the National Supervisory Commission (NSC)—into 25 government bodies and state-owned companies, including targets within the CCDI and NSC themselves.

The investigation of the MIIT’s head comes as observers predict that China’s tech crackdown will taper as China seeks to bolster a flagging economy ahead of the 20th Party Congress. China recently announced that it had established a yearly interministerial meeting mechanism that convenes 20 agencies, including the MIIT, to align—and possibly rein in—regulatory action on the country’s digital economy. While the MIIT was never the most active regulator, compared to agencies like CAC and the State Administration for Market Regulation, it has played major roles in naming and shaming apps for illegal data collection and in calling on tech giants to stop engaging in anti-competitive behavior. With Xiao under investigation, the responsibility for navigating any change in the MIIT’s regulatory strategy will likely fall on the most senior of the agency’s five vice ministers.

Biden and Xi Speak for the First Time Since March

President Biden and Chinese counterpart Xi spoke on July 28. It was the first call between the two leaders since March and their fifth conversation since Biden took office. The White House said the call lasted for two hours and 17 minutes but provided no immediate account of what was said. Instead, the White House stated vaguely that the call was meant to “responsibly manage our differences” and covered “a range of issues.” China’s Ministry of Foreign Affairs said that it was a productive conversation but issued a stern warning against what it considers American provocations without directly mentioning a prospective trip to Taiwan by Speaker Pelosi that has recently drawn anger from Beijing. “Playing with fire will set yourself on fire,” the statement said.

Biden administration officials have been working quietly over the past week to convince the House speaker of the risks inherent in visiting Taiwan. A trip to the self-governing island by Pelosi would be the first by a House speaker since 1997. Under its “One China” policy, the United States does not have official diplomatic relations with Taiwan but is bound by U.S. law to provide the island with the means to defend itself. Congress is a separate and coequal branch of the U.S. government and the speaker of the House does not work for the Biden administration, nor does she determine U.S. recognition of other entities. Nevertheless, President Biden “underscored that the United States policy has not changed” despite speculation about Pelosi’s trip and that “the United States strongly opposes unilateral efforts to change the status quo or undermine peace and stability across the Taiwan Strait.”

Relations between the United States and China remain severely strained on the issue. On July 26, senior U.S. officials accused China of increased provocations against rival territorial claimants in the South China Sea and said “aggressive and irresponsible behavior” by Chinese ships and aircraft, such as sending warplanes into Taiwan’s self-declared air defense identification zone, risked a major incident. Russia’s war in Ukraine has only intensified those worries. Officials on both sides see the calls between Biden and Xi as an effective, potentially stabilizing channel for avoiding full-scale confrontation.

The talks also came as the United States considers whether lifting some tariffs on Chinese imports would help stem rampant inflation ahead of November’s midterm elections. Former President Trump used Section 301 of the Trade Act of 1974 to impose tariffs on China on more than $300 billion in imports after an investigation concluded that China stole intellectual property from American companies and forced them to transfer technology. A new report by the Consumer Technology Association determined that importers of technology products from China paid over $32 billion worth of tariffs between mid-2018 and the end of 2021. President Biden remained undecided on whether to lift the tariffs ahead of his call with Xi.

FBI Investigation Reveals Huawei Equipment Could Disrupt U.S. Nuclear Arsenal Communications

  A top-secret FBI investigation into Chinese-made Huawei equipment atop cell towers near U.S. military bases in the rural midwest went public on July 23, revealing critical national security vulnerabilities that could threaten U.S. nuclear arsenal communications. The FBI determined that the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by U.S. Strategic Command, which oversees the country’s nuclear weapons. 

While national security concerns about Huawei equipment in the United States have been well-known for years, the existence of this investigation and its findings have never been reported. It remains unclear whether any data was intercepted and sent back to Beijing from these towers. While both the Chinese government and Huawei have denied any efforts or even capabilities to spy on Defense Department communications, U.S. officials say there is no question that Huawei equipment has the ability to intercept not only commercial cell traffic but also highly restricted airwaves used by the military for communications about America’s nuclear arsenal.

The FBI’s findings represent the latest in what the U.S. security apparatus has deemed a dramatic escalation in Chinese espionage on U.S. soil over the past decade. Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a Chinese consulate in Houston believed by the U.S. government to be aiding in economic espionage and theft of scientific research, and stonewalled efforts to plant listening devices near sensitive military and government facilities. In fall 2019, the Federal Communications Commission (FCC) ordered that telecommunications companies that receive federal subsidies to provide cell service to remote areas must “rip and replace” their Chinese-made Huawei and ZTE equipment. In 2020, Congress approved $1.9 billion in funding to remove Huawei and ZTE cellular technology across wide swaths of rural America.

   But two years later, none of that equipment has been removed, and rural telecommunications companies are still waiting for federal reimbursement money. The FCC received applications to remove approximately 24,000 pieces of Chinese-made communications equipment. But according to a July 15 update from the FCC, the agency is more than $3 billion short of the money it needs to reimburse all eligible companies. A parallel probe by the Commerce Department into Huawei has also proceeded slowly and remains ongoing.

Commentary

Chris Stokel-Walker reports on leaked TikTok public relations documents showing how the company has attempted to downplay its ties to Chinese parent company ByteDance.

Farah Stockman argues in favor of removing the country-based cap for skilled immigrant visas in order to boost U.S. competitiveness in semiconductor manufacturing.

Lulu Chen critiques China’s tech tycoons, arguing that many of China’s largest technology giants have become compliant parts of the regime they promised to disrupt.

Noah Rothman argues that the U.S. military is being stretched too thin across multiple theaters to effectively counter China.

Minxin Pei asserts that President Biden’s framing of the U.S.-China rivalry as a struggle between democracy and autocracy risks undermining the administration’s substantive policy objectives.

Elisabeth Braw proposes offering national security training for technology experts in order for NATO to compete against China.

Aaron Ross Sorkin, Vivian Giang, and others assess for the New York Times the economic risks of a Chinese invasion of Taiwan.

Olivier Knox assesses that President Biden’s public statements on the United States’ commitment to Taiwan have made it unlikely that Speaker Pelosi will follow through on her planned visit to Taiwan.

For the Cyberlaw podcast, Stewart Baker discusses China’s latest advances in semiconductor chip manufacturing.

Mike Pompeo argues in favor of support for the CHIPS Act in the interest of fostering U.S. independence from Chinese semiconductor manufacturing.