SinoTech: Huawei Keeps Pushing 5G, Apple Localizes Data in China, and the U.S. Airs China Data-Privacy Grievances at WTO

By David Stanton, Wenqing Zhao
Thursday, March 8, 2018, 7:00 AM

Editor’s Note: SinoTech is a new bi-weekly Lawfare series on technology-related legal and policy issues in China and the United States with a focus on implications for U.S.-China relations and national security.

This inaugural post addresses several cross-border data transfer issues and security concerns that have surfaced in recent weeks. SinoTech’s next update expects to cover legislative developments from the ‘two meetings’ of China’s National People’s Congress and the Chinese People's Political Consultative Conference, which kicks off this week.

Huawei continues 5G push despite opposition from U.S. intelligence

Chinese telecommunications giant Huawei has continued its campaign to win 5G network construction contracts in foreign countries, including many American allies, amid from U.S. intelligence agencies that the company’s ties to the Chinese government raise security concerns. Richard Yu, chief executive of Huawei’s consumer business group, on Feb. 25 that these security warnings disguised the protectionist commercial concerns of U.S. officials. Speaking at the World Mobile Congress in Barcelona, Yu that American competitors “cannot compete with us on product, on technology, on innovation, so they compete with us [using] politics.”

Huawei was quick to itself from Yu’s accusation, but the company defended its innocence and declared its continued commitment to openness and transparency. Huawei’s rotating chief executive Ken Hu reporters at the Mobile World Congress that he would welcome a “factual debate” on the accusations Western intelligence officials have made against Huawei. Chen Lifang, the company’s head of communications, that “we can only try harder, maintain our openness and transparency and wait until the other party is willing to communicate with us.” An executive from ZTE, a fellow Chinese telecom firm singled out for suspicion by U.S. intelligence agencies and legislators, with similar prudence, counselling that ZTE should make “more effort to build the trust among the people in Washington.”

Six top U.S. intelligence chiefs had previously warned American customers against using products or services from Huawei or ZTE in a Feb. 13 . FBI Director Chris Wray that the Bureau was concerned consumer adoption of Huawei equipment might grant Huawei “the capacity to exert pressure or control over our telecommunications infrastructure,” to “maliciously modify or steal information,” and “to conduct undetected espionage.”

The security worries surrounding Huawei’s efforts to break into the U.S. market were also evident earlier this year when a deal for AT&T to sell Huawei’s newest smartphone in the U.S. market was due to political pressure. On Dec. 20, members of the House and Senate intelligence committees sent a letter to the Federal Communications Commission warning of Huawei’s ties to China’s intelligence and security services. In early January, AT&T abandoned the deal. A similar deal between Huawei and Verizon was reportedly later in January after similar pressure. In February, Sens. Tom Cotton of Arkansas and Marco Rubio of Florida to block U.S. government agencies from purchasing equipment from Huawei, ZTE, and other manufacturers “controlled by, or otherwise connected to,” the Chinese government. CFIUS has also  a full investigation into Singaporean chipmaker Broadcom’s attempt to acquire U.S. competitor Qualcomm after fears emerged that the move would allow Chinese firms to consolidate their lead in the 5G market.

Despite the controversy, Huawei appears primed to spearhead the construction of national 5G networks. To date, Huawei has memoranda of understanding to trial 5G equipment with 45 telecom operators, in close U.S. allies like Britain, Canada, France and Germany. Huawei has even overtures to the Australian government, despite that government’s recent of Huawei smartphones from its Defense Department and a law passed last year that some have the “anti-Huawei bill.” Meanwhile, the White House’s proposal to construct a government-run 5G network has been .

Apple moves Chinese user-data to domestic server farms

After , Apple finally began moving Chinese users’ iCloud data and encryption keys to Chinese servers on Feb. 28. The transfer was prompted by China’s - cybersecurity law (/), which requires critical information infrastructure providers to localize storage of Chinese citizens’ personal information. After the law went into effect in June 2017, Apple quickly its plans to store Chinese user data in Guizhou as part of a $1 billion partnership with the provincial government and , its government-owned cloud storage provider. Guizhou, one of China’s poorest provinces, has to establish itself as a leader in data storage.

The transfer has that the Chinese government may be able to access its citizens’ iCloud data. Apple has promised that its encryption will continue to protect user privacy, users in a statement that the company “has strong data privacy and security protections in place and no backdoors will be created into any of our systems.” Apple formal control over its encryption keys, but skeptics are likely to remain unconvinced as long as those keys are stored on Chinese servers, especially since Apple has repeatedly its willingness to abide by Chinese domestic law. Apple has also , however, only to hand over data to the Chinese government for requests that it considers lawful.

U.S. criticizes China’s data-transfer policies at WTO

As Apple was moving its data to Chinese servers, the American government expressed its own dissatisfaction with China’s data transfer regime. On Feb. 23, the U.S. Trade Representative submitted a to the WTO Council for Trade in Services “expressing concerns with certain measures China has adopted ... that could significantly impair cross-border transfers of information.” The USTR’s criticism centered on the 2017 Cybersecurity Law and on a directive (/) issued last January by China’s Ministry of Industry and Information Technology (MIIT) prohibiting the use of unlicensed virtual private networks (VPNs) to send or receive data from abroad. The directive is scheduled to reach full implementation by the end of March, and MIIT officials recently (CN) that it would be enforced against corporations and individuals using cross-border VPNs that have not been approved by the Chinese government. The USTR complained that the directive, along with China’s data localization requirements, would “disrupt communications between a company's China facilities and its other global operations, increase costs, and reduce rather than enhance data security.”

The communication reflects recent American attempts to challenge China’s ostensibly security-minded data-transfer regime as a protectionist barrier to trade. In its , the USTR began listing China’s technology policies as impediments to American companies attempting to enter the country. (It continued doing so in its report; the 2018 report is expected later this month.) In a January 2017 to Congress on China’s WTO compliance, the USTR reiterated its view that China’s data transfer policies “impose severe restrictions on a wide range of U.S. and other foreign ICT products and services with an apparent long-term goal of replacing foreign ICT products and services.” (These allegations were repeated in the USTR’s January 2018 to Congress.) And in September 2017, the USTR submitted a first to the WTO Council for Trade in Services claiming that the Cybersecurity Law and its implementing regulations would “impinge on commercial choices and longstanding business arrangements supported by robust trade rules” and urging the Chinese government to delay implementation.

Despite the rhetoric, the USTR has so far declined to lodge a formal WTO complaint. Using the WTO to combat Chinese internet policy was suggested in a by Tim Wu and has in the years since, but it has never been put into practice.

In Other News

  • While the Western media has focused on to eliminate constitutional term limits on the presidency and vice presidency, Chinese domestic coverage has been limited, and state officials have censorship of content critical of Xi in the days following the announcement.
  • Cybersecurity firm Cloudstrike’s annual linked China-based actors to repeated attacks against Western think tanks and NGOs.
  • Chinese regulators are reportedly allowing shares of domestic tech companies currently listed abroad to be traded on Chinese markets through depositary receipts.
  • A Chinese state-backed investment fund a deal to purchase U.S. hardware testing company Xcerra due to concerns that the acquisition would not pass . Another deal, between U.S. data analytics firm Cogint, Inc. and BlueFocus International Limited of China, was also after CFIUS indicated unwillingness.
  • Human Rights Watch has the Chinese government of using big data to crack down on dissidents in its restive Xinjiang province.
  • Chinese regulators to crack down on citizens trading cryptocurrencies through offshore brokers.

Analysis & Commentary

Elsewhere on Lawfare, Christopher Mirasola takes an at China’s internet policy and the WTO, and Robert Williams his recent essay on the “China, Inc.+” challenge to norms of nation-state conduct in cyberspace. A full version of the paper is available from the . In the of the Cyberlaw Podcast, Stewart Baker and company discuss CFIUS’s treatment of recent Chinese tech acquisition attempts and Apple’s data shift (CFIUS-specific discussion begins at 12:30; Apple’s shift is briefly mentioned at 25:00).

At Just Security, Amie Stepanovich and Michael Karanicolas use Apple’s transfer of encryption keys as an against government backdoors, and Tim Maurer and Kathryn Taylor several paths that the development of international cyber norms might follow.

On the Artificial Intelligence front, Paul Triolo and Jimmy Goodrich the early indicators from the Chinese government’s AI push in a paper for New America, Elsa Kania the intersection of this push and quantum computing in the Bulletin of the Atomic Scientists, and the Wall Street Journal’s focuses on China’s push to develop AI for military purposes.

In other broadsheets, Paul Mozur China’s increased oversight of its citizens’ activities on foreign web platforms for the New York Times, where Cecilia Kang and Alan Rappeport also Huawei’s struggles as an indicator of the broader technology race between China and the U.S. In the Wall Street Journal, Stu Woo “Why Washington Is So Obsessed With China’s Huawei.”

CORRECTION: An earlier version of this article incorrectly stated that CFIUS had rejected Broadcom's attempted acquisition of Qualcomm. In fact, CFIUS has only delayed their vote and called for a full investigation into the deal.