Senator Amy Klobuchar’s (D-Minn.) American Innovation and Choice Online bill, ready for a floor vote in the U.S. Senate, targets major U.S. tech companies for deep regulation. Many Republican senators, angry at big social media companies for heavy-handed censorship of conservative content, are poised to vote for the Minnesota Democrat’s bill out of pique, though the bill won’t break up Big Tech companies or change how they moderate content.
When the bill was briefly discussed in the Senate Judiciary Committee, several senators raised questions about the bill’s mandate that Amazon, Apple, Meta/Facebook, Google, and possibly Microsoft be fully “interoperable” with competitor companies. Such a mandate would necessarily entail sharing hardware, software, and operating systems with thousands of domestic and foreign companies. Might some of them export U.S. data to China or Russia
Klobuchar responded to this concern by amending her bill to exclude “clear national security risks” and entities “controlled by the People’s Republic of China or the government of another foreign adversary.” If the bill passes the Senate, and goes to Biden’s desk for signature, the perfunctory assurances of that amendment would prove to be as protective as tissue paper.
The reason why was well articulated by FBI Director Christopher Wray. Speaking in London in a first-of-its kind joint appearance with the head of the UK’s MI5, Wray said:
China often disguises its hand in order to obtain influence and access where companies don’t suspect it. Outside of China, their government uses elaborate shell games to disguise its efforts from foreign companies and from government investment-screening programs like CFIUS, America’s Committee on Foreign Investment in the U.S.
For example, they’re taking advantage of unusual corporate forms like SPACs, or Special Purpose Acquisition Companies, and buying corporate shares with overweight voting rights that let their owners exert control over a company out of proportion with the actual size of their stake in it.
The Chinese government has also shut off much of the data that used to enable effective due diligence, making it much harder for a non-Chinese company to discern if the company it’s dealing with is, say, a subsidiary of a Chinese state-owned enterprise.
Many international companies that would access U.S. operating systems also do business in China. Wray noted that in China “a 2017 law requires that if the Chinese government designates a company as ‘critical infrastructure,’ that company must store its data in China—where, of course, the government has easier access to it.”
Any one of thousands of international companies will have access to the hardware, software, and operating systems of U.S. tech companies. How realistic is it then to assume that China would not get its hands on the personal data of American consumers, businesses, and government?
The targeted companies would include Google Cloud, Microsoft Azure, and Amazon Web Services. All store sensitive data for governments. Microsoft Azure is the favored cloud storage provider for the government of Canada. AWS is a cloud platform that stores data for the U.S. Department of Homeland Security, the U.S. Department of Defense, including U.S. Navy command centers, 80 percent of German DAX companies, and many other businesses and banks around the world. Google Cloud for Government serves the New York City Cyber Command.
These services give customers curated access to their data on their systems through software called APIs. But give a competitor penetrated or suborned by China access to the architecture underlying APIs, and China can enter not just through a digital skylight but through the front door. And since much of that underlying architecture, called microservices, is the same for all customers, China would have the keys to all kingdoms.
Such burglary wouldn’t necessarily require bad faith on the part of a U.S., Dutch, Japanese, or Indian company. All it would take would be for China, as Director Wray describes, to penetrate that company and exploit it from within. We got a foretaste of what such total exposure might look like when Russian hackers used IT provider SolarWinds to extract the data of thousands of U.S. government agencies and businesses.
The hopelessly vague language of the Klobuchar bill is certain to export to China the most sensitive data of the U.S. government and military, as well as that of innumerable consumers, banks, and businesses. The American Innovation and Choice Online Act would be the biggest own goal since the 15th century, when petty internal conflicts led the Ming Dynasty to withdraw China’s vast armada of treasure ships and destroy its world-leading shipyards.
The American Innovation and Choice Online Act would be America’s invitation to be comprehensively violated.
It is not hard to imagine high-ranking intelligence officials in their Beijing offices in the Ministry of State Security holding their breaths and whispering, “please, please . . . ”