New technology prompts US to reassess data security risks from China

The United States is reassessing its data protection policies in light of advancements in technology such as genomic information and internet-connected cars. There are discussions of implementing additional trade restrictions on China due to the potential risks posed by technologies like artificial intelligence.

In the past week alone, President Joe Biden expanded Washington’s national security toolbox, sounding the alarm about the potential risks of Chinese vehicles and technology, a day after he ordered restrictions on the flow of sensitive personal information abroad.

There are fears that such data could be used to track citizens, including those doing sensitive jobs, or to train artificial intelligence models.

Using sensitive data to develop artificial intelligence could allow adversaries to use the technology to target US individuals for espionage or blackmail, for example by identifying patterns in datasets to identify people whose government connections would otherwise be obscured.

Washington is beginning to recognize “the strategic and national security value of data,” said Lindsay Gorman, a senior fellow at the US-based German Marshall Fund.

He noted that the Commerce Department’s investigation into the risks of Chinese technology in connected vehicles is a “long-awaited look at the application layer of the future Internet.”

“We should expect further research into the data generated in the Internet of Things,” he said.

– “Recalibration” –

The moves are a sign of “broader concerns about national security risks posed by unfettered free access to information,” said Emily Benson of the Center for Strategic and International Studies (CSIS).

Until now, Chinese companies could legally buy U.S. data in bulk, said Martin Chorzempa, a senior fellow at the Peterson Institute for International Economics.

This creates an “imbalance,” he said, adding that the latest order closes a “loophole.”

Washington has tried to use national security concerns to limit the ability of foreign companies to buy U.S. companies and gain access to U.S. data — but the companies can still obtain the data.

A Duke University study published in November found that sensitive information about active-duty military members is not difficult to obtain, as the information is available through brokers for as little as 12 cents per record.

“Overall, what we’re seeing is a recalibration of the U.S. approach,” which has traditionally relied on the free flow of information, said Benson, director of CSIS’s Trade and Technology Project.

“That era seems to be behind us,” he told AFP.

– Game changing technology –

The approach to data comes as Washington seeks to boost economic growth and maintain the U.S. lead in the technology race with China — while putting up national security safeguards.

The key factor is artificial intelligence that can quickly analyze and process mass data for espionage or cyber operations.

“Part of this is a fundamental security approach to curb certain risky AI features,” Benson said.

At the same time, Washington’s need to remain a leader in artificial intelligence has fueled other federal policies, such as the CHIPS Act, which pours $39 billion into manufacturing incentives.

On Monday, Commerce Secretary Gina Raimondo said artificial intelligence has been a “game changer” in demand for advanced chips, adding that the U.S. could eventually invest the entire supply chain in making such semiconductors.

Most of the global semiconductor manufacturing capacity is currently in China and East Asia, according to the US Semiconductor Industry Association.

– Achieve? –

“China has been very proactive in building its own data protection and information security system,” Chorzempa said.

“One element of this is the restrictions on what data can be transferred across borders,” he added, noting that foreign companies might not be able to access data from China about its citizens.

The U.S. moves mean it will become compliant with the information management systems of its close partners, CSIS’s Benson said.

The European Union has strict data protection laws, including the 2018 General Data Protection Regulation, and rules covering the flow of bulk data between devices.

Japan has insisted on the flow of information while ensuring confidence in privacy and security.

“It will be interesting to see to what extent (the US actions) actually promote greater convergence between governments or whether we are entering uncharted territory in digital governance,” Benson said.