‘China is building database on vulnerabilities of hundreds of millions of Americans’

China is creating databases on the behavior, preferences, and vulnerabilities of hundreds of millions of Americans to use for intelligence purposes.

Whether by hacking the US government or infiltrating American tech companies to harvest their data, China is taking all that it steals to learn everything it can about the behavior of Americans.

“Chinese government hackers have engaged in a prolonged campaign in recent years to build a massive database on American citizens for intelligence and counter-intelligence purposes”

On Tuesday the Senate Subcommittee on Crime and Terrorism held a hearing on “How Corporations and Big Tech Leave Our Data Exposed to Criminals, China, and Other Bad Actors” where the issue of China being a huge national security threat was front and center.

At the hearing Senator Josh Hawley warned of the dangers concerning social media platform TikTok, whose parent company is based in Beijing.

TikTok is a short video sharing platform, and it has access to everything that users record, including their private messages and websites they visit.

More importantly, TikTok has all the data necessary to help China train its facial recognition, voice recognition, gait recognition, and god knows what other types of AI systems.

In gathering data like this, China can learn more about American citizens than American citizens know about themselves.

In fact China has more data on the genetic sequencing of the US population than the United States has on its own population.

Data is the most important asset in the world, and those who control the data control the future of humanity and life itself!

When it comes to data collection, the typical ‘so what, I’ve got nothing to hide’ is an invitation to be pillaged, plundered, and manipulated.

One of the problems that China has in training its image recognition databases is diversity due to the Communist country’s homogeneous population.

This is one reason why participants in the hearing believe that China is betting on Americans using platforms like TikTok — so it can create a more robust image recognition system from a more racially diverse data pool.

“Do autonomous weapons systems rely on artificial intelligence, so that they are able to interpret and identify images; is that correct?” Senator Hawley asked Klon Kitchen, Senior Research Fellow at The Kathryn And Shelby Cullom Davis Institute For National Security And Foreign Policy.

Kitchen: That’s true.

Hawley: So, if China obtains images of, say, our service men and women, either through social media or something like the OPM attack, could that have relevance to how they train their AI and their autonomous weapons?

Kitchen: Absolutely. In fact one of the criticisms of some of the image recognition that China has developed up until this point was that it was Sino-centric, that perhaps that they weren’t able to operate in Western environments as well as they might. This would be a way of addressing that delinquency.

“If a company operates in China, it will be required to operate in such a way as to provide the country’s intelligence and law enforcement authorities unfettered digital access”

The Chinese threat to US national intelligence runs deep.

Overlapping testimonies in Tuesday’s hearing all pointed to the fact that Chinese legislation will make all companies operating China hand their data over to the authoritarian regime.

“Next year, all companies—including foreign-owned companies—must arrange and manage their computer networks so that the Chinese government has access to every bit and byte of data that is stored on, transits over, or in any other way touches Chinese information infrastructure,” said Kitchen in his testimony.

“Put simply: the Chinese government will have lawful and technical access to all digital data within its borders and perhaps to large volumes of data beyond its borders.

“There will be no private or encrypted messages in China. No confidential data. No trade secrets. No exemptions. If a company operates in China, it will be required to operate in such a way as to provide the country’s intelligence and law enforcement authorities unfettered digital access,” he added.

“Not only is China exporting technology, particularly AI-related surveillance tech, but the Chinese ‘party-state’ is also transmitting the laws and policies that govern its use.”

Kara Frederick, Fellow at the Center for a New American Security, added in her testimony, “China’s full ‘internet security plan,’ encompassing a soon-to-be-implemented 2020 Foreign Investment Law, will no longer render foreign owned companies in China exempt from the Cybersecurity Law.

“Effectively, any data on communications networks in China will be soon be subject to the Chinese Cybersecurity Bureau’s scrutiny, without requiring an official request. This ability to access more data from more sources lays the groundwork for its exploitation.”

“As China attempts to impart its authoritarian values on the United States, private industry and the US government must develop a set of solutions to push back.”

“Companies that operate in China may have no choice but to censor and identify users engaged in political speech”

Apart from data theft and forcing companies operating in China to hand over their data to the Communist state, American companies would also be forced to censor their platforms in China, so that issues such as human rights or political dissent never come to light.

In his testimony, William Carter, Deputy Director and Fellow at Center for Strategic and International Studies, testified, “Companies that operate in China may have no choice but to censor and identify users engaged in political speech and provide the government with nearly unfettered access to their data if asked, and companies who sell these technologies to China may be knowingly or unknowingly enabling human rights abuses.”

Frederick added, “Leaked documents from TikTok indicate the company censors content on Tiananmen Square and Tibetan independence, and possibly reporting on the Hong Kong protests and the imprisonment of approximately 1 million Uighurs in Xinjiang detention camps.

Other noteworthy testimonial highlights included:

From Frederick:

• While TikTok claims to store its data in the United States as of today, its Beijing-headquartered parent company, ByteDance, is subject to the Chinese legislation.
• In addition to this legislation, technical vulnerabilities in systems built and owned by Chinese companies abound.
• These can include much-discussed ‘backdoors’ in code that would allow the Chinese government access to third party systems and security flaws hidden in a programming vulnerability, or ‘bugdoors’—flaws could even be introduced later via a software update.

From Carter:

• Chinese government hackers have engaged in a prolonged campaign in recent years to build a massive database on American citizens for intelligence and counter-intelligence purposes.
• By exfiltrating data from the US Government (USG) Office of Personnel Management (OPM), health insurers (e.g. Anthem), airlines (e.g. United) and hotel chains (e.g. Marriott), among others, China’s intelligence services have access to an incredibly rich database on the behavior, preferences, and vulnerabilities of hundreds of millions of Americans.
• They also gain a detailed understanding of their relationships to USG employees with access to sensitive and classified information. This has significant implications for US national security.
• Chinese agents could threaten to expose an illicit affair or pay for the medical treatment of a family member of a USG employee in exchange for sensitive intelligence, or use the travel and financial habits of American citizens to identify American intelligence officers.

From Kitchen:

• China cannot be allowed to use its government-controlled companies to gain a significant foothold in any of the United States’ critical government or domestic networks.
• The United States must treat China as a national security threat to our domestic critical networks as well. As an adversarial power, China cannot be allowed to use its government-controlled companies to gain a significant foothold in any of the United States’ critical government or domestic networks.
• China’s intentions are clear: Beijing will, if not prevented, use the deployment of equipment, software, and services from Chinese state-controlled companies to compromise US information networks—networks that carry significant volumes of military and intelligence data.