Chinese state-owned telecommunications firms are operating with little U.S. oversight and using their access in America to conduct espionage operations on behalf of the Communist Party, putting the personal information of millions of Americans at risk, according to a new congressional report.
Multiple Chinese telecom firms have operated in the United States with "little-to-no oversight" from government agencies for the past 20 years, the Senate's Permanent Subcommittee on Investigations disclosed on Tuesday in a new report. These companies are permitted near-total penetration of American communications networks and have used this access to collect data on millions of Americans, including military members and those working in sensitive government posts.
Only in the past year has the federal government begun to take a closer look at these firms, including China Telecom Americas, China Unicom Americas, and ComNet—all Communist Party-owned firms that have been operating with impunity since the early 2000s. The Senate's yearlong investigation concluded that the Federal Communications Commission failed to perform proper oversight on these companies, allowing them to collect data on scores of Americans. With the Chinese government exerting total control over these companies, it is likely these data are being used for nefarious purposes, the report warns.
China's espionage operations in America have received renewed scrutiny in the wake of the coronavirus pandemic. In addition to the telecommunications sector, Beijing has stolen information from the U.S. scientific community, academic institutions, and the government itself. The Senate report is part of a larger effort by Congress to expose these spy operations and enact policies meant to stop them.
"This bipartisan report demonstrates that federal agencies have done little to protect the integrity of U.S. telecommunications networks and counter national security threats from China," Sen. Rob Portman (R., Ohio), chair of the Permanent Subcommittee on Investigations, said in a statement. "The Chinese Communist Party uses its state-owned enterprises to further its cyber and economic espionage efforts against the United States, and they've been exploiting our telecommunications networks for nearly two decades while the federal government historically put in little effort to stop it."
The Trump administration is just starting to rein in these Chinese telecoms. While the so-called big three—China Telecom Americas, China Unicom Americas, and ComNet—continue to operate with minimal oversight, the FCC recently denied China Mobile USA permission to provide international services in the United States, citing national security concerns. Additionally, a recent executive branch order signed by President Donald Trump mandates that foreign-owned carriers be subject to increased monitoring. Senate investigators praised the move but said it does not go far enough. They argue that the concerns presented about China Mobile USA apply to all of the other Chinese telecoms that continue to operate in America.
The Senate investigation further discovered that once these Chinese companies obtained FCC authorizations, the agency stopped performing in-depth oversight, meaning they were essentially free to meddle in American networks. Evidence reviewed by the Senate indicates that China Telecom Americas has been hacking U.S. communications since at least 2010. The concerns have become even more pressing as China Telecom and similar companies ink deals with major U.S.-based carriers, such as AT&T and Verizon.
"The Chinese government engages in cyber and economic espionage efforts against the United States and may use telecommunications carriers operating in the United States to further these efforts," the report states.
In 2014, for instance, Chinese hackers found their way into a database controlled by the Office of Personnel Management, which contained records on some 22 million Americans who had security clearance and worked for the U.S. government. In the same year, Chinese hackers penetrated the U.S. Postal Service's network, exposing the personal records of more than 800,000 employees.
Telecom services are a ripe target for China, according to the report. Any of the big three currently operating in the United States could carry out what are known as "hijacking attacks," in which sensitive data are siphoned off these networks and sent back to China.
"The Chinese government is increasingly using its state-owned telecommunications carriers to carry out hijacking attacks," according to the report. "Chinese carriers have not established independent transmission facilities and networks outside of China."
Many of the hacks are sophisticated and made to appear as if they occurred by mistake.
In 2011, for instance, China Telecom allegedly rerouted Facebook traffic from AT&T and other U.S. carriers back to China. It is believed this was the result of "China Telecom advertising false routes for approximately nine hours," a scheme that allowed the information to make its way back to the Communist regime. Other attacks of this nature have been traced back to China Telecom in recent years.
Despite numerous instances of hacking and mounting concerns in Congress, the U.S. government did not begin to probe this behavior until January 2019.
In addition to the FCC, oversight is supposed to be performed by an ad-hoc body known as Team Telecom, which is comprised of officials from the Departments of Homeland Security, Justice, and Defense. The FCC relied heavily on this body, even though it did not have statuary authority until April 2020, when it was restructured due to mounting concerns about Chinese hacking.
"Despite nearly a decade of allegations, Team Telecom did not probe the issue until January 2019," the investigation found.
Now, nearly 20 years after China Telecom Americas obtained its FCC licenses, Team Telecom is recommending that they should be revoked due to "substantial and unacceptable" national security risks.
As part of China's "strategic plan" to increase its intelligence collection efforts, state-sponsored hackers have reportedly targeted U.S. networks containing large amounts of data on American intelligence personnel and government employees.
The Senate investigation recommends several steps the United States could take to mitigate concerns about Chinese hacking. This includes revoking permissions for these telecoms to freely operate in the United States.
Congress is also seeking a greater oversight role to ensure that investigations are conducted with regularity and concerns are quickly addressed.