Amid rising concerns about China’s growing international data collection apparatus, a newly divided US Congress is applying fresh scrutiny to the possibility that imported Chinese technology could be a Trojan horse.
In a letter to the US National Highway Traffic Safety Administration, shared exclusively with WIRED, Representative August Pfluger asks some tough questions as to whether Washington is really prepared for the security threat posed by the coming influx of Chinese-made smart and autonomous vehicles (AVs) to the United States.
“I remain concerned that a lack of US oversight in AV technology has opened the door for a foreign nation to spy on American soil, as Chinese companies potentially transfer critical data to the People’s Republic of China,” Pfluger writes.
While AV technology may be some years away from widespread commercial use, pilot projects are already on the roads around the world. As of earlier this year, AutoX autonomous taxis were on the roads in California. A Chinese startup backed by one of the largest state-owned car companies in the communist country, AutoX was granted approval by California in 2020.
As American regulators have green-lit those test projects, Pfluger writes, “there remains a serious lack of oversight regarding their data governance.”
Earlier this year, WIRED reported on the mounting national security issues posed by Chinese-made vehicles. The massive trove of data being collected by these cars could give adversarial states an unprecedented vantage point into the United States and other Western nations. Beijing has already pioneered the use of big-data analytics to identify dissidents at home, and concerns have mounted that those tactics could be deployed abroad.
Pfluger submitted a detailed list of questions to the National Highway Traffic Safety Administration (NHTSA), which regulates the use of AVs, and asked the regulator to explain how it has vetted the national security risk posed by these Chinese companies.
“Has NHTSA worked independently, or in collaboration with cities or other local governments to limit or prevent Chinese-owned companies from collecting sensitive information from American infrastructure, including information about sensitive government or military facilities, and subsequently sharing such information abroad?” Pfluger writes.
China has certainly had that anxiety about American-made smart and electric vehicles. Earlier this year, for example, Beijing placed firm restrictions on where Teslas could drive, particularly around military installations, amid high-level Communist Party meetings.
Pfluger highlights in his letter that China could use “autonomous and connected vehicles as a pathway to incorporate their systems and technology into our country's infrastructure.” The United States, like most of its allies, has already banned Chinese corporate giant Huawei from building 5G infrastructure, but these next-generation vehicles would have access to an unprecedented number of emails, messages, and phone calls, and would effectively be moving cameras, capable of photographing an array of critical infrastructure.
As Homeland Security secretary Alejandro Mayorkas told a House committee last week, there are “perils of having communications infrastructure in the hands of nation-states that don't protect freedoms and rights as we do.” FBI director Christopher Wray warned that China has stolen more data from the United States than all other nations combined, through “increasingly sophisticated, large-scale cyber espionage operations against a range of industries, organizations, and dissidents in the United States.”
It’s no secret that the automotive industry is of particular interest to Beijing. This summer, a former Apple engineer pleaded guilty to stealing trade secrets on the company’s AV program, and sending them back to China.
Pfluger, a Republican from Texas, served in the last congressional term on both the House Foreign Affairs and Homeland Security committees. Republicans, in particular, have called for legislation to govern AV cybersecurity, with an eye to combating China’s bullish entry into the American market. While legislative drafts and proposals have floated around, none have become law. (US president Joe Biden’s infrastructure bill included some language on AV safety, but it does not address issues of security and espionage.)
With the Republicans winning back control of the House of Representatives, their particular skepticism of Beijing is likely to put new scrutiny on Chinese businesses operating in America.
“House Republicans plan to renew our focus on one of the nation's biggest threats: the Chinese Communist Party,” Pfluger says in a statement. “TikTok and Huawei are demonstrating the CCP's intention to use any means necessary to collect American data and transfer it back to Beijing.”
At the Halifax International Security Forum this past weekend, Democratic senator Chris Coons said regulating Chinese social media companies would also be a priority for him in the coming congressional term.
“I think there are platforms that I'll call out—TikTok, right off top—that are malevolent, that are both siphoning off huge amounts of data being used as a tool of state power,” Coons told the Canadian security conference.
Warning of more than just a data hoovering operation, Coons echoed a growing belief that TikKok is being used as a distraction—an opiate of the masses.
“It's engaging, I would even say addictive,” Coons added. “I've got one legislative proposal around this: the Platform Accountability and Transparency Act, a bipartisan bill that would, with protections, subject social media algorithms to academic study and analysis. So we know whether or not Instagram really is demonstrably harmful to young people. So we know whether or not state actors are able to use some of these tools to accelerate radicalization or to shape our political space.”
The legislation, first introduced last year by Democratic and Republican lawmakers, would give the US government the power to mandate access to social media companies’ algorithms by independent researchers.
A raft of other proposals submitted to Congress take different approaches towards bringing major internet companies under US regulation. European regulators are even further along in that regard.
TikTok has told Congress that it is working to protect Americans’ data, and it has promised that “non US-based employees, including China-based employees, will only have access to a narrow set of TikTok US user data.”
In his statement to WIRED, Pfluger underscored the need for movement on this issue. “The US needs to act quickly to ensure that we do not allow autonomous vehicles to become another source of data used against our national interest by the CCP.”
Update 9 am ET, 11-22-22: A previous version of this article misstated the number of AutoX vehicles in California. We regret the error.
