U.S. Policy toward IoT Technology from China: New Report Signals Further Changes

In recent months, a series of US government reports have documented the growing concern of the Trump Administration regarding China’s policies and programs to make Beijing a superpower in the field of artificial intelligence within 2030.

U.S. Policy toward IoT Technology from China: New Report Signals Further Changes - GEOPOLITICA.info

According to many scholars, the knowledge of China in the field of artificial intelligence has reached an excellent level, considering that it has surpassed the US by number of publications in the sector.

It is also important to note that the largest Chinese companies investing in artificial intelligence have offices in Silicon Valley (including the Baidu search engine and the Alibaba online shopping site).

For this reason, Washington is progressively adopting a series of measures aimed to increase controls and level of security, in order to preserve US security and national interest.

An example of this is the publication of the Section 301 Report. Published last March, the US demonstrated how the Chinese government’s policies linked to technology transfer, intellectual property and innovation cause damage to the United States every year for tens of thousands of US dollars.

The last Report in this regard was published on October 26th, entitled China’s Internet of Things.

The universe of IoT devices includes billions of electronic systems such as smart phones and smart watches, industrial control systems used in electric grids and video cameras.

The Report was prepared by the U.S.-China Economic and Security Review Commission.

The latter, established by the United States Congress in 2000, has the task of identifying, analyzing and evaluating the risks of trade relations with China.

The Commission conducts periodic hearings, prepares legislative recommendations to the Congress and draws up an annual Report.

The latest Commission’s Report underlines that on the one hand IoT devices and technologies offer enormous benefits to industry and consumers, and on the other represent a serious threat to national security.

According to the Report, these threats are accentuated by the growing dominance of China in the IoT industry.

Specifically, through the production and development of such technologies, in the context of various government policies and industrial programs (such as Made in China 2025), China is now able to dictate the direction of technical standards and more in general, of all the industry linked to the Internet of Things.

As a result, China could «have an exceptional impact on the security of IoT devices, obtaining almost unlimited access to US consumers and industrial data».

A major concern outlined in the Report is China’s efforts to uncover vulnerabilities in IoT systems that can be used by Beijing for strategic objectives in both peacetime and war.

«Aside from industrial control systems, unauthorized access to health care devices could kill patients and exploitation of smart car vulnerabilities could kill drivers and pedestrians alike, among other examples of possible misuse of data and devices that could have catastrophic consequences».

The Report suggests the research is cover for plans to conduct for cyber espionage, sabotage, and military cyber reconnaissance using the Internet of Things.

One example of an IoT cyber attack took place in 2016 when the malware known as the Mirai botnet infiltrated thousands of linked devices by scanning the Internet for video cameras that were not protected and easily accessed by using default passwords.

Mirai «commandeered some one hundred thousand of these devices, and used them to carry out a distributed denial of service (DDoS) attack that shut down many popular websites».

To prevent possible Chinese domination from posing a serious risk to national security, the Commission recommends the Congress to:

  • codify existing U.S. data regulations and others in a single, comprehensive federal law governing data privacy;
  • enact a tiered disclosure regime for IoT products broad enough to cover multiple aspects of authorized IoT data collection;
  • refer corporate-level attempts to transfer U.S. data to foreign entities to CFIUS for approval;
  • require foreign IoT products to disclose affiliation with foreign entities that may pose a significant risk of harmful but authorized access to U.S. data;
  • mandate data expiration and de-identification of data where appropriate according to existing principles of data minimization, especially for information resellers;
  • expedite passage of a unified federal data privacy statute applicable to both foreign and domestic IoT companies.

The seriousness of the challenge from Chinese IoT policies will only increase in the years to come as the United States and China continue to engage in what amounts to a struggle for no less than the future of the internet. The outcome of this struggle will ultimately rest upon the U.S. willingness to understand Chinese IoT development policies, and to develop sound policies of its own.