EXCLUSIVE — As reliance on cloud computing grows, business deals made by American technology firms, China’s increasing control over undersea cable networks, and the Chinese Communist Party’s intense subsidization of digital infrastructure present a tangible threat to Americans’ data security, a new report published by the American Security Project has found.

One key vulnerability identified in the report is the partnerships struck by Amazon Web Services and Microsoft with Chinese firms in order to provide cloud computing services in mainland China. As a result of these deals, the two firms are required to store all Chinese data in China and are required to transfer foreign data, including that of Americans, to the Chinese Communist Party upon request. Additionally, ASP identifies China’s increased presence in building and maintaining undersea internet cables, growth largely fueled by the CCP’s aggressive subsidies, as another vector for Beijing to surveil Western data.

Recommended Stories

• Fact-checking Brennan and Clapper's false Russiagate narrative in New York Times op-ed
• Trump says Epstein poached staffers from Mar-a-Lago spa, including Virginia Giuffre
• Raffensperger leads election integrity effort targeting thousands of inactive Georgia voters

“AI infrastructure is a critical tool in America’s economic, military, and diplomatic arsenal, and the CCP’s gamed the system to have it both ways,” said ASP senior staffer Courtney Manning, the report’s lead author. “They’re giving Chinese enterprises an unfair edge in global markets while finding holes in our export controls to steal our data. We can’t keep turning a blind eye to the grey zone activities happening in the cloud. If we do, authoritarian systems built with American resources will spread unabated through U.S. infrastructure abroad.”

Many corporations operating in China are subject to the same laws that allow the CCP to demand data from Amazon and Microsoft. Just because the CCP has the legal right to request U.S. data doesn’t mean that these firms have handed data to Beijing, however.

Some of the concerns outlined by ASP aren’t hypothetical. 

In 2024, for instance, American officials identified ships belonging to a partially Chinese state-owned company wiretapping undersea cables. State Department officials have also expressed concerns that the Chinese repair ships American technology firms have entrusted with repairing their undersea cables may be installing surveillance equipment during what are ostensibly routine maintenance operations. Further, China may induce unnecessary repairs by sabotaging Western cables, as at least 11 Chinese vessels have been accused of doing so since 2023.

Chinese entities have also been caught rerouting data, directing information exchanged locally between 368 million European IP addresses to China for two hours in 2019, the Independent reported. During that time, unencrypted data could have been viewed by Chinese state actors.

Undersea cable security is of pressing concern, according to ASP, seeing as almost all military and intelligence communications between the United States, NATO, and Five Eyes nations flow through such channels. 

“The U.S. Navy’s Integrated Undersea Surveillance System defends select U.S. military cables through a sophisticated early warning system and submarine surveillance,” the report reads. “However, no similar protections are afforded to the commercial cloud infrastructure that transmits and stores all sensitive and bulk U.S. data, allowing China to rapidly meet its espionage and AI development objectives.”

China’s $20 trillion market serves as a strong incentive for American tech firms to intertwine themselves with Beijing. 

In April 2024, the Chinese government lifted some of its regulations to allow users in certain “special economic zones” to remotely access American hardware and software that is unavailable in China, partially due to efforts from the U.S. government. In order to gain access to these markets, however, American firms would have to “agree to strict CCP censorship, data transfer, and surveillance policies,” ASP claimed, pointing to Chinese law. 

Reuters reported in August 2024 that 11 Chinese entities had sought or acquired access to these services through Amazon and Microsoft, citing business records.

“AWS complies with all applicable U.S. laws, including trade laws, regarding the provision of AWS services inside and outside of China,” an Amazon Web Services spokesperson told Reuters at the time.

Rep. Michael Lawler (R-NY) proposed legislation called the Remote Access Security Act in September 2024 that would have empowered the government to block such remote access deals. However, it failed to advance through the Senate.

Beyond entanglements stemming from private ventures, some tech firms have allowed their links to Beijing to spill over into government contracting.

Microsoft, for instance, used China-based engineers to staff contracts with the Department of Defense, possibly offering up sensitive government information to the CCP, ProPublica reported on July 15.

Previous Washington Examiner reports have detailed the extensive business relationships between American tech firms and those linked to the Chinese armed forces, the proliferation of pro-CCP workers embedded at senior levels in the nation’s largest tech companies, and the ways companies such as Meta have profited off promoting pro-Beijing messaging.

ALUMNI OF CCP-CONTROLLED GROUP HOLD SENIOR POSITIONS IN SENSITIVE INDUSTRIES

Near the end of its report, ASP provides a number of policy recommendations that it believes could patch up the gaps in security it outlined. The organization advised policymakers to draft legislation that would prevent American tech firms from transferring data or restricted technologies to adversaries, diversify the firms awarded government cloud computing contracts to limit the influence of any one provider, and recognize guarding cloud infrastructure as key to national security.

In arguing for the need to protect America’s cloud infrastructure, ASP points to the commercial and security benefits of cloud dominance, such as the ability to extract revenue from hefty profits and collect data transferred across global networks for security purposes. Prior to the adoption of commercial cloud computing methods, many government systems were on the brink of “catastrophic failure,” according to the Treasury Department.

Chinese telecom giant Huawei, however, has been growing rapidly in recent years, largely due to generous state support from the CCP, conferring many of those same benefits to China and threatening the dominance of American firms.

ASP is a bipartisan national security organization founded by John Kerry and Chuck Hagel, who went on to serve as Secretaries of State and Defense, respectively, in the Obama administration. The organization has both Republicans and Democrats on its board, several of whom are decorated military veterans. 

Amazon and Microsoft did not respond to requests for comment.