US Lawmakers Target Three China Telcos Over Security Concerns

US lawmakers have put the spotlight on three Chinese telecom giants amid claims their platforms have enabled cyber intrusions, data theft, and paths to sabotage of US infrastructure.

The leaders of a US congressional committee moved on Wednesday to force China Mobile, China Telecom and China Unicom to cooperate with an investigation into their alleged support for the Chinese military and government.

Reuters reported that letters sent this week show the House of Representatives’ select committee on China used its seldom exercised subpoena powers in an effort to compel the three firms to answer questions on whether they could exploit access to American data through their US cloud and internet businesses.

ALSO SEE: Chinese Exporters Slow to Switch to ‘Weak’ Domestic Market

In a bipartisan effort, Democratic and Republican lawmakers voiced concern over the Chinese telecoms’ US operations following high-profile Chinese-led cyberattacks, including Volt Typhoon, which the FBI said has allowed China to gain access to American telecommunications, energy, water and other critical infrastructure.

Beijing has denied responsibility for those attacks.

Last month the committee’s Republican chair John Moolenaar and its top Democratic Representative Raja Krishnamoorthi sought responses from the companies to questions after a 2024 Reuters report that they were under US Commerce Department investigation.

The committee said the companies had ignored that request.

Firms providing cloud, internet routing services

The Federal Communications Commission (FCC) denied China Mobile’s application to provide US telecommunications service in 2019 and revoked China Telecom and China Unicom’s authorizations in 2021 and 2022.

But the companies still have a small presence in the US, for example, providing cloud services and routing wholesale US internet traffic.

US regulators and lawmakers fear that the companies could access personal information and intellectual property stored in their clouds and provide it to the Chinese government or prevent Americans from gaining access.

In three similar letters dated April 23 notifying the companies of the subpoenas, Moolenaar and Krishnamoorthi said the select committee had received information indicating the companies “may continue to maintain network Points of Presence, data centre access, and cloud-related offerings in the United States, potentially through subsidiaries or affiliates.”

They called for the companies’ full cooperation by May 7.

The companies did not immediately respond to Reuters’ requests for comment. China’s embassy in Washington also did not respond immediately, but it has previously said the US sought to suppress Chinese companies under “false pretexts.”

Running equipment, software, cloud systems

A committee spokesperson said despite the FCC ban on all three companies operating licensed telecom infrastructure in the US, they have continued to run equipment, software, and cloud-based systems in the country that do not require licences and thus avoid FCC oversight.

“The committee has received third-party private sector reporting and intelligence indicating these platforms have enabled cyber intrusions, data theft, and potential sabotage of US infrastructure,” the spokesperson said, without providing further details.

Congress could move to find the companies in contempt if they fail to respond.

The move would be no surprise, given revelations in December that US telecom systems were so badly compromised by Chinese hackers that senior government officials were told to ditch regular phone calls and text messages.

The Cybersecurity and Infrastructure Security Agency issued that warning that senior government officials should only use end-to-end encrypted communications in the wake of a hacking incident described as the most widespread ever by Chinese cyber spies.

Concern over US communications is high partly because of bilateral tensions over the trade war, plus revelations that new Defence Secretary Pete Hegseth has reportedly failed to adhere to secure communication protocols.