The proxy fight between the US and China over IT equipment is about to escalate, following news that a recent Congress provision will require US government agencies to scrutinise IT equipment from Chinese manufacturers before being allowed to procure them.
The provision was passed as part of a broader, 250-page budget measure and mandates a new review process for government technology purchases in an attempt to thwart cyber espionage. According to the law, NASA, the Department of Commerce, and the Department of Justice will not be allowed to buy IT equipment without the approval of federal law enforcement officials who have examined "any risk associated with such systems being produced, manufactured or assembled" in China.
In a blog post on the Volokh Conspiracy legal blog, lawyer and former Department of Homeland Security official Stewart Baker shed light on the controversy. “While the provision doesn’t prohibit purchases of Chinese-government-influenced systems, it makes such purchases politically difficult,” Baker wrote.
China has responded to the measure, publicly criticising it for the likely negative effects it will have on China’s relationship with the US.
"This bill uses Internet security as an excuse to take discriminatory steps against Chinese companies," Hong Lei, a spokesperson for China’s foreign ministry, said. "It is not beneficial to mutual trust between China and the United States nor to the development of trade and economic relations,” Lei added.
However, the law’s objective “is not to hurt American and European companies that have operations in China," an unnamed congressional aide who worked on the bill told Reuters. "It was really targeting entities that are directed by Beijing."
But the move “could turn out to be a harsh blow for companies like Lenovo that have so far escaped the spotlight trained on Huawei and ZTE,” wrote Baker.
Earlier this year, a US Congress committee conducted an 11-month investigation and concluded that the country needs to be wary of ZTE and Huawei’s expansion into the US, while the private sector should be well-informed about their alleged espionage threats. Meanwhile, a recent report from security firm Mandiant traced cyber attacks targeting US infrastructure to a Chinese military base in Shanghai.