The US Congress has installed a new cyber-espionage review process for government technology purchases which effectively pushes Chinese companies out into the cold.
The funding law signed this week by President Barack Obama is part of growing US paranoia over Chinese cyber attacks.
It stops NASA, and the Justice and Commerce Departments from buying information technology systems unless the FBI give the thumbs up. Currently FBI policy is that if the gear comes from a Chinese company there must be something wrong with it. This is different from having a “made in China” label on the back because that applies to most US electronics. The belief is that the Chinese will alter designs to allow back doors, they will sneak into factories operating in their back yard and stick sniffer chips into devices made by US companies.
A provision in the 240-page spending law requires the agencies to make a formal assessment of “cyber espionage or sabotage” risk when considering buying information technology systems.
It must include “any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidised” by China.
Currently the US imports a total of about $129 billion worth of “advanced technology products” from China, although a lot of this is from US companies who outsourced over there.
Writing in the Volokh Conspiracy, Stewart Baker wrote that the measure “could turn out to be a harsh blow” for Chinese computer maker Lenovo and also “bring some surprises for American companies selling commercial IT gear to the government”.
It is also possible that some US allies could raise objections because of the potential for the provision to prevent purchases of Lenovo computers manufactured in Germany or Huawei handsets designed in Britain.