The U.S. government has been quietly warning technology companies about the security risks posed by doing business with Huawei and ZTE, two Chinese telecommunications firms that are closely linked with China’s government.
Sen. Marco Rubio, R-Fla., told CyberScoop Thursday at a national security conference that the government is holding classified briefings to warn private companies of the intelligence concerns. He said the companies that have been briefed are aware of the concerns, but are also “prioritizing market access.”
“I think it’s important for us to do what we can to warn people about the threat,” Rubio said. “I think some of those companies are aware of [the intelligence concerns], but they make the decision that they’ll worry about that later. They want access to 1.3 billion people.”
The news comes as the Trump administration is trying to persuade lawmakers to drop their opposition to a trade deal that would revive ZTE’s access to U.S. suppliers. In April, the Commerce Department barred ZTE from buying components from those suppliers after the company violated an agreement that penalized it for doing business with Iran and North Korea.
Trump’s deal would offer ZTE a business lifeline if the company agrees to create an internal compliance board, fire several senior executives and also pay a large fine. Critics say the arrangement won’t do enough to quell existing national security concerns.
“It just honestly makes no sense why anyone would argue or take comfort in new leadership [at ZTE] being enough of a change to allow these companies to buy American semiconductors, for which without them these companies would not be able to operate,” Rubio said.
At the Thursday conference on Capitol Hill, Rubio said the Chinese government had been strategically pushing contracts to Huawei and ZTE in developing markets throughout Africa and South East Asia in order to exert Beijing’s global influence.
“Under China’s own intelligence law that they passed in 2017, every person in China and every company is compelled by law to cooperate with their intelligence agencies,” said Rubio. “No matter who we embed or what overseers we have in their company, if China says ‘let us spy’ then they have to let them spy because otherwise they won’t be in business for long.”
CyberScoop previously reported that the U.S. government followed a similar, FBI-led briefing strategy when dealing with Moscow-based cybersecurity company Kaspersky Lab.
Around the same time that the Department of Homeland Security deemed Kaspersky Lab a “national security risk,” the FBI was privately reaching out to critical infrastructure companies to warn them about associated cybersecurity risks. Some of the briefings involved so-called “read-ins,” where the government provided a short-term security clearance to company staff in order to share classified information.
Rubio said such warnings are also needed in the case of Huawei and ZTE. The senator recently co-sponsored a bill that would block Trump’s proposed ZTE deal. The bill was in included in the Senate version of the fiscal 2019 National Defense Authorization Act, which passed Monday. That package still faces potentially long negotiations with the House.
On Wednesday, Rubio was among a group of senators that sent a open letter to Google discouraging the tech giant from continuing its business relationship with Huawei. Rubio told CyberScoop its possible that additional, similar public letters will be sent to other American technology companies in the coming months.
Current and former U.S. intelligence officials have been saying for years that the Chinese government can leverage technology built by these two companies for espionage or censorship purposes.
In February, the heads of six intelligence agencies — including the CIA, FBI and NSA — told the Senate Intelligence Committee that they would avoid using products or services from either Huawei or ZTE because of associated security risks.
The FBI and National Counterintelligence and Security Center — an agency under the Office of the Director of National Intelligence — declined to comment.
Sean Lyngaas contributed to this report.