It seems that dubious Chinese encryption chips have made their way into the U.S. government agencies and international military organizations, as per a report by Wired.
These encryption keys, with their advanced algorithms, protect the confidential information in possession of organizations like the North Atlantic Treaty Organization (NATO), NASA, the U.S. Navy, and the U.K. military – all reportedly using encryption microcontroller chips supplied by Chinese chipmaker Hualan Microelectronics, also known as Sage Microelectronics.
On the Entity List
Hualan was added to the U.S. ‘Entity List’ in 2021 by the Commerce Department’s Bureau of Industry and Security (BIS). The Entity List enlists all the companies the U.S. has placed sanctions on. Hualan had been added to the list for “acquiring and … attempting to acquire US-origin items in support of military modernization for [China’s] People’s Liberation Army.”
The U.S. has been at odds with Chinese companies that have close relations with the Chinese Communist Party (CPP), which includes virtually all companies on the mainland. Exhibit A: TikTok. Other companies that have been put on the sanction list include Huawei, AI startup SenseTime, drone supplier DJI, etc., as the U.S. becomes increasingly stringent about its policies in regard to Chinese technology.
Federal procurement records show that U.S. government agencies, from the Federal Aviation Administration to the Drug Enforcement Administration and the U.S. Navy, have bought encrypted hard drives that use the chips, too, said the Wired report.
A disconnect between U.S. government wings
The disconnect between the Bureau and government agencies may be because the chips were supplied by Initio, a subsidiary of Hualan. Initio was acquired by Hualan in 2016 and is headquartered in Taiwan. The chips have the Initio branding.
The Wired report further says that the Chinese may have a hidden backdoor that would allow China’s government to stealthily decrypt Western agencies’ secrets. And while no such backdoor has been found, security researchers warn that if one did exist, it would be virtually impossible to detect.
“If a company is on the Entity List with a specific warning like this one, it’s because the U.S. government says this company is actively supporting another country’s military development,” said Dakota Cary, a China-focused research fellow at the Atlantic Council, a Washington, DC-based think tank, in an interview with Wired. “It’s saying you should not be purchasing from them, not just because the money you’re spending is going to a company that will use those proceeds in the furtherance of another country’s military objectives, but because you can’t trust the product.”
“It’s used somewhat as a blacklist,” said Emily Weinstein, a researcher at Georgetown University’s Center for Security and Emerging Technology, while speaking to Wired. “The Entity List should be a red or maybe a yellow alert to anyone in the US government who’s working with this company to take a second look at this.”
A spokesperson with the Bureau said that although a company like Initio – an unlisted subsidiary – isn’t technically affected by the Entity List, “as a general matter, affiliation with an Entity Listed party should be considered a ‘red flag.’”
With suspicious Chinese balloons flying over U.S. airspace and new allegations of Chinese apps spying on U.S. citizens, the diplomatic relations between the two countries have taken a hit. The latest Wired report adds to the flare-up.