Exclusive: US scrutinizes Alibaba’s cloud unit for national security risks

A man walks past an Alibaba Group logo at his office building in Beijing, China August 9, 2021. REUTERS/Tingshu Wang/File Photo

Join now for FREE unlimited access to Reuters.com


WASHINGTON, Jan 18 (Reuters) – The Biden administration is reviewing e-commerce giant Alibaba’s cloud operations to determine whether they pose a national security risk to the United States, according to three people briefed on the matter, as the government intensifies scrutiny of Chinese technology. corporate relations with US companies.

The investigation focuses on how the company stores US customer data, including personal information and intellectual property, and whether the Chinese government could access it, the sources said. Beijing’s potential to disrupt US users’ access to their information stored on Alibaba’s cloud is also of concern, one of the people said.

U.S. regulators could ultimately choose to force the company to take action to reduce the risks posed by cloud activity or ban Americans at home and abroad from using the service.

Join now for FREE unlimited access to Reuters.com


Former President Donald Trump’s Commerce Department was concerned about Alibaba’s cloud business, but the Biden administration launched the official review after he took office in January, according to one of the three and a former Trump administration official.

Alibaba’s cloud business in the United States is small, with estimated annual revenue of less than $50 million, according to research firm Gartner Inc. But if regulators ultimately decide to block transactions between US companies and Alibaba Cloud, it would hurt the company’s bottom line. most promising companies and damage the reputation of the company as a whole.

A Commerce Department spokesperson said the agency does not comment on “the existence or non-existence of transaction reviews.” The Chinese Embassy in Washington did not respond to a request for comment.

Alibaba declined to comment. It flagged similar concerns about its U.S. business in its latest annual report, saying U.S. companies that have contracts with Alibaba “may be barred from continuing to do business with us, including from performing their obligations under agreements involving our… cloud services.”

The investigation of Alibaba’s cloud activity is conducted by a small Commerce Department office known as the Intelligence and Security Bureau. It was created by the Trump administration to wield sweeping new powers to prohibit or restrict transactions between U.S. companies and internet, telecom and tech companies from “adversarial foreign” countries like China, Russia , Cuba, Iran, North Korea and Venezuela.

The bureau has been particularly focused on Chinese cloud providers, one of the sources said, amid growing concerns over the potential for data theft and access disruption by Beijing.

The Trump administration issued a warning in August 2020 against Chinese cloud providers, including Alibaba, “to prevent the most sensitive personal information of American citizens and the most valuable intellectual property of our companies…from being stored and processed on cloud-based systems accessible to our foreign adversaries.”

Cloud servers are also considered ripe for hackers to launch cyberattacks as they can conceal the origin of the attack and provide access to a wide range of client networks.

While there are few public cases of the Chinese government forcing a tech company to hand over sensitive customer data, the indictments of Chinese hackers reveal their use of cloud servers to access private information.

For example, hackers connected to China’s Ministry of State Security broke into HPE’s cloud computing service and used it as a launching pad to attack customers, looting tons of company secrets and government officials for years in what U.S. prosecutors say is an effort to boost Chinese economic interests. .

‘GROWTH PILLAR’ Alibaba, the world’s fourth-largest cloud provider according to research firm Canalys, has around 4 million customers and describes its cloud business as its ‘second pillar of growth’. Its revenue grew 50% to $9.2 billion in 2020, despite the division accounting for just 8% of overall sales.

According to press releases, it has business relationships with units of major US companies, including Ford Motor Co (FN), IBM (IBM.N) Red Hat and Hewlett Packard Enterprise (HPE.N).

Although the Trump-era sweeping powers don’t cover foreign affiliates of U.S. companies, U.S. regulators have already found ways to tie them to their U.S. parent companies, which in turn may be subject to restrictions.

Before tech tensions between the United States and China began to boil, Alibaba had big ambitions for its cloud business in the United States. In 2015 it launched a cloud computing hub in Silicon Valley, its first outside China, with plans to compete with Amazon.com Inc, Microsoft Corp (MSFT.O) and Alphabet Inc’s Google (GOOGL.O) . It then added additional data centers there and in Virginia.

A person familiar with the matter said the company cut its U.S. bet during Trump’s presidency as tensions with China escalated.

In 2018, US authorities blocked a bid by Alibaba subsidiary Ant Financial, now Ant Group, to acquire US money transfer company MoneyGram International Inc (MGI.O) on national security grounds. But a move to put Ant Group on a commercial blacklist failed and an executive order banning its mobile payment app Alipay was revoked by Biden.

Biden, like Trump, is increasingly imposing restrictions on Chinese companies. Last month, the US government imposed investment and export restrictions on dozens of Chinese companies, including major drone maker DJI, accusing them of complicity in the oppression of China’s Uyghur minority or aiding the ‘army.

Join now for FREE unlimited access to Reuters.com


Reporting by Alexandra Alper; Additional reporting by Karen Freifeld, Chris Bing and Echo Wang; Editing by Chris Sanders and Edward Tobin

Our standards: The Thomson Reuters Trust Principles.

Comments are closed.