The U.S. Government Needs an Inside-Out Approach to China | Opinion

When it comes to China, Big Tech, and the surveillance of Americans, the U.S. needs to invert the problem.

The government's current focus could best be described as outside-in: How do we ensure that Chinese services like TikTok are not engaging in widespread surveillance on American people and institutions? Hence various state and federal efforts to ban or restrict TikTok, as well as the mounting public pressure on the social network's parent company, ByteDance, to protect user information.

But what about the inside-out? Specifically, how do we ensure that U.S.-based companies conducting business inside China aren't accelerating Chinese surveillance? On this issue, we have far fewer tools and procedures in place to address potential wrongdoing, and we run far greater national security risks than we might appreciate.

Consider, for instance, the American tech giant Microsoft. Through its wide-ranging ecosystem of enterprise and consumer products, there is scarcely an area of American digital life that Microsoft doesn't touch. Microsoft also happens to warehouse its largest non-U.S. artificial intelligence (AI) research center inside China. Indeed, as one researcher put it, Microsoft's AI hub in China has been "perhaps the single most important institution in the birth and growth of the Chinese AI ecosystem over the past two decades."

Over those decades, Microsoft's Chinese operation hasn't exactly covered itself in glory. In order to keep a foothold in China, Microsoft has sanitized results on its search engine Bing, ended its locally based version of LinkedIn after pressure from the Chinese Communist Party, and even conducted research arm-in-arm with China's military-run National University of Defense Technology. And that's not to mention the possible theft of U.S. data through Microsoft's Chinese outposts, or the stealing of vital trade and technology secrets through Sino-Microsoft commercial relationships.

The nexus of these two realities—Microsoft's massive footprint in China and its troves of U.S. email, documents, and other digital ephemera—should be deeply worrying to Americans. What mechanisms has Microsoft put in place to safeguard American data and information? And what assurances do Americans have that those protections are doing the job? The honest, if uncomfortable, truth is that it's highly likely Microsoft can do little to combat the Chinese Communist Party's hunger for information on Americans. And it's also highly likely that Microsoft's robust presence in China is a real threat to Americans' privacy and security.

Usually, this is the point in the argument when people throw up their hands, accede to the corporate interest, and move on. But we mustn't do that anymore. Already, leaders in both parties have identified the risk that Chinese surveillance poses to Americans. Indeed, it was the Biden administration that, in 2021, publicly called out China for its breaches of Microsoft software, noting that Chinese government hackers exploited holes in Microsoft Exchange software to "compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims."

But again, the Biden administration was focused outside-in: infiltrations by Chinese hackers into Microsoft products. What is needed is a similar focus going the other way. For a solution, we can look to a 1975 executive order issued under the administration of President Gerald Ford. Concerned about foreign ownership of U.S. companies, Ford signed Executive Order 11858 to establish the Committee on Foreign Investment in the United States (CFIUS.) The committee's remit was to evaluate the national security implications of foreign entities buying U.S. companies or investing heavily in the U.S., with nine cabinet-level Executive Branch agencies and offices playing a role.

Both the president's executive order and Congress' follow-on legislation empowering CFIUS were designed mostly with economic competitiveness in mind. Americans were concerned about Japanese economic might, exemplified by the possible acquisition of U.S.-based Fairchild Semiconductor by Japan's Fujitsu. But CFIUS has also played a key role in evaluating various deals in which foreign ownership of U.S. assets might prove a security concern.

What the U.S. needs today is a cousin committee, which we might call CFIOUS: the Committee on Foreign Investment Outside the U.S. It would focus on the actions of companies like Microsoft and others that have a big presence abroad, in countries that pose a threat to the U.S. and its interests. CFIOUS can and should be empowered to do what CFIUS does today: monitor and review American corporate expansion based on national security concerns.

This idea isn't new, of course, but it has become a rare area of bipartisan agreement. Both parties came together on legislation to formalize such a process, and a bill was introduced in 2022. U.S. National Security Advisor Jake Sullivan signaled his support of such a move. In an era of fractious disagreements, concerns about American companies abroad have united Left and Right—in large measure because of bipartisan worries about China.

Though corporate leaders may raise issues in public with such a proposal, my suspicion is that they will breathe a sigh of relief in private. Why? Because this will give them cover to duck deals with Chinese institutions, many of which wind up being more trouble than they are worth. More than one American company has had to deal with various indignities while conducting business with Beijing. Whether having to use burner phones during travels, or returning to a hotel room to find that things are just out of place, or simply having to deal with the whims of a Communist Party bent on pumping up Chinese companies—there is ample evidence that doing business in China causes headaches that many American companies would sooner avoid.

A CFIOUS-type process could give American firms an easy out, and more importantly, give the American public confidence that domestic corporate interests won't trump national security interests. Such a process exists in the U.S. already—we need only invert it to begin to safeguard our interests, both those of our private sector and of our people.

Matthew G. Whitaker served as acting Attorney General of the United States from 2018 to 2019.

The views expressed in this article are the writer's own.