At a glance.
- US Department of Commerce considers sanctioning Kaspersky.
- The US and China battle over data protection regulations.
US Department of Commerce considers sanctioning Kaspersky.
The US has already banned federal government use of software from Kaspersky Labs, and now officials are considering sanctioning the Russia-owned cybersecurity company. Reuters recounts that in 2017, amid worries that Kaspersky software could be weaponized by the Russian government to spy on customers, the Trump administration banned the use of Kaspersky products by all federal government networks. Last year, after Russia’s invasion of Ukraine, worries about Kaspersky’s antivirus software led the US to conduct a national security probe, but at the time no sanctions were imposed as some officials worried too broad a restriction could threaten the functionality of US systems. Now sources say the US Department of Commerce is again discussing enforcement action against the company. The department has declined to confirm the reports, stating only that it "is committed to fully exercising its authorities to protect Americans' sensitive data, and to working with Congress in a bipartisan way to adapt to evolving risks." Kaspersky has not yet responded to requests for comment but has historically denied that it facilitates malicious cyber activity with any government. As the Wall Street Journal notes, the sanctions could be a way for the Commerce Department to test its authority when it comes to policing online threats. The agency is already working on revising the Information and Communications Technology and Services (ICTS) regulations that would give the White House the power to ban TikTok or other foreign-based technologies if deemed a national security risk.
The US and China battle over data protection regulations.
As the rapid growth of artificial intelligence fuels unprecedented technological advancements in the digital landscape, China and the US are engaged in a political standoff regarding data regulation. With these advancements come increasing fears of data weaponization, and Barrons asserts that a huge shift in dealings between Washington and Beijing could be on the horizon. As experts say data flows have become a major indicator of global economic growth, compliance officers and auditors struggle to regulate how that data is handled in order to defend the security of individual users and nations alike. Chinese leader Xi Jinping sees development of the digital economy as essential to China’s economic growth, but in an October 2021 speech he acknowledged, “We must also recognize that while enjoying a spell of rapid growth, the shoots of some unhealthy and irregular trends have emerged in the digital economy. These problems have not only affected the sound growth of our digital economy, but have also run counter to our laws and regulations, posing a threat to our national economic and financial security.”
China’s data security policy rests on the Personal Information Protection Law and the Data Security Law, which rely on data localization requirements, restrictions on cross-border data flows, and the right to force transfers of source code. The US has historically taken a more ad-hoc approach, creating a convoluted patchwork of federal and state laws covering data protection, which has worked to China’s benefit. However, US lawmakers are increasingly pushing for a more comprehensive framework to help the country defend against threats to national security, and the debate over China-owned companies like TikTok has officials considering revamping the Department of Commerce’s existing ICTS rules. Meanwhile, Beijing has been working to protect Chinese companies from the US’s investment restrictions, and on April 1 Chinese officials announced it will conduct a cybersecurity review of major semiconductor firm Micron. Going forward, Chinese regulators must strike a balance between maintaining its data security regime and ensuring Chinese companies’ competitive edge overseas.