The Biden administration is reviewing e-commerce giant Alibaba's cloud business to determine whether it poses a risk to US national security, according to three people briefed on the matter, as the government ramps up scrutiny of Chinese technology companies' dealings with US firms.
The focus of the probe is on how the company stores US clients' data, including personal information and intellectual property, and whether the Chinese government could gain access to it, the people said. The potential for Beijing to disrupt access by US users to their information stored on Alibaba cloud is also a concern, one of the people said.
US regulators could ultimately choose to force the company to take measures to reduce the risks posed by the cloud business or prohibit Americans at home and abroad from using the service altogether.
Former President Donald Trump's Commerce Department was concerned about Alibaba's cloud business, but the Biden administration launched the formal review after he took office in January, according to one of the three people and a former Trump administration official.
Alibaba's US cloud business is small, with annual revenue of less than an estimated $50 million, according to research firm Gartner Inc. But if regulators ultimately decide to block transactions between American firms and Alibaba Cloud, it would damage the bottom line one of the company's most promising businesses and deal a blow to reputation of the company as a whole.
A Commerce Department spokesperson said the agency does not comment on the "existence or non-existence of transaction reviews." The Chinese Embassy in Washington did not respond to a request for comment.
Alibaba declined to comment. It did flag similar concerns about operating in the US in its most recent annual report, saying US companies that have contracts with Alibaba "may be prohibited from continuing to do business with us, including performing their obligations under agreements involving our...cloud services."
The probe into Alibaba's cloud business is being led by a small office within the Commerce Department known as the Office of Intelligence and Security. It was created by the Trump administration to wield broad new powers to ban or restrict transactions between US firms and internet, telecom and tech companies from "foreign adversary" nations like China, Russia, Cuba, Iran, North Korea, and Venezuela.
The office has been particularly focused on Chinese cloud providers, one of the sources said, amid growing concern over the potential for data theft and access disruption by Beijing.
The Trump administration issued a warning in August, 2020 against Chinese cloud providers including Alibaba, "to prevent US citizens' most sensitive personal information and our businesses' most valuable intellectual property...from being stored and processed on cloud-based systems accessible to our foreign adversaries."
Cloud servers are also seen as ripe for hackers to launch cyber attacks because they can conceal the origin of the attack and offer access to a vast array of client networks.
While there are scant public cases of the Chinese government compelling a tech company to turn over sensitive customer data, indictments of Chinese hackers reveal their use of cloud servers to gain access to private information.