DeepSeek Chatbot and Security Concerns Related to Chinese Telecom

WASHINGTON | Recent findings have linked DeepSeek, a Chinese artificial intelligence company known for its blockbuster chatbot, to China Mobile, a state-owned telecommunications company that has been banned from operating in the United States. This revelation brings to light potential security concerns regarding user data privacy and the influence of foreign technology on American citizens.

Security researchers have discovered that the web login page of DeepSeek’s chatbot includes complex computer code. When analyzed, this code was found to connect to the computer infrastructure owned by China Mobile. This connection seems to be involved in the account creation and user login processes on DeepSeek’s platform.

While DeepSeek's privacy policy admits that user data is stored on servers located in the People’s Republic of China, this new information indicates a more direct relationship with the Chinese state than was previously acknowledged, particularly through the association with China Mobile. The U.S. government has expressed security concerns about China Mobile's ties to the Chinese military, which led to the company facing sanctions and restrictions.

Concerns Over User Data and National Security

The rise of Chinese tech services has become a significant issue for U.S. national security officials. A bipartisan effort in Congress recently attempted to impose severe restrictions on TikTok, the popular video platform owned by a Chinese company. Lawmakers have called for either a forced sale or outright ban on TikTok due to security concerns, although the app has been granted a temporary stay.

Feroot Security, a cybersecurity firm based in Canada, first uncovered the code linking DeepSeek to China Mobile. They shared their findings with The Associated Press, which subsequently confirmed the presence of the China Mobile code through independent verification. To date, neither Feroot nor other researchers detected any data being transferred to China Mobile during their testing in North America, yet they warned that it is still possible that some users’ data could be passing to the Chinese telecom.

Although this analysis focused on the web version of DeepSeek, the mobile application continues to rank among the most downloaded apps on both the Apple and Google app stores.

Official Reactions and Implications for Users

The U.S. Federal Communications Commission had previously denied China Mobile the authorization to operate in the country back in 2019, citing serious national security issues. Moreover, the Biden administration in 2021 implemented additional sanctions limiting American investments in China Mobile after it was linked to military entities.

Ivan Tsarynny, the CEO of Feroot, expressed his concern, stating, "It's mindboggling that we are unknowingly allowing China to survey Americans, and we're doing nothing about it." He emphasized that the situation appears to be more than just an accident, noting that there are several unusual aspects to consider.

Stewart Baker, a seasoned lawyer with past experience at the Department of Homeland Security and the National Security Agency, echoed these concerns, stating that DeepSeek poses risks similar to TikTok but with potentially more sensitive and personal information being at stake. Users are increasingly inputting sensitive data into generative AI systems for various purposes, which heightens the risk of exposure when such systems are connected to foreign adversaries.

Potential Risks Associated with Generative AI

The analysis by Feroot indicated that the discovered code activates whenever a user logs into DeepSeek and may collect detailed device information through a process known as fingerprinting, often used for security and verification by tech companies globally. This raises concerns that proprietary and personal data can potentially be intercepted or misused.

Considering that so much sensitive information is shared—ranging from confidential business data to deep personal details—the implications of such data being accessible to a foreign state raise significant alarms about national security and individual privacy.

Independent cybersecurity experts confirmed the connections between DeepSeek and China Mobile, with one expert, Joel Reardon, noting, "It’s clear that China Mobile is somehow involved in registering for DeepSeek." Although they were unable to detect data transfers during their analyses, the risk remains that this could happen for certain users or through specific login methods.

In light of these findings, users must carefully consider the implications of using applications like DeepSeek, especially when they involve sensitive personal information.

DeepSeek, China, Security