Amazon’s cloud service wing, known by the acronym AWS, is in business with two Chinese surveillance technology defense contractors that have been put on the so-called Entity List over at the Commerce Department’s Bureau of Industry and Security (BIS). The entities in question are Hikvision and Dahua, two tech companies that are used heavily in that Western Chinese Uyghur prison province known as Xinjiang.
Getting on that list means the U.S. government sees foul play – or activities counter to U.S. foreign policy interests – and will restrict U.S. companies from engaging in helping that foul play continue.
Who will police it? Despite the U.S. making such listings, the enforcement is lax at times, Since the U.S. government is not in the business of telling the private sector what to do, it comes down to businesses acting on their own. Amazon must know that Hikvision and Dahua are restricted. They’re in business anyway.
Yes, AWS is in business with a surveillance technology company run by the Chinese Communist Party, a governing party the U.S. has fought against since the 1950s and run by a country the Director of National Intelligence has repeatedly called our biggest geopolitical risk since the Soviet Union.
News of AWS’s contract with Hikvision and Dahua was first reported this week by Jimmy Quinn of the National Review.
The National Review article was based on an investigation that Quinn conducted with IPVM, a video surveillance specialty firm conducting market intelligence for that sector of the tech economy
From that report by IPVM and National Review:
(Amazon) might be running afoul of a provision in the 2019 National Defense Authorization Act (NDAA) [on] contracts with firms that use certain Chinese surveillance hardware or software. One potentially significant issue is that Amazon Web Services (AWS) simultaneously provides cloud Internet services to the U.S. National Security Agency and Hikvision, which the U.S. government designated as a Chinese military-industrial complex company last year. “Facing a clear threat to federal networks, Congress drew a line in the sand for its contractors: if you do business with Hikvision or Dahua, you can’t do business with the federal government,” said Conor Healy, IPVM’s director of government research. “Amazon seems determined to do the opposite. It is actively facilitating and incubating the very threat Congress sought to mitigate.”
When Dahua – fully known as Zhejiang Dahua Technology Company – was put on the Entity List in October 2019, the company said that it does not partake in any business that runs counter to U.S. national security.
Hikvision was added to the Entity List in June 2020.
An Amazon spokesperson told National Review in a statement that, “Amazon complies with applicable law in the jurisdictions where we do business, including Section 889 of the 2019 NDAA, and has policies and procedures designed to support such compliance. We expect all products in the Amazon Stores to be manufactured and produced in accordance with our Supply Chain Standards.”
But that is not the point.
Both Hikvision and Dahua are restricted access to U.S. technology. Cloud services are not restricted. China can buy cloud services from anywhere, including its own indigenous firms like Baidu, Alibaba, and Tencent. But the Chinese government chooses Amazon as a means to at least get free lobbying for them in Washington. Why would Amazon want its government in Washington to create problems for the China-U.S. relationship? They would not. In this case, Amazon works as a defacto supporter for calm seas with China, rather than countering Chinese policies deemed harmful to the U.S. or even hypocritical to U.S. soft power abroad — such as issues of human rights and free speech. If U.S. companies are fine with doing business with state-owned actors its own government has warned them against, what’s stopping U.S. competitors from doing the same? In fact, from a Chinese government perspective, if Amazon is fine with state-owned surveillance companies keeping a careful eye on Chinese citizens, let alone minority groups in Xinjiang, then it is a stamp of approval of China’s innocence. They’re not doing anything wrong. Otherwise, why would this big American name brand be in business with them?
Hikvision technology is used to monitor Uyghurs in Xinjiang, something the United Nations recently referred to as an international human rights crime.
The Entity List does not restrict based on human rights concerns alone but the Uyghur Forced Labor Prevention Act law does restrict U.S. imports from companies sourcing goods from Xinjiang.
Alas, Amazon is not alone.
Zhejiang Dahua is a publicly traded company in Shenzhen. Fidelity has around seven million shares in its China Special mutual fund, based on recent Morningstar data.
Vanguard owns around 3 million shares in its emerging markets exchange-traded fund, also based on Morningstar data.
It does not appear that any U.S.-based fund manager owns Hikvision stock – as should be the case with their listing on the capital markets sanctions list annex of the Treasury Department’s national security-China Military Industrial Complex Companies list, best known as the NS-CMIC capital markets sanctions list.
Commerce’s Entity List companies are not restricted access to U.S. capital, unlike NS-CMIC listed companies. The U.S. government might consider them problematic on national security grounds, but the market is wide open for U.S. investment firms to put money to work there. This is often due to the lack of harmonization, clarity, and consistency of U.S. sanctions policy and a sheer ineptitude or unwillingness by the U.S. Treasury Department to routinize Office of Foreign Assets Control to make additions to the NS-CMIC List. Adding to that capital markets sanctions list would deter investment with known bad actors in accordance with U.S. law.
In Amazon’s cloud case, that market is still open for them to bring on Hikvision and Dahua as clients.
When people on Capitol Hill and in the media ask what is being done to make these China restrictions actually work – the question should be asked to the likes of AWS, and others. What are they doing? Their answers will be that they are not breaking the law, which is probably true in most cases.
But what is also true is that these companies, of which AWS is merely a case in point, are abetting a Chinese company the U.S. government singled out as problematic and counter to U.S. interests, regardless of the general innocence of the cloud computing services AWS is providing.
AWS can do business with hundreds of other undramatic entities in China – hospital chains, real estate conglomerates, financial service firms, logistics companies. Instead, they chose the two companies that the U.S. government has restricted access to, that do business in the most controversial province in all of China – Xinjiang. This is great cover for China. If AWS likes our Xinjiang surveillance companies…what can possibly be the problem? Doesn’t everyone love Amazon?
This is one of the reasons why Washington’s policies on China end up being so paper thin: inconsistency across agencies and in the application of policies backed up by little to no support from global corporations and K Street. For its part, many people in Washington are rightfully weary of expanding the bureaucracy to police business and investment in China, as was revealed again on Thursday during the Senate Banking Committee’s hearing on restricting outbound investments in China.
The Senate is trying to grapple with the problem without being Big Business’s Big Brother.
In July, Senator Joni Ernst (R-IA) teamed up with Sen. Gary Peters (D-MI) and Maggie Hassan (D-NH) on legislation that would “prevent Chinese influence in national security contracting.”
“The U.S. is playing a dangerous game,” Sen. Ernst said. “It’s past time we put safeguards in place to ensure no firms hired by the federal government are working simultaneously to support the agenda of our adversaries.”
Would that scare AWS away from Dahua and Hikvision, for example? They have Pentagon contracts. That depends on what’s in the final Ernst bill, and if the President signs it into law, of course.
As it is now written, Ernst’s “CONSULT Act” would require a disclosure of contracts such as this one with Hikvision and Dahua to be provided whenever Amazon would apply for a federal consulting contract. If the contract is found to be a national security concern, their contract application could be denied. If they fail to disclose that contract, they risk suspension or debarment. More simply, the Consult Act would include items like cloud services, but only in regard to federal consulting contracts. There is room to further tweak the draft legislation.
Being on the Entity List has not turned companies off to Chinese government contractors. Many tech companies are still selling hardware and software to companies on the list. Restrictions seem porous. For sure, the Entity List names have not deterred Fidelity and Vanguard from investing in them.
“The U.S. Government’s inconsistencies in policy toward investing in and doing business with our leading adversary – notably in sensitive arenas and fields related to national security interests – are a failure to do what is in America’s interests. It is beyond time for Congress to step in and mend these gaps that exist between executive branch agencies and clarify the law,” said Robby Smith Saunders, National Security Advisor for CPA. “We can’t continue to allow U.S.-based, global businesses to have their cake and eat it too. Yes, they can go anywhere they want. But when it comes companies that provide contracted services to the Pentagon as well as providing the same exact service to their adversary – you are no longer just doing business. Companies can’t play both sides – especially if one side is the Chinese Communist Party. If Amazon wants to do business with these state-owned defense contractors, it can. But there has to be consequences and changes in U.S. policy toward AWS if they also want U.S. defense contracts,” she said, adding that CPA supports policies like Sen. Ernst’s bill.