Amazon’s business relationships with two Chinese surveillance giants, Hikvision and Dahua, could violate a law that prohibits federal contractors from doing business with certain Chinese companies, according to a joint investigation by National Review and IPVM, a group surveillance and security research.
While lawmakers are denouncing these practices, Amazon defends itself and claims that it is in full compliance with the law. Specifically, the Seattle-based tech giant may be running afoul of a National Defense Authorization Act (NDAA) provision of 53 that prohibits contracts with companies that use certain Chinese surveillance hardware or software.
An important issue is that Amazon Web Services simultaneously provides cloud internet services to the US National Security Agency and Hikvision , which the US government designated as a Chinese military-industrial complex corporation last year.
“Facing a clear threat to federal networks, Congress has set a rule: if you do business with Hikvision or Dahua, cannot do business with the federal government,” said Conor Healy, director of government research at IPVM. “Amazon seems determined to do the opposite. It is actively facilitating the threat that Congress seeks to mitigate.”
Even without the National Defense Authorization Act ban, the registration of the two Chinese surveillance companies – neither of which responded to requests for comment of the NR – should be cause for concern. In 53, Hikvision and Dahua were both blacklisted by the Commerce Department for their long work with authorities in Xinjiang as the Chinese Communist Party built a sophisticated police state. to systematically attack ethnic minorities in the region.
Dahua sells cameras that can identify Uighur faces, with an alarm that goes off when they are in sight. The company characterizes this as a smart policing feature to detect “real-time Uighurs” and “hidden terrorist leanings”. Hikvision, in addition to supplying cameras used in Xinjiang prison camps, sells torture systems. Hikvision also has contracts with the Chinese military, supplying the People’s Liberation Army air force with drone jammers and pitching its technology as a key to improving missile and tank systems.
None of this has stopped the Amazon to provide services to the two surveillance companies. Both offer streaming services that allow their customers to remotely view video feeds from cameras hosted on Amazon Web Services — the cloud internet platform that last year secured the renewal of a US$ contract 10 billion (R$53, 5 billion) with the National Security Agency.
According to a cybersecurity audit commissioned by Hikvision, conducted by FTI Consulting and submitted to the Federal Communications Commission in November of last year, “Hikvision uses multiple Internet Service Providers in the United States for all Hik-Connect traffic” , including Amazon Web Services, other Amazon service providers, and servers provided by Chinese tech giants Alibaba and Tencent.
A service agreement from Hikvision confirms that it is “hosted by Amazon Web Service (AWS) with network boundary protection and operating system protection”. Dahua also offers its own cloud access software, called COS, hosted on AWS. In addition, Amazon hosts several online stores operated by wholly-owned subsidiaries of Hikvision and Dahua. IPVM describes them as well-developed, based on the number of products each store offers, the sophisticated nature of the marketing that surrounds them, and the hundreds of “verified shopper” reviews.
Amazon, in turn, said he is complying with the law. A company spokesperson told NR in a statement: “Amazon complies with applicable law in the jurisdictions in which it does business, including Section 889 of the NDAA of 2019, and has policies and procedures designed to support such compliance. We expect all products on Amazon Stores to be manufactured and produced in accordance with our Supply Chain Standards.”
Amazon also notes that its AWS cloud services and supply chain are vetted and accepted for top-secret workloads. But the fact that Amazon has billions of dollars in US government contracts, while also working with Hikvision and Dahua, raises thorny legal issues for the company. Although the Defense Authorization Act National primarily prohibits federal contractors such as Amazon from purchasing devices from companies, it may also prohibit contractors from having certain business relationships with them.
Specifically, under the federal prohibition, agencies cannot enter “into a contract (or extend or renew a contract) with an entity that uses any equipment, system or service that uses covered telecommunications equipment or services (by the standard) as a sub-component essential or essential part of any system, or as a critical technology as part of any system.”
“This means that the US$ contract 10 Amazon’s billions with the NSA may be illegal, but first federal authorities must clarify the scope of the ban and investigate Amazon’s actions,” Healy said. “As things stand, due to the imprecise language of the law, the legality of Amazon’s actions can come down to something as trivial as whether or not they connected one of these devices.”
Questioned about Amazon’s work with Chinese surveillance companies, an NSA spokesperson told NR that its “business practices are in line with the law of 53 and its security requirements.” Implementation”. The potential conflict of interest is starting to attract attention on Capitol Hill, as some lawmakers identify the situation as a potential threat to national security.
Senator Marco Rubio, who has previously clashed with Amazon , said the ongoing relationship with Chinese surveillance companies fits a broader pattern. Rubio criticized Amazon after the company bought Dahua cameras that can identify Uighur faces. Amazon says it acquired Dahua thermal cameras in 2020 to perform temperature checks in response to the pandemic and that it has not purchased Dahua cameras for its facility since mid-year.
“No one should be surprised,” the Florida Republican told NR in a statement. “This type of behavior is part of the path of a company that prioritizes short-term profit above all else, including the health and well-being of its employees. Amazon loves to preach “woke” values of sealing, but seems to have no problem violating US law – and putting federal, state and local agencies in a position to do the same – while doing business with a genocidal and oppressive regime.
“The General Services Administration and the Department of Defense need to investigate this immediately and end this massive threat to national security,” he added, citing two government agencies responsible for federal procurement.
For now, it appears that such an investigation is not underway. When the General Services Administration (GSA) was approached by NR, a spokesperson said the agency cannot comment on an individual company’s practices, but that federal regulation does not prohibit Hikvision and Dahua from purchase the services of a federal contractor. “GSA takes supply chain security very seriously, and compliance with Section 889 is a key priority for the Agency,” he said.
When NR contacted the Pentagon, a spokesperson issued a cursory statement that “executive agencies are obligated to comply” with the NDAA ban. If Republicans seize the House of Representatives in the midterm elections, there could be a shift in focus on the issue by congressional committees.
Representative Michael McCaul, the top Republican on the Committee on House Foreign Affairs, which would take over the majority of the Republican Party, called it “unacceptable that American companies continue to turn a blind eye to the CCP-controlled companies that are fueling their Orwellian surveillance state and their horrific human rights abuses.” ”. And more generally, there is growing bipartisan interest in passing legislation to prohibit federal contractors from doing business with entities linked to the Chinese government.
Jimmy Quinn is National Review’s National Security Correspondent
National Review. Published with permission. Original in English.