DJI Placed on the Entity List for Human Rights Abuses, but Concerns About Data Security Should Not Be Overlooked

COMMENTARY Cybersecurity

DJI Placed on the Entity List for Human Rights Abuses, but Concerns About Data Security Should Not Be Overlooked

Jan 7th, 2021 4 min read

Commentary By

John Venable @JVVenable

Senior Research Fellow for Defense Policy

Lora Ries @lora_ries

Director, Center for Technology Policy

In this picture taken on May 11, 2017, a drone flies in the showroom of the DJI headquarters in Shenzhen. AFP Contributor / Contributor / Getty Images

Key Takeaways

The Departments of Defense, Interior, and Homeland Security have all warned against or prohibited the procurement of Chinese-made drones—warnings Congress heeded.

China has lost the benefit of the doubt when it comes to data-sharing or security.

DJI drone-buyers will be aware they are supporting a company that participates in human rights abuses.

Shortly before Christmas, the federal government took bold action to preserve both U.S. national security and our foreign policy interests by placing the Chinese corporation Da-Jiang Innovations (DJI), the world’s largest maker of unmanned aerial systems, on the Entity List.

The move imposes serious export restrictions on DJI, prohibiting the company from purchasing parts or technology from the U.S. as part of its supply chain.

DJI’s placement on the list comes after multiple warnings from private sector organizations and government agencies about the nefarious nature of DJI, the collection capability of their drones, and the compulsory flow of the data they capture to the Chinese Communist Party.

When two independent cybersecurity research firms reverse-engineered DJI affiliated applications, they found hidden coding that enabled the Chinese developer of the controller app to download and execute “other” code whenever it chose, and both applications collected reams of sensitive user data. That data was transmitted to third-party servers without user knowledge, much less consent.

The Departments of Defense, Interior, and Homeland Security have all warned against or prohibited the procurement of Chinese-made drones—warnings Congress heeded. The Senate Homeland Security Committee passed The American Security Drone Act in early 2020 with unanimous bipartisan support.

If the House had voted to make it law, the Act would have prohibited the federal government from buying or using Chinese drones. Similar language was added to the House version of the 2021 National Defense Authorization Act, but it was inexplicably stripped from the Senate and House-agreed-to Conference version.

And just two weeks ago, John Ratcliffe, the Director of National Intelligence, emphatically stated the danger China poses to all sectors of American society and even to its own citizens.

Evidence of the latter was revealed last summer when video footage emerged of Chinese paramilitary police force-marching hundreds of shackled and blindfolded Uyghurs, Chinese ethnic minorities, off a train in Xinjiang, China. A DJI drone captured that footage, a company actively assisting the Chinese government in imprisoning, enslaving, and ultimately silencing an estimated 3 million Uyghurs.

Ratcliffe’s remarks regarding China come amid other cabinet members’ and high-level officials’ warnings about the Communist regime. Chairman of the Joint Chiefs of Staff General Mark Milley said at this month’s CEO Council Summit that China ranks first in the Pentagon’s view of rising threats to U.S. strategic interests.

In July, speaking of the threats China poses in technology, FBI Director Christopher Wray stated, "There is perhaps no more ominous prospect than a hostile foreign government's ability to compromise our country's infrastructure and devices." Homeland Security Acting Secretary Chad Wolf stated last week, as part of comprehensive remarks about China’s challenge for homeland security, that data sharing and data security issues with Chinese-made drones are “absolutely a real concern.”

In adding DJI to the Entity List, Commerce Secretary Wilbur Ross stated, “China’s corrupt and bullying behavior both inside and outside its borders harms U.S. national security interests, undermines the sovereignty of our allies and partners, and violates the human rights and dignity of ethnic and religious minority groups.

"Commerce will act to ensure that America's technology—developed and produced according to open and free-market principles—is not used for malign or abusive purposes. China actively promotes the reprehensible practices of forced labor, DNA collection, and ubiquitous surveillance to repress its citizens in Xinjiang and elsewhere."

While the Commerce Department did not cite DJI’s ability to transfer data from its drones operated in the U.S. to Beijing in adding the company to the Entity List, China has lost the benefit of the doubt when it comes to data-sharing or security. The path is littered with Huawei, ZTE, TikTok, along with serious examples of intellectual property theft and multiple forms of espionage.

Director of the National Counterintelligence and Security Center William Evanina described China as “one of the leading collectors of bulk personal data around the globe, using both illegal and legal means. Just through its cyberattacks alone, the PRC has vacuumed up the personal data of much of the American population, including data on our health, finances, travel and other sensitive information.”

DJI may be able to evade the consequences of being added to the Entity List by obtaining its supply chain parts and technology from other-than-U.S. sources, but the effect of the action will not go unnoticed. DJI drone-buyers will be aware they are supporting a company that participates in human rights abuses. Drone operators are on notice that their data can easily be sent to Beijing. Maybe DJI's placement on the Entities List will result in mainstream media coverage that will educate people so they can decide.

No matter what, this is a great step for the United States. With a little luck, it will survive DJI’s heady lobbying efforts to not just be reinforced by Congress but maintained by the next Administration. For the sake of U.S. security, let’s hope they do just that.

This piece originally appeared in RealClear Defense