Chinese Efforts to Obstruct Huawei Prosecution Illustrate Hybrid Corporate Espionage Risks
While China’s target was the U.S. government in this instance, the defendants’ alleged conduct and methodologies illustrate security risks and compliance challenges faced by private U.S. entities and their personnel related to insider threats and corporate espionage.
Public filings relating to the case suggest that the scheme involved a hybrid effort in which the intelligence officers were in contact with Chinese officials and with Huawei itself.
In light of diplomatic tension related to the Huawei prosecution, it is hardly surprising to learn of a Chinese foreign intelligence operation intended to disrupt the case. And while China’s target was the U.S. government in this instance, the defendants’ alleged conduct and methodologies illustrate security risks and compliance challenges faced by private U.S. entities and their personnel related to insider threats and corporate espionage.
The Huawei Prosecution
Huawei is a global telecommunications company, based in Guangdong, China, that employs almost 200,000 people in approximately 170 countries. In December 2018, Canadian authorities provisionally arrested Huawei CFO Wanzhou Meng at the United States’ request. In January 2019, the U.S. DOJ unsealed charges against Meng, Huawei, and certain of Huawei’s affiliates. The DOJ alleged that the defendants committed a host of federal crimes in connection with a scheme to cause international banks to process transactions in violation of U.S. sanctions against Iran by concealing the operations of an alleged Iranian affiliate.
The charges escalated existing tension between the United States and China over international trade and Huawei in particular. Following Meng’s arrest in Canada, China blocked certain Canadian exports and arrested two Canadian citizens based on allegations of espionage. In September 2021, Meng entered into a deferred prosecution agreement with the DOJ in which she admitted to several of the DOJ’s central factual allegations about the case. Meng entered into the agreement with U.S. prosecutors from Canada, and the prosecutors permitted her to return to China during the deferment period. Within days of the agreement, China released the detained Canadian citizens.
The case against Huawei and its affiliates is ongoing, and several public filings suggest that the prosecutors had longstanding concerns about Chinese espionage. For example, a protective order prohibits Huawei’s counsel from taking sensitive discovery materials outside U.S. jurisdiction without permission. In a May 11, 2020, filing, prosecutors argued that they had “particularly acute” concerns about China and suggested that China “may take actions to intervene on behalf of Huawei.”
The Obstruction Charges
As prosecutors expressed concerns publicly in 2020 about efforts by the Chinese government on behalf of Huawei, they were also working behind the scenes on a counterintelligence investigation involving exactly that fact pattern.
On October 24, 2022, the DOJ announced that two Chinese intelligence officers had tried since January 2019—the same month the Huawei prosecution was announced—to obtain sensitive information about the case from a U.S. law enforcement official. The DOJ charged the two men, Guochun He and Zheng Wang, with an obstruction offense and added two counts of money laundering against He relating to bitcoin transfers he sent to the U.S. official.
According to the criminal complaint, beginning in February 2017, He and Wang successfully cultivated an illicit relationship with the U.S. official, but the official “subsequently” started to work as a “double agent for the U.S. government.” Between February 2019 and October 2022, He communicated with the official over an encrypted messaging application and a public pay phone. Prosecutors argued that the communications demonstrated that He was in contact with a Chinese intelligence “boss,” and also “discussed with [Huawei] employees his efforts to obtain information about [Huawei].”
About two days after Meng’s September 2021 deferred prosecution agreement, the DOJ ramped up the investigation by directing the official to tell He that the official would be attending a meeting relating to trial preparations for the Huawei case. He requested information from the meeting regarding “new accusations” by the prosecutors and any “new evidence.”
In October 2021, the official sent He a picture of a page from what purported to be—but was not—a classified memorandum relating to Huawei. He transferred the official approximately $41,000 worth of bitcoin for the picture. He suggested that the official convert the cryptocurrency to dollars at a “gambling house” because that method would be “private and safe.”
In October 2022, after the official had sent He another photograph from a fake memo, He transferred approximately $20,000 worth of bitcoin to the official.
5 Reasons Why U.S. Companies Should Care
While the allegations against He and Wang involved efforts by the Chinese government and Huawei to target the DOJ, the allegations illustrate the type of human-intelligence operation that companies should consider when evaluating security and compliance risks related to insider threats and corporate espionage.
1. The alleged efforts to obstruct the Huawei prosecution are part of a formidable hybrid threat blending public and private Chinese actors. Deputy Attorney General Lisa Monaco stated publicly that the case demonstrates “the interconnection between PRC [People’s Republic of China] intelligence officers and Chinese companies” and the “PRC government’s commitment to tilting the playing field in favor of Chinese corporations abroad.”
2. China is not the only foreign power whose activities present these types of risks for U.S. entities and their personnel. This summer, in response to mounting pressure from economic sanctions related to Russia’s invasion of the Ukraine, Russian President Vladimir Putin declared that facilitating Russia’s industrial and technological development was a “priority area” for Russia’s foreign intelligence service, the SVR. Other recent prosecutions have brought to light efforts by Russia and Iran to send operatives to U.S. territory to conduct intelligence operations.
3. Corporate boards and executives should periodically evaluate exposure to these risks arising from the company’s operations, and consider adding or increasing the counterintelligence focus of the company’s security and compliance programs in order to protect intellectual capital and employees. Corporate counterintelligence activities can include providing threat-awareness training, creating reporting policies and response plans, improving network controls, and developing liaison relationships with law enforcement and intelligence authorities in the United States and other relevant jurisdictions.
4. The Chinese intelligence officers’ use of an encrypted messaging application to further the obstruction scheme highlights a risk that is related to, but distinct from, the books-and-records concerns raised by the U.S. Securities and Exchange Commission (SEC) in the September 2022 settlements involving use of personal devices to communicate regarding business matters. Whereas the SEC settlements focused on concerns that employees could use personal devices to conceal improper behavior, the Chinese intelligence operation that led to the Huawei obstruction charges relied on a methodology that could be used by foreign actors to target employees’ personal communications in connection with corporate espionage plots. Private companies can easily lose control of valuable intellectual property through employees’ unauthorized personal communications. This is yet another reason for companies to be sensitive to policies and procedures relating to employee communications.
5. Companies that find themselves subject to certain types of foreign intelligence penetrations could face complicated disclosure questions under the SEC’s proposed cybersecurity rule, Release Nos. 33-11038, 34-94382, IC-34529 (March 23, 2022). As initially drafted, the rule does not provide for a public reporting delay when there is an ongoing private or government investigation into a cybersecurity incident. Some commenters have pressed for a national security exception to mitigate disclosure risks, such as that a public disclosure of the incident may lead perpetrators to destroy evidence.
As the rule is finalized, companies should pay close attention to the national security implications of the definition of “cybersecurity incident” and consult counsel regarding disclosures that may be required or appropriate in response to such an event.
Emil Bove and Lee Vartan are members of Chiesa Shahinian & Giantomasi.
From: New Jersey Law Journal