Chinese self-driving firms accused of collecting US data

Washington D.C.— House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Committee Ranking Member Frank Pallone, Jr. (D-NJ) led a bipartisan letter. House Select Committee on the Chinese Communist Party Chair Mike Gallagher (R-WI) and Select Committee Ranking Member Raja Krishnamoorthi (D-IL) also joined them. The letter, signed by 14 members of Congress, was addressed to 10 People’s Republic of China-related automotive companies. It expressed concerns about their handling of data collected during testing of autonomous vehicles in the United States.

Reps. Cathy McMorris Rodgers, Frank Pallone, Jr., Mike Gallagher, Raja Krishnamoorthi, Bob Latta, John Moolenaar, Gus Bilirakis, Kathy Castor, Jan Schakowsky, Neal Dunn, Tim Walberg, Haley Stevens, Marc Veasey, and Debbie Dingell signed the letters.

Members asked companies to respond to the following inquiries by November 29, 2023:

1. Your vehicles collect information in various categories while deployed in the U.S.Please detail the purposes for which you use each subset of information your company collects in the U.S. Please detail all the categories of information collected by vehicles that you retain and how long you retain it. Additionally, specify the purposes for retaining such information and describe the process, if any, for deleting it when it is no longer needed. Do you license, share, or sell data collected in the U.S.?  If so, please detail your policies and practices for licensing, selling, or sharing data collected in the U.S.  Please provide the number of entities for which you have licensed, shared, or sold such data in the last three years. Also, include a description of these entities. Does your company de-identify data?  If no, why not?  If yes, please detail the process by which you de-identify data. Also, describe your policies and procedures for ensuring such data is not reidentified. Are the algorithms used to power any of your self-driving systems subject to CCP export controls requiring the algorithms to be located and trained only in China? Please provide a detailed description of the categories of information, if any, your vehicles collect about infrastructure in the U.S.
2. Do you offer any services to Americans, such as ride hailing services, or delivery services? If yes, please detail such services and the categories of information you collect from Americans who use such services.
3. Do you process or store in China or any other place outside the U.S. any information that is collected in the U.S.? Please identify all specific locations where U.S. data is processed or stored. This includes determining whether such data is stored within on-premise servers or a cloud infrastructure. Please describe the contracts, leases, and any other arrangements in place with third parties. Moreover, these pertain to the storage of U.S. user data. Please describe how U.S. user data is secured, including any encryption used in transit and at rest. Also, specify the categories of data that are encrypted. List all individuals with the ability to decrypt U.S. data, their locations, and positions. Also, specify where encryption keys are generated and maintained. Has your company ever experienced a breach of its data? If yes, please describe the dates and circumstances of such breaches, nature of the data breached, the categories of data affected, whether that data was collected in the U.S., government authorities that were informed, and any remedial actions taken.
4. Have you shared any of the information collected in the U.S. with the People’s Republic of China (PRC), the CCP, the People’s Liberation Army (PLA), any entity that could be reasonably thought to be acting at the direction of one of the above, or any members or officials in such bodies?
5. Have you coordinated with the PRC, CCP, or PLA on your company’s strategy for testing in the U.S.?  If yes, please detail the nature and frequency of such coordination. How many data records were shared?  Do you currently engage in such coordination?
6. Do you coordinate with other Chinese AV companies on your company’s strategy for testing in the U.S.? If yes, please detail the nature and frequency of such coordination.
7. Do you receive any funding from the PRC, CCP, PLA, or Chinese state-owned entities or private equity backed by the PRC, CCP, or PLA, to test your vehicles in the U.S.? If yes, please detail the amount and the purposes for such funding.
8. Do entities supported by or affiliated with the Chinese government or the CCP have access to your company’s network? Or do they have access to your data depositories? Have these entities used your company to spy, surveil, or observe individuals or groups? If yes, please explain the nature of the access and use.
9. Please outline the steps you would take if you learned that actors supported by or affiliated with the Chinese government or the CCP are or have accessed your company’s network or data depositories, used or are using your company to disseminate disinformation, or are using your company to spy on, surveil, or observe individuals or groups.
10. Please document all meetings, communications, or interactions you have had with members of the Chinese government or the CCP while serving as officers of the company relating to your operations in the United States. This includes any other senior company executives.
11. Has your company, or any companies you work with, been accused of stealing any trade secrets from American AV companies?
12. Like ByteDance, does your company have an internal CCP Committee?
13. Please provide an organizational chart detailing your current corporate ownership structure. Also, note any material changes in that structure that have occurred within the last seven years.