The emergence of the Chinese artificial intelligence company DeepSeek has drawn considerable attention in the United States, particularly with its chatbot becoming the most downloaded app in the nation. However, recent findings by cybersecurity experts highlight significant privacy issues due to the app's connections with China Mobile, a state-owned telecommunications company from China that is banned from operating in the U.S.
DeepSeek's web login page contains obfuscated scripts which, when decoded, reveal links to the computer infrastructure of China Mobile. This script appears integral to the user account creation and login processes within DeepSeek's platform, with implications of data sharing that go beyond existing privacy policies, which already indicate data storage within China.
This revelation, originally discovered by Feroot Security—a Canadian cybersecurity firm—adds fuel to ongoing concerns by U.S. national security officials about Chinese digital services. Indeed, there are established ties between China Mobile and China's military entities, leading to restrictions by the U.S. Federal Communications Commission (FCC) against China Mobile operations due to substantial security worries.
Past U.S. legislation has seen lawmakers, in a bipartisan effort, attempt to mitigate risks by seeking the divestiture of Chinese parent companies from popular apps like TikTok. DeepSeek's links to China Mobile bring forth a renewed focus on this subject, with privacy experts warning of enhanced risks due to the potential exposure of sensitive user data.
Although no direct data transfer to China Mobile was observed during North American login tests, cybersecurity professionals find it difficult to exclude this possibility entirely. This discrepancy primarily affects the web version of DeepSeek, as the mobile variant remains highly popular on major app stores such as Apple and Google. Ivan Tsarynny, CEO of Feroot Security, emphasized the gravity of these findings, stressing the risks involved in allowing potential surveillance activities by Chinese entities without taking preventive measures.
Given the popularity of generative AI systems and their use in handling sensitive data, the inconvenience posed by DeepSeek's operations is concerning. Users employ such systems for a variety of purposes, including business research, spell-checking, and addressing personal inquiries, meaning privacy breaches could result in significant exposure.
Stewart Baker, an expert in privacy law and former official at both the Department of Homeland Security and the National Security Agency, compared this situation with previous concerns about TikTok but noted that DeepSeek's potential risk could be considerably more severe. The integration of deeply personal and business-related data into a system tied to a geopolitical adversary amplifies perceived threats to national and individual security.
Academic cybersecurity authorities, Joel Reardon from the University of Calgary and Serge Egelman of the University of California, Berkeley, confirmed the software's association with China Mobile after independent tests. This validation underscores a pressing conversation around international privacy standards and the balance between technological innovation and national security.
As the U.S. continues to scrutinize foreign tech companies operating within its borders, DeepSeek's situation serves as a crucial test case for policy frameworks aimed at protecting citizen data amidst global digital transformations.