Dec 3, 2020 - Technology

Scoop: Trump admin mulls blocking cloud firms from countries like China

Illustration of hand stopping arrow cursors

Illustration: Eniola Odetunde/Axios

A proposed executive order that could keep American cloud computing companies out of certain foreign countries is being circulated within the Trump administration and to tech industry players, Axios has learned, disconcerting the firms that could be affected.

Why it matters: The proposal would likely represent a chance to plant another tough-on-China flag before the president leaves office. The Trump administration has repeatedly sought to prove that it will stand up to countries that it believes want to supplant or infiltrate American tech.

Yes, but: It's unclear if the proposal will go anywhere. Even if it makes it to Trump's desk, there's not enough time left in his administration to complete any rulemaking or other procedures to carry out such an order, and the incoming Biden administration could scrap it immediately.

  • A source familiar with negotiations on the order said the White House led the writing of the proposal through an interagency process, and that it is expected to be signed by President Trump.

Driving the news: Under the proposed order, the Commerce Department would under certain circumstances have the authority to ban U.S. cloud providers from doing business in certain countries and ban foreign cloud providers from doing business with U.S. customers.

  • The source familiar with the negotiations said the intent of the EO is to deter malicious use of IaaS (infrastructure-as-a-service) providers to launch cyber attacks.

How it works: IaaS such as Google Cloud, Amazon Web Services or Oracle Cloud would have to collect customer data from both U.S. and foreign clients including phone numbers, email addresses, financial information and IP addresses in case the government ever asked for it, according to a point-by-point summary of the draft EO viewed by Axios.

  • Under the EO, the Commerce Secretary could then prohibit cloud service transactions originating from "particular foreign jurisdictions."

What they're saying: "While we would not comment on any potential internal deliberations, in general, the Department of Commerce is constantly monitoring and assessing any potential threats to U.S. national security, including cybersecurity, and foreign policy interests," a Commerce spokesperson said in a statement.

Between the lines: If enacted, the order would most likely be used against countries like China, Russia and Iran. The authority cited in the draft order stems from an emergency declared in 2015 authorizing sanctions on any person or nation that engages in malicious cyber-activity against the U.S.

What's happening: The Commerce Department has been reaching out to cloud companies for feedback and thoughts on the proposal, an industry source told Axios, who said the firms feel it is being rushed and would unfairly impact their relationships with other countries.

  • There's worry that other countries could retaliate, making it harder for U.S. cloud companies to do business within their borders, and that it would be yet another fracture point for the increasingly balkanized global internet.

Editor's note: This story has been updated to add more information about the contents and status of the draft executive order and to clarify procedural details about its origins.

Go deeper