Three US senators have urged Treasury Secretary Janet Yellen to sanction Tuya Smart, a Chinese Internet of Things (IoT) company, for being a “national security threat.”
According to Senators Marco Rubio, Rick Scott, and Tom Cotton, Tuya Smart is mandated to share user data with its government under China’s Data Security Law, which went into effect this month. China’s legal data-sharing laws have often been cited as a national security concern in the US.
“Cyber and national security experts have already raised significant concerns about Tuya’s lack of protections over users’ data,” the senators wrote. “However, there is also a more basic reality that, as a [People’s Republic of China] company, Tuya is obligated to comply with [Communist Party] orders, including requests to share American and other users’ data with the Chinese government.” The senators also added that doing nothing would mean “continuing to provide Beijing a direct line to Americans’ private data”, helping the country’s exploitation of IoT vulnerabilities.
According to Tuya, the senators’ claims were “without merit” because the company isolates all user data regionally. “Tuya has never received a request from one country’s government to share user data from another country,” a representative from the Chinese company said.
“We take compliance with all security and privacy laws seriously and strive to abide by the laws in all markets where we operate – including the United States and China. Tuya is prepared to aggressively defend itself against any claims to the contrary.”
The senators want Tuya added to a list of Non-SDN Chinese Military-Industrial Complex Companies, from an executive order US President Joe Biden issued in June. Based on this law, Americans from investing in Chinese companies believed to have ties to the Chinese military.
Tuya, which operates an IoT cloud platform that connects a wide range of smart devices, raised US $915 million in its initial public offering on the New York Stock Exchange in March. It has become the latest target of increased scrutiny in the US of publicly-listed Chinese companies.
As security concerns in IoT continue to grow, there is a need for greater transparency and accountability across regions. Stricter laws must be set in place to ensure the protection of every home and enterprise that uses IoT–to ensure that user data is secure at all times.