Page:Executive Order 13971 of January 5, 2021.pdf/1

Rh

Title 3—

The President Executive Order 13971 of January 5, 2021



By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code,

I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the pace and pervasiveness of the spread in the United States of certain connected mobile and desktop applications and other software developed or controlled by persons in the People’s Republic of China, to include Hong Kong and Macau (China), continue to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by these Chinese connected software applications.

By accessing personal electronic devices such as smartphones, tablets, and computers, Chinese connected software applications can access and capture vast swaths of information from users, including sensitive personally identifiable information and private information. This data collection threatens to provide the Government of the People’s Republic of China (PRC) and the Chinese Communist Party (CCP) with access to Americans’ personal and proprietary information—which would permit China to track the locations of Federal employees and contractors, and build dossiers of personal information.

The continuing activity of the PRC and the CCP to steal or otherwise obtain United States persons’ data makes clear that there is an intent to use bulk data collection to advance China’s economic and national security agenda. For example, the 2014 cyber intrusions of the Office of Personnel Management of security clearance records of more than 21 million people were orchestrated by Chinese agents. In 2015, a Chinese hacking group breached the United States health insurance company Anthem, affecting more than 78 million Americans. And the Department of Justice indicted members of the Chinese military for the 2017 Equifax cyber intrusion that compromised the personal information of almost half of all Americans.

In light of these risks, many executive departments and agencies (agencies) have prohibited the use of Chinese connected software applications and other dangerous software on Federal Government computers and mobile phones. These prohibitions, however, are not enough given the nature of the threat from Chinese connected software applications. In fact, the Government of India has banned the use of more than 200 Chinese connected software applications throughout the country; in a statement, India’s Ministry of Electronics and Information Technology asserted that the applications were ‘‘stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.’’

The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions