DeepSeek privacy concerns raise international alarm bells
DeepSeekās surprise superstardom has ignited a firestorm of data concerns globally, with regulators and privacy experts sounding alarms over the Chinese AI appās potential national security risks.Italy, the European Unionās third-largest economy, has taken the first step by banning DeepSeek after authorities demanded details on the appās data practices. Italyās privacy watchdog dismissed the Chinese startupās data protection measures as āinsufficient.āThe scrutiny isnāt stopping in the EU. South Koreaās regulators are gearing up to demand the same answers Italy sought, while Australian Treasurer Jim Chalmers has publicly warned residents to be cautious when using the app.The controversy around DeepSeekās privacy issues lands squarely within the rising regulatory pressure on Chinese tech firms. The US famously banned TikTok under national security pretexts, with President Donald Trump issuing an executive order to restore the social media appās services within hours (for now).Cointelegraph asked DeepSeek to clarify how it processes user data but did not receive a response.DeepSeek, meanwhile, appears to be scrambling to fix security lapses in real-time. Researchers at cloud security firm Wiz say theyāve uncovered a vulnerability that opens up access to internal data, including sensitive information such as chat histories and API keys. The flaw was reported immediately and āpromptly secured,ā according to Wiz.DeepSeek or deep spy?The US and China are locked in a fierce rivalry across multiple fronts, including AI dominance. Until recently, China was believed to be at least six months behind the US in AI development, but DeepSeekās explosion to the top of Appleās App Store challenged the assumption. Now, the app is facing the same data privacy concerns that have plagued TikTok and its Chinese parent firm, ByteDance.An analysis by privacy firm Privado found that DeepSeek collects and shares sensitive user data, including unique IDs, device details, location, language, prompts and chat history, with ByteDance. It also found that the information is shared with US tech titan Google.DeepSeek also integrates software development kits (SDKs) from ByteDance, Chinese tech conglomerate Tencent and Google.While Privado noted a discrepancy between DeepSeekās data collection and its privacy policy, stating that the app actually collects less data than it discloses, it said, āHowever, there are clear data flows to China.āSean OāBrien, founder of Yale Privacy Lab, said in a social media post that DeepSeek transmits basic network and device profile data to ByteDance and intermediaries but downplayed the risks of its app permissions.āTo be clearāapps like DeepSeek & ChatGPT are not good for privacy. But your threat model depends on the context youāre using the app in. Nearly all mainstream apps are bad on privacy,ā OāBrien added.How DeepSeekās data can be accessed by ChinaIn March 2023, TikTok CEO Shou Zi Chew testified before the US Congress, addressing concerns about the platformās data privacy practices and its relationship with the Chinese government. During the hearing, lawmakers questioned the Singaporean executive about potential Chinese influence over the platform and the security of US user data.āDeepSeek would implicate broadly the same [national security] concerns as TikTok were it to become as ubiquitous. Thereās a fairly robust history of the US government banning technology and media of adversaries, and I think DeepSeek is definitely a possible candidate for that in the medium term,ā Aaron Brogan, founder of Brogan Law, told Cointelegraph.However, Chinaās legal fine print suggests the government does, in fact, have access to user data under certain conditions:Article 37 of Chinaās Cybersecurity Law mandates that all personal data collected by Chinese companies must be stored within mainland China.Article 7 of the National Intelligence Law requires all citizens and organizations to support, assist and cooperate with national intelligence efforts.Article 35 of the Personal Information Protection Law (PIPL) emphasizes that the state has the authority to process personal data but mandates state organs to fulfill notification duties unless it impedes their statutory duties.Article 13 of the PIPL allows personal information to be processed without individual consent under certain conditions, including national security interests.These provisions effectively grant the Chinese government a legal pathway to access user data under the guise of national security or regulatory compliance.In a recent press conference, Chinese Foreign Ministry Spokesperson Mao Ning denied forcing companies to illegally collect and surrender data while responding to questions from foreign press members.āWe believe that Internet companies need to observe local laws and regulations. As for the Chinese government, we attach great importance to data privacy and security and protect it in accordance with the law. The Chinese government has never asked and will never ask any company or individual to collect or provide data located abroad against local laws.āDeepSeek and AI reliance could spread misinformationNewsGuard, a media watchdog, audited DeepSeekās chatbot and found that it provided inaccurate answers or outright failed to respond 83% of the time when asked about news-related topics. Even when confronted with demonstrably false claims, the chatbot successfully debunked them just 17% of the time.This poor performance places DeepSeekās R1 model near the bottom of the 11 AI chatbots NewsGuard has tested, ranking 10th overall.In the US, the Department of Homeland Security and the Federal Bureau of Investigation have classified misinformation as a national security risk. The European Union has also identified misinformation as a threat, citing Russian-backed media and social media campaigns as key sources of interference.One of the most striking recent cases unfolded in Romania, where misinformation allegedly had direct electoral consequences during the 2024 presidential election. Far-right candidate CÄlin Georgescuās sudden rise in popularity was linked to a coordinated disinformation campaign on TikTok, allegedly orchestrated by foreign actors to manipulate public perception.Ā Investigations revealed striking similarities between Georgescuās campaign and past Russian-backed influence operations in neighboring countries. In the fallout, Romaniaās Constitutional Court annulled the first round of the election, citing foreign interference and misinformation as direct threats to electoral integrity.Doubters question legitimacy of DeepSeekās successDeepSeekās rapid ascent has sent shockwaves through Wall Street, challenging the AI industryās dependence on US chip giant Nvidia. The Chinese startup claims to have developed its AI model at a much lower cost, using less efficient chips ā a direct contradiction to the high-powered, Nvidia-dominated approach favored by US firms like Meta and OpenAI.Chinaās access to Nvidiaās best chips is restricted due to US export bans, meaning Chinese firms must rely on inferior versions compared to what American companies can use. However, some analysts doubt DeepSeekās claims, questioning how it could achieve such advancements with just $5.5 million in training funds ā a fraction of what Western AI labs spend.The US has reportedly opened an investigation into whether DeepSeek had any backdoor access to Nvidiaās top-tier products.Meanwhile, Microsoft and OpenAI have launched an investigation into whether DeepSeek improperly accessed OpenAIās proprietary data. The probe centers on suspicions that a DeepSeek-linked group may have extracted large volumes of data from OpenAIās API without authorization.