Committee on Foreign Investment in U.S. Grows in Practices

Laura BednarVulnerabilitiesLeave a Comment

cfius data security threat

The Committee on Foreign Investment in the U.S. (CFIUS) developed from an organization that took little action to prevent any foreign investments, to a powerhouse in preventing security threats. After incidents like the Russian hacking during the 2016 presidential election and other data breaches throughout the world, data is now considered a serious threat to national security.

What is CFIUS?

The CFIUS is a committee made up of Department heads of the Treasury, Homeland Security, Defense, State, Justice, Commerce, and Energy. The heads of the Office of the U.S. Trade Representative and Science & Technology Policy are also involved. Their goal is to review transactions that involve foreign investments in United States businesses to see if the investment is a threat to national security.

Created in 1975, CFIUS worked with President Ford to determine if any mergers, acquisitions or takeovers that involved foreign people could result in foreign control of a business. The committee looked to see if this foreign control would undermine national security.

They began as a group that did not ultimately stop many foreign acquisitions. Many people had no idea what they did and felt there was little transparency. In recent years, the committee has shaped up and now follows what is known as the Foreign Investment Risk Review Modernization Act (FIRMA). This act expanded the committee’s reviews to include:

  • Purchase or leasing of property located near sensitive government property like military facilities and ports
  • Non-passive investment in critical technology, infrastructure, and personal data of U.S. citizens that can impact national security
  • Changes in ownership that could result in foreign ownership or control
  • Any investments that are trying to avoid CFIUS review

These policies along with the overall increase in the number of foreign investors owning or controlling U.S. businesses. These actions can most notably be seen in the recent block against China.

Chinese Investors Forced to Back Out

If the CFIUS decides that an investment is a real safety concern, they may block it altogether, require mitigation, or may force investors to sell the company assets at low prices. Earlier this month, the committee forced Chinese investors to pull out of their investment in two companies. PatientsLikeMe is a healthcare startup company that claims to have millions of pieces of data about certain diseases. The dating app for the LGBTQ community, Grindr, collects personal information.

China was prevented from investing in both of these because of the personal data involved. The CFIUS was concerned that the Chinese government may be able to blackmail people with security clearances or find intelligence agents with location data. In these cases, the investors did not file with CFIUS before making the transaction. This is one area that the CFIUS will be policing more closely.

Adapting to an Ever-Changing World

Non-controlling investments are those in which a shareholder owns less than 50% of the outstanding shares and has no control over company decisions. CFIUS is still examining these deals closely to prevent sensitive data from leaking. The recent investing blocks were against China, due to recent privacy scares. But it is important to remember that the CFIUS applies to investors around the globe.

With personal data becoming ever-more important in the digital age, the CFIUS has been working to take that into consideration when evaluating a potential risk with an investment. Between Facebook storing passwords and paying users for data and financial institutions and hotels leaking social security numbers, there’s no reason not to consider data a threat to the nation as a whole.

Letting Experts Investigate

While the CFIUS handles national threats, every individual who uses technology is at risk for a data breach. Our team of experienced forensic investigators can find the source of a data breach and stop it in its tracks. With the ability to deploy anywhere in the world in 24 hours, you will know that there is always an organization looking out for you.

With personal data at risk, individuals need a secure solution to storing their data. Our line of SecureDrive products is hardware encrypted storage devices with FIPS 140-2 Level 3 Validation to ensure the highest security standards. With unique user authentication, the user is in complete control. For more information on any of our services call SecureData at 1-800-388-1266.