This article has been updated to include a response from Lenovo, and information from Marine Corps Exchange and Army and Air Force Exchange Service officials.
Lawmakers are urging Navy Exchange officials to stop selling Lenovo computers and other products, because of their reported links to the People’s Republic of China government.
“The exchange should not be selling Lenovo products to U.S. service members, let alone incentivizing such purchases with tax-free, discounted prices,” stated lawmakers on the House Select Committee on the Chinese Communist Party, in a letter to Navy Exchange Service Command CEO Robert Bianchi, dated Oct. 4.
They asked for a briefing to the Select Committee no later than Oct. 20, to explain why the Navy Exchange decided to sell these items. “Lenovo is closely affiliated with the People’s Liberation Army, the Chinese Academy of Sciences, and the [People’s Republic of China] government,” stated the letter, signed by Rep. Mike Gallagher, R-Wisconsin.
The People’s Republic of China espionage campaigns “are highly sophisticated and could certainly target U.S. service members on their personal computer and IT devices,” the lawmakers wrote.
All eligible shoppers can buy from the Navy Exchange, regardless of branch of service. Neither Marine Corps exchanges or Army and Air Force exchanges have carried Lenovo products since 2019, according to spokespersons for those exchange services.
A quick check of the Navy Exchange website shows nine Lenovo laptops and one desktop computer for sale. Information was not immediately available from Navy Exchange officials on the number of products sold in stores, or the volume of sales. A response to the lawmakers’ concerns was not available by publication time.
In a statement provided to Military Times, officials from Lenovo, a company with headquarters in Beijing and Morrisville, North Carolina, denied those connections with China.
“The assertions regarding Lenovo cited in Chairman Gallagher’s letter are based on past claims that were inaccurate, unsubstantiated or resolved years ago,” officials stated. “Lenovo is not affiliated with the People’s Liberation Army in any way, is not invested in or controlled by the Chinese government or the Chinese Communist Party, and does not participate in or have links to Chinese state-run cyberespionage campaigns.”
In his committee letter, Gallagher quotes a 2018 report from the U.S.-China Economic and Security Review Commission, stating, “[Lenovo’s] links to state-run cyberespionage campaigns are well documented, and it is believed to have been complicit in installing Superfish spyware and potentially a BIOS backdoor on a number of its computer products.” BIOS is a basic input/output system.
According to that report, “the Chinese government, through Legend Holdings Limited, is the largest shareholder of Lenovo stock.” However, the company points to a Fitch Ratings report, which states that Legend Holdings has a 36% share and holds two of 12 board seats, and that Lenovo is independent of Legend. Lenovo’s leadership team includes several Americans.
“We are concerned that these actors could gain access to service members’ sensitive personal information and exploit this access to compromise U.S. national security,” Gallagher wrote.
Gallagher cited a number of sources of concern, including a 2018 Federal Trade Commission complaint against Lenovo for preinstalling software that “created serious security vulnerabilities.” As part of a 2018 settlement with the FTC, Lenovo has been prohibited from misrepresenting any software features that are preloaded on laptops that will inject advertising into consumers’ internet browsing or transmit sensitive consumer information to third parties. In addition, Lenovo was required for 20 years to implement a software security program for most consumer software preloaded on its laptops.
Lenovo officials responded that since 2005, when it bought IBM’s PC division, the company has successfully completed five national security reviews by the U.S. Committee on Foreign Investment in the United States and has fully complied with post-review audits and oversight requirements.
“We have been a trusted vendor to multiple U.S. government agencies over many years, and our products deliver excellent value, performance and reliability,” company officials said.
The Defense Department spent at least $32.8 million in fiscal 2018 on technology that could threaten national security, according to a 2019 DoD Inspector General report. Among those cited were 1,573 Lenovo products totaling over $2 million. Congress and the Department of Homeland Security issued multiple warnings against using Lenovo computers, according to the report. The IG investigators noted that these had “known cybersecurity vulnerabilities in FY 2018.”
Meanwhile, House lawmakers have approved a provision in the fiscal 2024 National Defense Authorization legislation that would ban the sale of all goods in commissaries and exchanges that are made in China, assembled in China, or imported into the United States from China. The Senate’s version doesn’t have a similar provision; House and Senate lawmakers are hashing out their differences.
Karen has covered military families, quality of life and consumer issues for Military Times for more than 30 years, and is co-author of a chapter on media coverage of military families in the book "A Battle Plan for Supporting Military Families." She previously worked for newspapers in Guam, Norfolk, Jacksonville, Fla., and Athens, Ga.