President Trump has ordered an American hotel management software company to divest from its Chinese owner, calling Beijing’s stake in the firm a threat to U.S. national security.
In an executive order issued Friday, Mr. Trump said there was “credible evidence” that the Chinese purchase of StayNTouch, the software company, could be used for nefarious purposes.
The action followed the indictment last month of four Chinese military hackers for stealing sensitive U.S. data and a push by the Trump administration to block China’s massive collection of data on Americans. StayNTouch is owned by Beijing Shiji Information Technology Co., Ltd., a Chinese company, and its Hong Kong subsidiary, Shiji Ltd.
The order requires the company to be divested from Shiji in four months under the Treasury-led Committee on Foreign Investment in the United States, known as CFIUS.
The action by the president is one of the first under a new law passed by Congress two years ago giving increased power to CFIUS to prevent foreign companies from buying American firms in deals that could impact U.S. security.
“The president is wasting no time using the new CFIUS laws to mandate Chinese divestitures rather than relying on the previous system of semivoluntary procedures,” said John Tkacik, a China specialist and former State Department official. “And the fact that this is under President Trump’s signature would indicate his personal engagement with both the law itself and this particular case.”
The order calls for complete divestment and demands that Shiji refrain from accessing hotel data through StayNTouch, and also prevents Shiji from selling StayNTouch to another Chinese buyer.
Attorney General William Barr last month highlighted Chinese data theft in announcing the indictment of four People’s Liberation Army hackers on charges of stealing data on Americans from the credit reporting firm Equifax.
StayNTouch was purchased by its Chinese owners in September 2018 after developing a mobile hotel property management system designed to streamline the room rental process on both tablets and smartphones. A White House National Security Council spokesman declined to comment.
Frewoini Golla, StayNTouch’s marketing director, said in a statement that Shiji was disappointed by the order, insisting the Chinese ownership “is not a threat to U.S. security in any way.”
Ms. Golla said Shiji does not access guest data of StayNTouch customers and the company offered a range of proposals to mitigate U.S. government security concerns such as restricting access to guest data and appointing an independent monitor. “Unfortunately, those offers were rebuffed,” she said.
According to the company’s website, the software is in use for 90,000 rooms globally and “revolutionizes how front-line staff connects with guests.” It was founded by entrepreneur Jos Schaap in 2013, who shifted the hotel software to cloud computing. The Treasury Department implemented two new orders in mid-January expanding the power of CFIUS, that until the 2018 had been limited in its ability to conduct national security reviews of foreign purchases. Under the new rules, CFIUS will greatly expand the number of foreign purchases it can review.
The rules went into effect Feb. 13 and call for mandatory reviews of foreign purchases even if the buyer has a noncontrolling interest. The goal is to prevent the transfer or military technology to adversary states like China or Russia.
Anders Corr, a China expert, said the order highlights the need to cut off Chinese data collection on Americans and others.
“This data can be used to empower China economically by helping them know the customer, as any company would do,” Mr. Corr said. “But in the case of China, it could also be used for blackmail, for example of our government or industry leaders.”
The new CFIUS rules “are absolutely necessary as the U.S. rebuilds its industrial base and protects its information economy against further Chinese economic assaults,” he added.
CFIUS also has new power to block real estate purchase that could have national security effects, such as property near airports, ports and military bases.
Mr. Tkacik said the focus in the StayNTouch case is designed to prevent China from using hotel software to gain access to sensitive data on travelers.
“I daresay every Chinese espionage agency is eager for the capability to plug a target official, or businessman, or suspected foreign espionage agent name into their hacking programs and find out exactly where she or he is in real time — credit cards, itinerary, what she or he had for breakfast — and StayNTouch would have that,” he said.
China’s Ministry of State Security and other Chinese intelligence agencies are gathering vast amounts of data, including hotel information around the globe. StayNTouch gave Beijing that type of access.
Mr. Tkacik said the order was likely based on U.S. intelligence showing Chinese data collection on hotels.