I don’t use DeepSeek for reasons you will learn below. However, did you know that there’s little public discussion about the relationship between OpenAI's cloud services and its proximity to a member of the Five Eyes?
We all use a variety of online services that snoop and scoop our data. But while our attention is often focused on the information we consume from these services, it's possible we aren’t well informed about where our data goes and how it is being used.
This is especially true when, somewhere in the middle of all this, there’s a government contract empowering data collection behind the scenes. And if data isn’t being harvested outright, some of the most popular services we use put users in very close proximity to government agencies, especially the intelligence agencies.
Recently, while researching the open-source artificial intelligence (AI) app DeepSeek and trying to verify the numerous claims about privacy violations, I was able to confirm many of these concerns. However, along the way, I also discovered a few things I wasn’t aware of concerning the closed-source AI app ChatGPT.
Let’s crack upon this controversy and get to the facts.
Cooperation with law enforcement: DeepSeek vs OpenAI
Virtually all presentations, articles, and social media posts I’ve observed regarding the Chinese AI app DeepSeek are copy/pasta. This means everyone is repeating the same information. But while people are fixated on the fact that a Chinese AI company has data servers in China (of all places), this made me take a closer look at OpenAI, the company behind ChatGPT.
The fact that cybersecurity experts are repeating the same thing tells me that no new information has been discovered. That may, of course, come later. However, this may be new to some.
The context of China’s Data protection law is practically identical to the way the United States handles data protection. For example, Article 35 of China’s Data Security Law States:
"Where public security authorities and national security authorities obtain data as necessary to safeguard national security or investigate crimes in accordance with law, they shall undergo strict approval procedures according to relevant State provisions and proceed in accordance with law, and relevant organizations and individuals shall cooperate."
This means that Chinese law enforcement can legally access data when investigating threats to national security or crimes. Moreover, strict approval procedures are required, and cooperation is expected.
Below is a comprehensive comparison between how China and the US approach data collection regarding national security threats. The only difference is that China's approach is more authoritarian in nature, whereas the US includes more legal checks, such as judicial oversight, but with less public awareness regarding FISA courts.
The CLOUD Act (2018) gives US authorities the power to access data stored in foreign countries if the servers are owned by US-based businesses and they collaborate with foreign governments to share data relating to criminal investigations.
Like Google, Apple, Meta, and any other US-based companies, OpenAI also cooperates with law enforcement. There's no surprise there. I just think people forget how the law works in the US because often, when hype exists, people stop thinking for themselves and forget to verify information.
If China’s approach to data collection is considered authoritarian, the same authoritarian nature can be considered regarding the US and its preemptive data collection programs, such as mass surveillance under the National Security Agency, which comes with limited transparency and legal loopholes.
Don’t make me have to mention former NSA intelligence contractor turned whistleblower Edward Snowden and the NSA’s not-so-top-secret-anymore PRISM program.
Listing and explaining the volume of these programs and what they are for would amount to a separate article.
OpenAI and Azure’s relationship with spy agencies
OpenAI’s ChatGPT depends on Microsoft’s Azure cloud infrastructure. What does this mean?
Simply put, it is also utilized by US government agencies like the NSA. In fact, in August 2021, Microsoft announced that it would be offering general availability of Azure Government Top Secret, a cloud service that handles top-secret data for US intelligence agencies. Microsoft offers over 60 cloud services to the intelligence community, including the Department of Defense.
This means the same cloud infrastructure that supports ChatGPT also serves US government agencies for their top-secret data needs in handling the nation's most sensitive data. While this does not necessarily indicate that ChatGPT’s servers are in the government domain, but it does put the service and the users respectively in close proximity.
However, the boundaries could arguably be blurred when you consider that OpenAI’s GPT-4o is integrated through Microsoft’s Azure for the US Government’s top-secret cloud. This means that federal agencies with top-secret workloads, including the Department of Defense, can use GPT-4o to use their AI models for classified mission sets.
Put simply, Azure cloud infrastructure serves both commercial applications and vital government functions.
Unlike in the US, DeepSeek sends user data to China Mobile, a state-owned telecommunications company. While the US does not operate state-owned internet or mobile service providers, as private companies offer these services, China Mobile is legally obligated to cooperate with law enforcement, including in matters of national security under both Article 7 and Article 14 of China’s National Intelligence Law.
DeepSeek’s ambiguous data-sharing policy
OpenAI has a strong consumer privacy policy that does not share user data with third parties, not even for marketing purposes. We like the sound of that.
In contrast to DeepSeek’s obvious connection back to China, there is a realistic cause for concern. For example, the DeepSeek iOS app disables App Transport Security (ATS), a standard iOS security feature that enforces secure connections.
This means the app transmits device information in clear-text, absent any encryption, making it completely vulnerable to being intercepted. Mind you, the encryption methods the app uses are depreciated.
Therefore, due to the usage of depreciated decryption and the fact that its data-sharing policy states it may share user data with its corporate affiliates and third-party service providers, That sounds fine until you realize that it doesn’t offer much detail regarding information on the specific entities involved or why it's necessary to that user data.
Below is a comparison between ChatGPT and DeepSeek, as well as the user information collected.
ChatGPT integrated into our daily lives
As time progresses and more information comes out concerning data protection issues or solutions for both ChatGPT and DeepSeek, I believe the answers will not offer much comfort. ChatGPT has been integrated into many facets of our lives, and it’s ostensibly here to stay.
For example, Apple integrated ChatGPT into iOS when it released the iOS 18.2 update on December 11th, 2024. This enhanced the Apple Intelligence suite, which empowers Siri to use ChatGPT for more detailed and context-aware responses. Thankfully, users can choose whether responses derive from Apple Intelligence or ChatGPT.
Also, macOS also integrated ChatGPT via Apple Intelligence directly into its operating system in December 2024, with the release of macOS Sequoia 15.2.
In late 2023, Microsoft released Copilot, an IP assistant that’s powered by ChatGPT, directly into the Windows 11 operating system.
As I end here, it’s important to point out that one can only speculate what happens to DeepSeek’s user data as it passes through China Mobile or what data would be considered relevant to the unnamed third parties. Similarly, we can only speculate what happens to ChatGPT users’ data on the very cloud servers used by the US government’s intelligence agencies, if anything.
Your email address will not be published. Required fields are markedmarked