ON FEB. 1 LAST YEAR, Montana residents gawked upward at a large white object hovering in the sky that looked to be another moon. The airborne object was in fact a Chinese spy balloon loaded with cameras, sensors, and other high-tech surveillance equipment, and it set off a nationwide panic as it drifted across the midwestern and southern United States. How much information the balloon gathered—if any—remains unknown, but the threat was deemed serious enough that an F-22 U.S. Air Force jet fired a Sidewinder missile at the unmanned balloon on a February afternoon, blasting it to pieces a few miles off the coast of South Carolina.
At the same time that the eyes of Americans were fixed on the Chinese intruder in the sky, around 30 cars owned by Chinese companies and equipped with cameras and geospatial mapping technology were navigating the streets of greater Los Angeles, San Francisco, and San Jose. They collected detailed videos, audio recordings, and location data on their surroundings to chart out California’s roads and develop their autonomous driving algorithms.
Since 2017, self-driving cars owned by Chinese companies have traversed 1.8 million miles of California alone, according to a Fortune analysis of the state’s Department of Motor Vehicles data. As part of their basic functionality, these cars capture video of their surroundings and map the state’s roads to within two centimeters of precision. Companies transfer that information from the cars to data centers, where they use it to train their self-driving systems.
The cars are part of a state program that allows companies developing self-driving technology—including Google spinoff Waymo and Amazon-owned Zoox—to test autonomous vehicles on public roads. Among the 35 companies approved to test by the California DMV, seven are wholly or partly China-based. Five of them drove on California roads last year: WeRide, Apollo, AutoX, Pony.ai, and DiDi Research America. Some Chinese companies are approved to test in Arizona and Texas as well.
Fitted with cameras, microphones, and sophisticated sensors, self-driving cars have long raised flags among privacy advocates. Matthew Guariglia, a policy analyst at the digital rights nonprofit Electronic Frontier Foundation, called self-driving cars “rolling surveillance devices” that passively collect massive amounts of information on Americans in plain sight.
In the context of national security, however, the data-hungry Chinese cars have received surprisingly little scrutiny. Some experts have compared them to Chinese-owned social media site TikTok, which has been subjected to a forced divestiture or ban on U.S. soil due to fears around its data collection practices threatening national security. The years-long condemnation of TikTok at the highest levels of the U.S. government has heightened the sense of distrust between the U.S. and China.
Some Chinese self-driving car companies appear to store U.S. data in China, according to privacy policies reviewed by Fortune—a situation that experts said effectively leaves the data accessible to the Chinese government. Depending on the type of information collected by the cars, the level of precision, and the frequency at which it’s collected, the data could provide a foreign adversary with a treasure trove of intelligence that could be used for everything from mass surveillance to war planning, according to security experts who spoke with Fortune.
And yet, despite the sensitivity of the data, officials at the state and federal agencies overseeing the self-driving car testing acknowledge that they do not currently monitor, or have any process for checking, exactly what data the Chinese vehicles are collecting and what happens to the data after it is collected. Nor do they have any additional rules or policies in place for oversight of Chinese self-driving cars versus the cars in the program operated by American or European companies.
“It is literally the wild, wild West here,” said Craig Singleton, director of the China program at the Foundation for Defense of Democracies, a conservative-leaning national security think tank. “There’s no one in charge.”
The lack of safeguards raises concerns not just because of the vast amounts of data that autonomous cars collect in the ordinary course of their operations, but also because of the ability of roaming vehicles to surreptitiously collect other types of data. The potential for such mischief was demonstrated back in 2010 when Google acknowledged that its manually driven Street View mapping cars had for years hoovered up private user data, including entire email communications and passwords, shared over unsecured Wi-Fi networks by residents in more than 30 countries (Google blamed the incident on a rogue employee).
There is no evidence that any of the Chinese companies testing self-driving cars are doing any such things in the U.S. or that the data they collect is being used by the Chinese government. But in the event that any of the cars were doing so, security experts said American authorities might not even know it given what many described as an astoundingly lax system of oversight of the Chinese cars.
1.8 million
The number of miles that Chinese-owned autonomous vehicles have traveled in California since 2017
At a time when U.S. fears of espionage have fueled high-profile efforts to ban China-owned firms like TikTok and telecommunications equipment maker Huawei, the Chinese self-driving cars roaming American roads represent a little-noticed loophole that highlights the countless apertures for surveillance in today’s tech-permeated landscape and the challenge of mitigating all the risks.
To report this story, Fortune spoke with more than two dozen experts in autonomous cars, data security, and U.S.-China relations. It also reached out to representatives from all Chinese companies that test their autonomous technologies in the U.S., as well as those of government agencies related to vehicle safety, privacy, and national security. Most experts agreed that while the U.S. government is beginning to take action, it is significantly behind in regulating data security involving the Chinese self-driving cars, including information transferred to adversarial countries.
“We just don’t have a government in place now that has the technical literacy—at all agencies—to deal with the autonomous functionality plus data privacy plus cybersecurity,” said Missy Cummings, engineering professor at George Mason University and former advisor to the National Highway Traffic Safety Administration (NHTSA), which oversees vehicle safety.
Cameras and sensors that collect terabytes of data
In the globe-spanning race to build self-driving cars, China is at the front of the pack. There are at least 19 companies testing self-driving car technologies across 16 different cities in China, the most of any place on Earth, as reported recently by the New York Times.
Some of those Chinese companies also test their robo-cars on American roads. Last year, five Chinese-owned companies deployed a total of 50 autonomous test vehicles on California’s roads, about half of the total Chinese fleet permitted to operate in the U.S., according to DMV data.
WeRide, based in Guangzhou, China, is among the most active of the pack. Its self-driving car prototypes drove more than 40,000 miles in California last year; Pony.ai, which is co-located in the U.S. and China, has cars that racked up for more than 50,000 miles on California roads last year; Apollo, the Beijing-located autonomous driving subsidiary of Chinese search engine company Baidu (often referred to as the “Chinese Google”) saw its self-driving cars travel 16,000 miles in California last year, DMV data reviewed by Fortune shows.
NIO USA and Xmotors, which are subsidiaries of Chinese electric vehicle companies NIO and XPeng, respectively, have permits to test in California but neither has actually sent cars on the road. Black Sesame, an autonomous driving chipmaker based in Wuhan, China, that also has permission to test in California, hasn’t logged any miles with the DMV. And DiDi Research America, a subsidiary of Chinese ride-hailing firm Xiaoju Technology, stopped its California testing in February after six years, for undisclosed reasons.
Each company has its own mix of technology, but generally, a vehicle will be equipped with about a dozen external cameras, a few audio recording devices, and half a dozen sensors that use laser beams and radio waves to determine the exact locations of surrounding objects. Cameras pick up the color of traffic lights; microphones listen for emergency vehicle sirens; and sensors help the car create a detailed 3D map of its surroundings, including other cars, passersby, and road obstructions. One autonomous car fitted with cameras, radar, sonar, GPS, and Lidar collects about four terabytes of data per day, according to a 2016 keynote by Intel’s then-CEO Brian Krzanich. That information then gets stored for subsequent use by employees to train the self-driving algorithms.
The 3D maps and videos make it possible for the robo-cars to navigate streets and highways as if by magic, but the richness and level of detail means the data could be valuable for other potential users, including adversary countries seeking a competitive advantage in the case of war, said Nadia Schadlow, who was deputy national security advisor for strategy under the Trump administration and is a senior fellow at the Hudson Institute, a conservative think tank.
“In the defense domain, understanding your terrain and the granularity of your terrain is critical,” she told Fortune. “It’s a competition over who has full situational awareness over the battlefield.”
While existing technologies like Google Maps and Google Street View already have much of the U.S. mapped out, they don’t provide the updated images, video, and detailed data that self-driving cars collect. The laser sensors on cars, called Lidar (an acronym for “light detection and ranging”), offer 3D scans of places that are up to military standards. Lidar is often used in military operations to map battlefields and track the movement of potential threats. The U.S. military is said to have used the technology during both wars in Iraq and Afghanistan.
“I know what I would do with that data if I was at the Pentagon,” said Rep. Elissa Slotkin, a Democratic representative from Michigan who is outspoken about the threat of Chinese vehicles and has worked for the CIA, the National Security Council, and the Department of Defense. “I would do incredibly detailed mapping that would aid and abet war planning, should we ever—God forbid—have to go to war.”
At a societal level, cars can track where people go en masse, what roads are important, when people conglomerate, and the health of infrastructure. They can also keep tabs on an individual’s movements, including to and from places of worship, schools, doctors’ offices, reproductive health clinics, domestic abuse shelters, and more.
“A lot of this data is most useful when combined,” said Aynne Kokas, a University of Virginia media professor who wrote a book about how China uses data for political gain. “It’s also about information you have on someone’s political beliefs or their security clearance or their travel information or their health information that allows you to create both profiles of individuals and society, to be able to target mis- and disinformation.”
The 50 or so cars owned by Chinese companies driving in California at this time would be able to collect such information in a limited manner, including in strategic locations like near government buildings, military bases, or technology hubs, experts agreed. But large-scale targeting would likely need a much bigger fleet, they said. Some say the concern is overblown. Sam Abuelsamid, a car industry analyst at market research firm Guidehouse Insights, said it sounds like a “paranoid fever dream” and that in an age of spyware and smartphones, autonomous cars aren’t the most efficient way to track individuals. At the same time, he agreed it’s fair to question what the U.S. is doing about it.
Some Chinese companies have taken steps to obscure the identities of individuals in their videos to address this threat. WeRide told Fortune that the tech in its cars automatically edits videos to mask human faces and license plates, and that the original clips are immediately deleted after the changes are made.
Companies that don’t take such precautions, however, could make it possible for their technologies to help target individuals, like government and business leaders. “It’s not impossible to think through assassination [planning],” Rep. Slotkin said. There is no reported case of self-driving cars being used to identify individuals ahead of any targeted killing. But the hypothetical is a potent one, given the growing role that surveillance technology has played in military schemes. In January, Ukraine’s security services said that Russian agents had hacked residential webcams in the capital city of Kyiv, and used the resulting exploit to help carry out missile attacks. In 2020, Israel’s intelligence agency orchestrated the assassination of Iran’s top nuclear scientist using satellite-linked video cameras hidden in a parked car and truck, the latter of which also contained a remotely operated machine gun, according to the New York Times.
What happens to the data?
One indication of the value of the data collected by self-driving cars can be seen in how tightly it’s regulated in China. American-owned robo-taxi companies like Waymo and Cruise don’t test their technologies in China, the companies confirmed to Fortune. “We are not allowed to test our autonomous vehicles in China,” said Rep. Raja Krishnamoorthi, a Democrat from Illinois and ranking member of the House of Representatives committee on China. The high-precision maps necessary for self-driving cars are also controlled by the Chinese government. American companies cannot gain access to the maps of China unless they partner with a licensed Chinese company, according to the country’s surveying and mapping regulations.
U.S.-based Tesla, which offers limited self-driving capabilities in its commercially available electric cars, had to pass a Chinese data security test in order to lift restrictions on where its cars can travel in the country. The test proved that Tesla complied with the country’s data rules, including storing Chinese data exclusively in China. The U.S. has no such data security test for Chinese companies, said Abuelsamid, of Guidehouse Insights.
In fact, several of the Chinese companies testing self-driving cars in California have privacy policies that appear to leave open the possibility that data collected in the U.S. could be transferred to China.
Apollo’s privacy documents aren’t public, and the company declined to share them with Fortune, but its parent company’s privacy policy states that users of Baidu products automatically consent for their information to be transferred to China. The privacy policy specific to DiDi’s autonomous vehicles also isn’t publicly available, but the disclosures for its ride-hailing branch, which does not operate in the U.S., and its job applications site say the company may transfer information to China.
Pony.ai, which has been testing vehicles in California since 2017, transferred U.S. data to China until 2021, according to a former employee of Pony.ai, who was granted anonymity by Fortune to discuss private company matters. That year, the company stopped sharing U.S. information across borders because it was preparing for an initial public offering in the U.S, the former employee said. The company would not confirm this, but a Pony.ai spokesperson told Fortune that “all data stays local” in a statement. A WeRide spokesperson told Fortune its U.S. car data is stored and processed locally, and that it does not transfer data across borders.
After multiple attempts to contact all of the Chinese companies testing in the U.S., WeRide is the only one that answered Fortune’s complete list of questions on the record. It said that the data collected by its cars is used solely for the safe operations of its vehicles, that it does not collect Wi-Fi information, and that it does not share any information with the Chinese government. It also said the notion that the government can access private company data was a “misinterpretation of Chinese law.”
A problem that’s not anyone’s responsibility
Asking U.S. officials about Chinese self-driving cars and national security resulted in a circular game of finger-pointing.
The California DMV, which approves and regulates the testing of self-driving cars on state roads, does not subject Chinese companies’ applications to any additional review, Chris Orrock, a DMV spokesperson, told Fortune in a statement. Nor does it have additional rules or requirements that Chinese companies must follow once they are approved, he said.
While the California DMV receives the privacy disclosures of all companies applying to participate in the program, it does not consult with any national security agencies ahead of issuing permits. And once cars are on the road, the DMV doesn’t see any of the videos or mapping information they amass. “The data collected by AV manufacturers is retained by the company,” Orrock said.
The DMV’s primary focus is the safe operation of these vehicles on public roads, and its rules are consistent with what has been established by NHTSA, he said. When it comes to any national security issues related to the testing, Orrock told Fortune to contact NHTSA and the Department of Commerce (DOC). “Issues of national security are within the exclusive purview of the federal government,” he said.
“It’s the wild, wild West here. There’s no one in charge.”
—Craig Singleton, Foundation for Defense of Democracies
But NHTSA, housed within the federal Department of Transportation (DOT), does not appear to be on the case. The agency oversees vehicle safety in the U.S., including the safety of self-driving cars. That includes cybersecurity, which a NHTSA spokesperson told Fortune could raise “various types of concerns, including safety, national security, privacy, and financial loss.” When asked if the agency monitors the data that Chinese self-driving cars collect and their national security implications, however, the spokesperson referred Fortune to the Federal Trade Commission, which it said was “the primary federal agency charged with protecting consumers’ privacy and personal information.”
The FTC told Fortune that its jurisdiction “is focused on consumer protection and promoting competition in the marketplace.” In May, the agency published a blog post that says internet-connected cars are on its radar—the first time it has spoken publicly about them in six years—but the post wasn’t specific to Chinese cars, and the FTC has not published any official guidance. As for the DOC, it said it had no comment on whether it checks what data is collected and what happens to it.
The National Security Agency also told Fortune it had nothing to say on the matter. The Department of Homeland Security did not comment on the record. The issue also doesn’t fall under the Federal Motor Carrier Safety Administration, a part of the DOT, the agency said. The California Public Utilities Commission, which oversees the transportation of passengers in autonomous vehicles with robo-taxi services, also doesn’t monitor what data the Chinese cars are collecting, it told Fortune.
The upshot—say Kokas, Singleton, and others—is that no U.S. federal or state agency is explicitly tasked with policing how Chinese self-driving cars collect or handle U.S. data.
That’s in sharp contrast to the state of affairs in China, where the government has a national strategy that prioritizes directing innovations from commercial technologies into military applications. Chinese law also allows government officials to access private company data in certain circumstances, and it is possible that companies may have to provide more information upfront than is publicly acknowledged, said Scott Kennedy, who leads the Chinese Business and Economics program at the Center for Strategic and International Studies, a Washington, D.C.–based bipartisan think tank. Because the relationship between private companies and the government can be blurry in China, a one-party state run by the Communist party, businesses may be closely connected with government surveillance efforts, he said. The U.S. Department of Defense (DOD) has already identified 46 companies, including Huawei, that operate in the U.S. and contribute to Chinese military initiatives. No self-driving companies testing in California made the DOD’s list.
In some cases, the connections between the companies and government are overt. XPeng cofounder and CEO He Xiaopeng, for instance, serves as a delegate for the National People’s Congress, the Chinese governing body made up of nearly 3,000 members that meets for one to two weeks each year to approve new laws, elect state officers, and discuss future policies. According to the Chinese constitution, the body is the “highest organ of state power,” though it has also been described as a “ceremonial” legislature, merely voting to formalize decisions already made by the Chinese Communist Party.
In April, WeRide’s launch event in Guangzhou for its new self-driving street cleaner was attended by Hongfeng Shen, a deputy secretary for a county committee of the Chinese Communist Party. Because the device is used for urban sanitation, the government is the end consumer, and Shen was representing a potential customer at the event, WeRide said in a statement. Baidu cofounder and chief executive Robin Li was for 10 years a member of the Chinese People’s Political Consultative Conference, an advisory body for the Chinese government. He was no longer a member as of last year, according to the South China Morning Post.
While there is no evidence that the Chinese government is actually using self-driving cars to spy on Americans or has access to the companies’ military-grade maps of U.S. cities, it’s clear that the Chinese government is developing a legal framework that connects company data to the government, so that as technologies progress, there will already be a structure in place for data transfer, said Kokas, the UVA professor.
“It’s not necessarily about what’s happening now but about who is creating the best infrastructure so when technology becomes more sophisticated, they are able to act,” she said. “China is developing this infrastructure—the relationship between companies, their data gathering, their data storage, and the Chinese government—that does not exist in the same capacity in the U.S.”
What exactly is a “connected car?”
In February, President Biden said that Chinese cars pose “risks to our national security.” The comments were not specifically aimed at the Chinese self-driving cars currently being tested on U.S. roads, but rather, at a feared invasion of low-cost electric human-driven cars made by Chinese companies like BYD and NIO. Though not yet broadly available in the U.S. due to high tariffs, the Chinese EVs threaten to undercut American-made cars on price, presenting a major competitive threat to the domestic automobile industry.
In taking aim at the Chinese EVs, Biden called for an investigation into the “connected car” technology that embeds a variety of internet-enabled entertainment and safety features into the vehicles. The DOC has begun investigating and is expected to set new rules around Chinese technology in January 2025.
The department is currently determining the definition of a “connected vehicle” and what specific technologies the rules will cover. It has not yet decided if autonomous vehicle technologies—including cameras, Lidar, and autonomous-driving software—will be included. Elizabeth Cannon, the executive director for the DOC’s office that oversees information technology, told Fortune that the agency won’t prohibit certain foreign companies from testing in the U.S., because that’s not the point of the inquiry. The investigation is targeting technology components rather than entire companies, so it may ban specific machinery from the U.S. if it deems it carries a national security threat, forcing companies to find alternatives. The DOC may also create rules around where companies can store information, she said.
“I don’t anticipate there being something where we require data localization in the U.S.,” she told Fortune. “There may be something that would be: ‘You cannot store the data in China,’ that would still allow for storage in allied countries.”
The DOC’s effort comes nearly five years after President Trump warned in an executive order about foreign adversaries’ use of communications technologies in espionage. But Cannon pushed back at the notion that the agency has been slow to act, saying that the autonomous vehicle industry is still at a nascent stage. And she noted, her office had less than five people at this time last year. After putting $27 million in funding to use, it now has more than 70 employees.
“It’s not necessarily about what’s happening now but about who is creating the best infrastructure so when technology becomes more sophisticated, they are able to act.”
—Aynne Kokas, University of Virginia
“Frankly, the Commerce Department didn’t really have resources to give the program support [previously],” Cannon said, referring to the necessary funding, manpower, and technology to investigate connected cars.
Interest has been popping up across other levels of government and within privacy organizations. Rep. Slotkin, the Michigan Democrat, last month proposed legislation that, if passed, would establish a review of the national security threat of Chinese connected cars and could allow the DOC to ban them from U.S. markets. The California Privacy Protection Agency, which enforces California’s privacy law, said in July 2023 that it would review connected vehicle privacy practices, though it has not published its findings yet. The Department of Justice is considering passing a rule that would restrict the bulk transfer of personal data on Americans to foreign adversary countries. No such law against it exists at this time.
A warning for a changing world
Sitting in the U.S. Capitol building for a hearing on China’s technology investments this month, Chair John Moolenaar—a Republican from Michigan—said in his opening statement, “Today, the Chinese Communist Party aspires to become an autocracy… To do so, the CCP seeks to control the key technologies in sectors that will determine future conflicts.” In other words, the Chinese government wants command over the technologies involved in future wars and military action, according to the Congressman.
The technologies Rep. Moolenaar referenced in the hearing, however, weren’t autonomous cars. They included semiconductors, ships, and drones. In fact, the threat of Chinese intelligence-gathering through commercial technologies extends far past self-driving vehicles. That the U.S. government may see larger and more immediate threats could explain its lack of action on the matter of data security with relation to the relatively small fleet of Chinese autonomous vehicles in the U.S., experts said.
“The U.S. federal government is just [so] wholly inundated with looking at a raft of other China-related challenges that unfortunately, this particular issue is probably number 18 or 19 on the priority list,” said Singleton from the Foundation for Defense of Democracies.
There is still hope, though, he said. The autonomous vehicle sector isn’t as developed as that of chips and drones, for example, and if the government makes moves in regulating it now, the U.S. won’t have to play catch-up as it has done with other industries.
Many of the experts who spoke with Fortune vehemently believe self-driving cars are the future of the roadway. If that is the case, concerns around how their technologies impact issues like national security and privacy will only grow, as will the number of autonomous cars.
“The world is changing,” said Rep. Slotkin. “Some of the biggest threats against Americans may not be planes or tanks, but data control. Who controls the data coming out of America, and do we want that country to be an adversary? It is the exact version of the TikTok problem but with a new product.”
Read more of Fortune’s award-winning tech coverage:
These are the nine AI startups that VCs wish founders would pitch them
