According to the company’s website, the software is in use for 90,000 rooms globally and “revolutionizes how front-line staff connects with guests.” It was founded by entrepreneur Jos Schaap in 2013, who shifted the hotel software to cloud computing. The Treasury Department implemented two new orders in mid-January expanding the power of CFIUS, that until the 2018 had been limited in its ability to conduct national security reviews of foreign purchases. Under the new rules, CFIUS will greatly expand the number of foreign purchases it can review.
President Trump has ordered an American hotel management software company to divest from its Chinese owner, calling Beijing
’s stake in the firm a threat to U.S. national security.
In an executive order issued Friday, Mr. Trump said there was “credible evidence” that the Chinese purchase of StayNTouch, the software company, could be used for nefarious purposes.
The action followed the indictment last month
of four Chinese military hackers for stealing sensitive U.S. data and a
push by the Trump administration to block China’s massive collection of data on Americans. StayNTouch is owned by Beijing Shiji Information Technology Co., Ltd., a Chinese company, and its Hong Kong subsidiary, Shiji Ltd.
The order requires the company to be divested from Shiji in four
months under the Treasury-led Committee on Foreign Investment in the
United States, known as CFIUS.
The action by the president is one of the first
under a new law passed by Congress two years ago giving increased power
to CFIUS to prevent foreign companies from buying American firms in
deals that could impact U.S. security.
“The president is wasting no time using the new CFIUS laws to mandate
Chinese divestitures rather than relying on the previous system of
semivoluntary procedures,” said John Tkacik, a China
specialist and former State Department official. “And the fact that
this is under President Trump’s signature would indicate his personal
engagement with both the law itself and this particular case.”
The order calls for complete divestment and demands that Shiji refrain from accessing hotel data through StayNTouch, and also prevents Shiji from selling StayNTouch to another Chinese buyer.
Attorney General William Barr last month
highlighted Chinese data theft in announcing the indictment of four
People’s Liberation Army hackers on charges of stealing data on
Americans from the credit reporting firm Equifax.
was purchased by its Chinese owners in September 2018 after developing a
mobile hotel property management system designed to streamline the room
rental process on both tablets and smartphones. A White House National
Security Council spokesman declined to comment.
Frewoini Golla, StayNTouch’s
marketing director, said in a statement that Shiji was disappointed by
the order, insisting the Chinese ownership “is not a threat to U.S. security in any way.”
Ms. Golla said Shiji does not access guest data of StayNTouch
customers and the company offered a range of proposals to mitigate U.S.
government security concerns such as restricting access to guest data
and appointing an independent monitor. “Unfortunately, those offers were
rebuffed,” she said.
According to the company’s website, the
software is in use for 90,000 rooms globally and “revolutionizes how
front-line staff connects with guests.” It was founded by entrepreneur
Jos Schaap in 2013, who shifted the hotel software to cloud computing.
The Treasury Department implemented two new orders in mid-January
expanding the power of CFIUS, that until the 2018 had been limited in
its ability to conduct national security reviews of foreign purchases.
Under the new rules, CFIUS will greatly expand the number of foreign
purchases it can review.
The rules went into effect Feb. 13 and call for
mandatory reviews of foreign purchases even if the buyer has a
noncontrolling interest. The goal is to prevent the transfer or military
technology to adversary states like China or Russia.
Anders Corr, a China expert, said the order highlights the need to cut off Chinese data collection on Americans and others.
“This data can be used to empower China economically by helping them know the customer, as any company would do,” Mr. Corr said. “But in the case of China, it could also be used for blackmail, for example of our government or industry leaders.”
The new CFIUS rules “are absolutely necessary
as the U.S. rebuilds its industrial base and protects its information
economy against further Chinese economic assaults,” he added.
CFIUS also has new power to block real estate
purchase that could have national security effects, such as property
near airports, ports and military bases.
Mr. Tkacik said the focus in the StayNTouch case is designed to prevent China from using hotel software to gain access to sensitive data on travelers.
“I daresay every Chinese espionage agency is
eager for the capability to plug a target official, or businessman, or
suspected foreign espionage agent name into their hacking programs and
find out exactly where she or he is in real time — credit cards,
itinerary, what she or he had for breakfast — and StayNTouch would have that,” he said.
Ministry of State Security and other Chinese intelligence agencies are
gathering vast amounts of data, including hotel information around the
globe. StayNTouch gave Beijing that type of access.
Mr. Tkacik said the order was likely based on U.S. intelligence showing Chinese data collection on hotels.