Why are surprisingly few people worried about the highly confidential data they trust their cloud provider with, yet when a company is Chinese, it's seen as a big issue?
There's the well-known argument that cloud providers can't afford to snoop on their customers - if word got out, they'd be out of business. I don't see why the same argument doesn't apply to Chinese companies. As soon as they violate the trust and someone finds out, they lose the future business.
> yet when a company is Chinese, it's seen as a big issue?
There is an obvious double standard, but remember that a toxic double standard and malicious actions (by a state, private group, or individual) are not mutually exclusive.
> if word got out, they'd be out of business
This is clearly nonsense, because we've seen this happen many times over the last few years. This kind of idealistic view where markets solve monopoly-related problems or overcome state-level power is just an idealized caricature that doesn't really exist in reality. People often stay with bad service either out of ignorance (people are busy and don't always recognize important information immediately, or even have the necessary background knowledge to recognize the situation as a problem. More often, there are other factors that force their decision (e.g. no parent is going to leave a service if it's the only way they can communicate with their kid. Even without those problems, there is a psychological inertia that needs to be overcome when making any change.
In reality, I've never met anyone outside the tech industry that actually believes Facebook/Google/etc are truly trustworthy. Most people know they are doing something, shady, but don't have the technical.background and experience required to properly recognize data-related problems. They don't trust the cloud provider, but also don't think it's a problem that affects them directly. Most of the time, it doesn't even matter, because monopoly limits their options, if they even understood that they had a choice.
Well, you try to successfully blackmail people. Success not only means that the blackmail target gives you what information or action you want, but also to keep quiet about it. So the Chinese (or anybody really) will weigh the risk of being found out or exposed as a blackmailer, against the value a successfully blackmailed target can provide.
So a state-sponsored blackmailer is unlikely to use "dragnet blackmail", especially if their economy is put at risk, as the chances of being exposed compared to the possible gain isn't good enough.
But if the blackmailer would want to blackmail specific powerful people, then the risk of it backfiring might be justified, also depending how "good" the compromising information you can hold over their head really is. On top of that, you might try some kind of parallel construction in case it backfires where you shift blame from your companies e.g. to some hacker, even "government hacker" if have to be. If in doubt, blame North Korea or the Russians for now. And if that fails, let the government take a hit in reputation (they don't care much anyway) instead of letting your companies and thus economy take a hit.
What's happening these days seems to be the opposite, anyway: The Chinese do not actually need to get caught doing anything, there is enough to "theories" out there that say Chinese "could" do bad things or "probably are", be it Huawei being ripped on by every spook, journalist and their dog when it comes to 5G, be it the recent story of the Chinese bugging Apple, or this one, or the constant stream of latent "chinese hackers" stories.
(Don't get me wrong: the Chinese most likely are exploring ways to maximize their intelligence gathering, just like about any other nation; I'd be really surprised if they left bugging of stuff to the NSA etc, and blackmail to the Russians and the CIA and friends)
Chinese companies are much more likely than Western companies to be forced by the government to do something that may not be aligned with their business interests. It's just easier for the government to get away with it, and they have the incentive.
Imagine if a foreign advesary had access to this data, as well as credit-rating information like that obtained from the Equifax hack (not saying China is behind that, but it's plausible) and information like that was obtained from the Office of Personnel Management hack.
Then add some sophisticated big data analytics capabilities on top of that and a troublesome picture emerges.
I think parent is saying this would be an interesting way to mine a population for marks that could be espionage targets with easily identifiable special needs susceptible to temptation by foreign entities for nefarious goals. Did I make that obtuse enough or what? :D
Who owns my medical information? Who controls how it's used, aggregated, disseminated, etc? If I want to be the only person who has my medical records, going around to every provider and getting a copy before having them all destroy theirs, is this possible?
There's the well-known argument that cloud providers can't afford to snoop on their customers - if word got out, they'd be out of business. I don't see why the same argument doesn't apply to Chinese companies. As soon as they violate the trust and someone finds out, they lose the future business.