China’s DeepSeek AI Faces Security, Privacy, and Political Scrutiny Amid U.S. Backlash
DeepSeek, a China-based AI service, has rapidly gained traction since the launch of its open-source DeepSeek V3 model in late January. The model, which reportedly rivals Claude 3.5 and GPT-4o in functionality while operating on significantly lower costs, has stirred enthusiasm in the AI community. However, recent investigations have raised security and privacy concerns, prompting U.S. agencies to restrict its use.
The Rise of DeepSeek
According to Engadget, DeepSeek’s latest model gained instant popularity, soaring to the top of the U.S. App Store upon release. The AI’s appeal lies in its efficiency and affordability—costing under $6 million to develop, compared to the billions invested by tech giants in competing models. However, some have disputed its development cost claims.
Political Alignments and Content Restrictions
Early user interactions exposed DeepSeek’s adherence to Chinese government narratives. Reports from Mastodon user LoneLocust and other testers revealed that the AI refused to acknowledge Taiwan as a country. When probed, it initially provided information about Taiwan before abruptly retracting the details, stating, “Sorry. That’s beyond my current scope. Let’s talk about something else.” Similarly, when asked about the Tiananmen Square massacre of 1989, DeepSeek avoided the topic altogether.
Security and Privacy Red Flags
Beyond content restrictions, security experts have flagged DeepSeek for major privacy risks. An Ars Technica report detailed findings by mobile security firm NowSecure, which discovered that the DeepSeek iOS app transmits user data unencrypted to servers controlled by ByteDance, the parent company of TikTok. Furthermore, a ZDNet investigation found that sensitive user data was forwarded to Chinese state-affiliated entities, including China Mobile, which has long been banned in the U.S. for security concerns.
NowSecure co-founder Andrew Hoog criticized DeepSeek’s lax security measures, stating:
“There are fundamental security practices that are not being observed, either intentionally or unintentionally. In the end, it puts your and your company’s data and identity at risk.”
U.S. Government Response
In response to these concerns, U.S. agencies, including NASA and the U.S. Navy, have begun restricting DeepSeek’s app and website access. This aligns with growing international scrutiny over Chinese AI applications and their potential data security risks.
The Privacy Policy’s Red Flags
Even without its reported security flaws, DeepSeek’s privacy policy raises significant concerns. A ZDNet analysis revealed that the service openly states that personal data is stored on secure servers in China. The data collected includes:
- IP address, device identifiers, and cookies
- Date of birth, email, phone number, and password
- Chat history, text, audio inputs, and uploaded files
- Proof of identity and customer service inquiries
Cybersecurity experts warn that under China’s cybersecurity laws, companies must provide government access to their data upon request.
Future Implications
Experts predict that DeepSeek’s efficiency in AI training could lead to a proliferation of third-party applications built on its platform, amplifying security risks. The Future Society, an AI policy nonprofit, warns that this could create widespread vulnerabilities if misused.
Final Verdict: Avoid DeepSeek
While DeepSeek is no longer the No. 1 app in the U.S. App Store, it remains in the top 5 in productivity. However, cybersecurity experts strongly advise against using the app.
“From a privacy and security standpoint, the best time to not use DeepSeek is ever. The second best time is right now.”
Lee Enterprises Hit by Ransomware Attack, Disrupting Newspapers Across 24 States
Lee Enterprises, one of the largest newspaper publishers in the U.S., is grappling with a weeks-long cyberattack that has disrupted operations across more than 70 publications. The company, which publishes over 400 daily, weekly, and specialty newspapers in 24 states, confirmed in a recent SEC filing that a ransomware attack had encrypted critical applications and exfiltrated data.
Scope of the Attack
According to the U.S. Press Freedom Tracker, the cyberattack has affected print distribution, online news access, and internal operations such as billing, collections, and vendor payments. While some print editions in North Carolina and Oregon were delayed or missed, digital access remains disrupted, with many Lee websites displaying maintenance messages.
The SEC filing noted that the attackers “unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.” Despite these disruptions, Lee Enterprises has not disclosed whether a ransom demand was made or if the company intends to comply.
Delayed Recovery & Financial Fallout
Lee Enterprises has indicated that recovery efforts will take “several weeks” and warned that the attack could have a “material impact” on future financial results. The publishing industry, already struggling with declining print revenues, faces additional financial strain from the attack.
Security concerns in the media industry are growing, with this incident following a wave of cyberattacks on major organizations, including AT&T, Change Healthcare, and Ticketmaster. The increasing frequency of such breaches raises questions about the resilience of critical information systems, especially in news organizations that play a key role in public information.
