For much of the past two years, Liz Cannon led an office in the Commerce Department that oversaw restrictions on Chinese technology, including cars, drones, and routers. Before that, she was a career prosecutor at the Department of Justice, where she led a team focused on export controls and sanctions. She resigned from the Commerce Department earlier this year, after the Trump administration reached a truce in its trade war with Beijing, and is now a partner at law firm Hogan Lovells. This is a condensed and edited version of our conversation.
Illustration by Lauren Crow
Q: How central has China been to your work in government?
A: During the course of my 11 years at DOJ, so many cases were related to China: economic espionage cases, espionage cases, cyber, export controls. Often the defendant in those cases was tied in some way to the Chinese government. There was also the China Initiative [a controversial program intended to capture Chinese espionage that critics accused of unfairly targeting academics of Chinese descent], which was a huge focus under the first Trump administration.
And then certainly my work [at the Commerce Department] over the last two years looking at the commercial tech space focused extensively on China related risks. When looking at [which] other countries are deeply involved in the commercial tech supply chain, China is one of the largest players, often on par with the United States. And when thinking about how the technology could be leveraged or exploited for sabotage or espionage, China is the primary focus.
You then oversaw a new office in the Commerce Department, the Office of Information and Communications Technology and Services. Why was the office created and what was its goal?
The office was created because there was a recognition that there was a gap in the ability of the U.S. government to address some of the risks in the commercial tech supply chain.
| BIO AT A GLANCE | |
|---|---|
| AGE | 47 |
| BIRTHPLACE | Washington, D.C. |
| FORMER POSITION | Executive director, Office of Information and Communications Technology and Services, Department of Commerce |
| CURRENT POSITION | Partner, Hogan Lovells |
If you think about the other authorities that come into play here, there’s CFIUS [the Committee on Foreign Investment in the United States], which is largely just looking at investment in the United States. There’s the Federal Acquisition Security Council, which is looking at risks in the U.S. government supply chain. But there was no authority that could look broadly across the tech sector, across the commercial tech sector, and identify risks that, from a government perspective, should be considered a national security risk; and there was no authority that could then address those risks.
What were some of your first priorities after becoming its director?
My first priority was to get an action across the finish line. The investigation into [Russian cybersecurity company] Kaspersky had been in motion for several months before I got there, but they had a very difficult time finalizing it. So the first action we took was largely low hanging fruit: to prohibit Kaspersky software and cybersecurity services from being used in the United States.
We then identified a series of tech priority areas, including connected vehicles, autonomous systems and robotics, mobile network hardware, and energy generation and storage.
One of the major factors that played into a lot of the ICTS rules is data collection, whether it was in connected vehicles, cranes, drones, even TikTok. What were your concerns about data, particularly as it relates to Chinese companies?
Data can be used in a couple of ways that, from a national security perspective, in the hands of an adversary, are very concerning. We’re talking about massive amounts of data that can be collected by these devices, and therefore available to the Chinese government. They can take that data and they can sift through it to identify targets of interest. So from an intelligence perspective, they can develop dossiers which would allow them to potentially approach those people, compromise them in some fashion, or just collect information on them that could potentially be leveraged in some nefarious way in the future.
The other way data can be concerning is, especially now, having access to massive amounts of data can help a foreign adversary further advance their AI. The more data that they have available to them helps their AI better understand the world and create more accurate responses.
One of the major rules that ICTS passed under your tenure was on connected vehicles, cars that connect to the internet. What was the rule trying to accomplish?
At the beginning of 2024, [we were] seeing Chinese EVs obtaining a massive amount of market share around the world. And at the time, the United States did not have any Chinese passenger EVs. We recognized that if there were national security risks associated with them, it would be better to act now rather than later, before they actually arrived in the United States.
We discovered that those vehicles are collecting a massive amount of data on the driver, the passengers, and the environments in which the vehicles are operating. Autonomous vehicles are constantly scanning, for example, the driver’s retina. Depending on the level of autonomy, that vehicle may be monitoring to see if the driver is awake. It’s listening in the cabin of the car to see if there are any commands, monitoring for voice recognition. It’s also absorbing a lot of information about the streets, the buildings that they pass. To the extent that these vehicles are driven to sensitive facilities, they’re collecting information about the sensitive facilities.
So it’s a lot of data, potentially very sensitive data, certainly very personal data. That was one of the risks that we identified, and that relates back to the broader risks associated with massive data collection in the hands of a foreign adversary.
The other risk is the ability to potentially remotely manipulate the vehicle. We’ve seen this play out recently in some European countries with Chinese EV buses. The ability to disable the vehicle is very real. If you’re thinking about the potential for huge market share here in the United States, and the ability of a foreign adversary to potentially disable vehicles at opportune times, that’s a problem.
When the rule was first proposed, in September of 2024, you said that any vehicle that is manufactured in China and sold in the U.S. would fall within the prohibitions, including those made by American companies like GM and Ford. That could be read as a ban on Chinese-made cars in the United States. Was that the intent of the rule?
The rule prohibits Chinese vehicles that have that integrated connectivity. Even if those systems are not manufactured by the Chinese entity itself, the fact that the Chinese OEM [original equipment manufacturer], for example, would have access to those systems before they then sell them into the United States market gives them privileged access to the systems and the ability to manipulate them.
We did contemplate that there might be a situation in which a Chinese manufacturer manufactured the frame, the dumb parts of the car, sells that into the United States, and then an [American] OEM would install the more sensitive parts of the vehicle.
An [American] OEM manufacturing in China and selling those vehicles in the U.S., was also intended to be captured. Yes, it’s a U.S. OEM, but they’re operating within China, where the Chinese government has often unfettered access to the companies which operate within its borders, due to its variety of cybersecurity and national security laws. That is a concern from the U.S. national security perspective.
Auto executives are now openly saying that Chinese cars have better tech than American ones. If you take these restrictions to an extreme level, it seems like U.S. companies could wind up less competitive internationally if their tech is not as sophisticated. How did you weigh that trade off?
There is a reason why they have gained such significant market share. Our hope within OICTS at the time was to work with our allies, to talk with them about the risks, and ultimately to try to figure out if they, through whatever legal mechanisms were available to them in their own domestic markets, would consider implementing some kind of controls. The hope was that U.S. and allied companies and suppliers wouldn’t be competing against China, because hopefully those allies would have also recognized the risks associated with those vehicles.
Chinese brands are very rapidly gaining market share in Europe. Are you seeing any evidence that allies are imposing the same types of controls that the U.S. has?
At the end of the Biden administration, there were efforts underway in some of those countries to implement some of those controls. The Trump administration’s posture toward negotiating with allies has complicated that picture somewhat. For example, we have seen Canada open up its borders to allow some quantity of Chinese EVs to be sold within Canada, whereas a year and a half ago, they were considering legislation that would prohibit Chinese EVs.
The EU has imposed significant tariffs on Chinese EVs. And I will flag that several European countries have been highlighting the risks of Chinese buses. They are taking a look at that issue and trying to figure out what they could do. But generally we have not seen the response we were hoping to see.
China has invited in a lot of international auto companies, including U.S. brands, and including high-tech manufacturers like Tesla. If China can figure out a way to allow Tesla into its cities, can the U.S. figure out a way to let in Chinese cars?
China doesn’t exactly let these car companies, or their vehicles, operate freely. They don’t give these car companies all the data they would need to be able to implement fully effective autonomous driving systems. My understanding is that Tesla cars are also limited in where they can operate in the country. U.S. companies are not allowed to send data outside of China. Any data that the vehicles collect has to be kept within China. And they have to provide encryption keys to the Chinese government.
It’s important to highlight that under the OICTS CV rule, companies can apply for a specific authorization [from the U.S. government], which would allow the Commerce Department to impose certain limitations and restrictions. If the U.S. government could be satisfied by the provisions in a specific authorization that the vehicles are secure, that is an option available to them.
This administration has preferred to use tariffs. They’re still focused on China. They are just trying to figure out how they can address these risks that they really do care about without causing China to respond with export controls on rare earths that then upend supply chains…
Is the U.S. in a position now where American companies can take advantage of Chinese technologies through JVs or licensing?
I know that there are a number of [American] OEMs that are very interested in that. From a U.S. government perspective, there is still an interest in wanting to understand, how do we secure the vehicles? How do we ensure that the Chinese government isn’t getting access to these systems, to this data? They would have to work with the Commerce Department, and there would be restrictions on any sort of joint venture they would have with a Chinese OEM.
Senators Elissa Slotkin and Bernie Moreno discuss their bipartisan Connected Vehicle Security Act, Fox News, May 8, 2026. Credit: Senator Bernie Moreno
Some people argue that the U.S. should let Chinese companies manufacture cars locally. Is that a good idea?
I know that there is a lot of opposition to that on the Hill. Members are very concerned about that. But I think there might be a way to move forward.
Is that through JVs? Or do you envision a possibility that, say, BYD could set up a factory in Alabama?
It would need to be through some sort of JV or agreement with an [American] OEM. For example, BYD could manufacture the frame, the non-sensitive parts, and then essentially turn the vehicle over to another U.S. OEM to install those more sensitive systems and to monitor and update those sensitive systems: because from the national security perspective, we just don’t want the Chinese OEM to have control over the data and over those sensitive systems.
Do you think the Trump administration has a coherent view on the types of technology you were looking at?
While OICTS hasn’t taken any new big public actions, the FCC [Federal Communications Commission] has stepped up. They’ve issued a rule with regard to drones. They’ve issued a rule with regard to routers. They have issued a proposed rule with regard to telecommunication providers. So there is still within the Trump administration a lot of concern about connected technology and the risks inherent in those technologies.
I think it would be helpful for the administration to really sit down and coalesce around a priority tech list and a risk framework. To my knowledge, they have not done that.
You left the Commerce Department earlier this year. Why did you resign?
I was the only person at my level who was not a Senate-confirmed political appointee. I was a career person, reporting to the undersecretary. After a year of my being in that office, the undersecretary [Jeffrey Kessler] decided that he would rather have a political person in that position. Going forward, there will continue to be a political person in that position, even in the next administration, whether it be Republican or Democrat.
I was offered another senior executive service position within BIS [the Bureau of Industry and Security.] It was not something that was aligned with my career goals.
Do you think that was related to the way that the Commerce Department now appears to be taking a less aggressive attack toward China?
BIS is an incredibly important, national security-focused bureau. It is having a hard time figuring out, in the context of the China trade detente, how to deploy its authorities without upending that trade posture. [After Trump and Chinese leader Xi Jinping in South Korea met last October, both sides suspended escalatory measures in the trade war.]
It is understandable that the undersecretary would want to have somebody who is politically-aligned and fully supportive of the Trump administration and supportive of that detente. And given my history and my national security experience, I would have preferred to have been more aggressive. That tension was there, but it was a respectful tension.
There are reports BIS is understaffed. Does BIS have enough resources to do its role? Has that made doing this national security-focused work more difficult?
BIS has lost a tremendous number of people over the past year and a half. That is absolutely having an impact on its ability to effectively carry out its mission. The bureau needs to hire more people.
One of the aspects of ICTS’s rulemaking authority is it has to say which country it is talking about when it makes a rule. Is that getting in the way of its ability to pursue rules related to tech competition? You mentioned the FCC, which in its own rules, is not mentioning China.
That is certainly a large part of it. Any kind of regulation coming out of ICTS is very direct. It is, “this is the foreign adversary we’re concerned about. This is the technology we’re concerned about. The combination of the two gives rise to these significant national security concerns.”
Given the trade posture right now between China and the United States, there is a reluctance to be so direct and pointed in these regulations. So the administration is taking a different tack. With the FCC, the regulations on drones and routers are directed at all foreign manufacturers and not specific to any particular foreign adversaries. We may see that ultimately, the restrictions only land on Chinese, or foreign adversary, entities through the use of white lists and conditional approvals, but the initial restriction avoids naming China.
Do you expect that the Commerce Department will pass any rules related to China in the near term?
This administration has preferred to use tariffs. They’re still focused on China. They are just trying to figure out how they can address these risks that they really do care about without causing China to respond with export controls on rare earths that then upend supply chains across a variety of very important industries. It’s a tricky situation to navigate, but I think we will continue to see regulations roll out. They will be very selective and judicious.
China has not exactly been silent in taking actions against the United States. In response to sanctions on its oil refineries, we’ve seen them impose new supply chain restrictions, the ability to take action against companies that are getting rid of some of their Chinese suppliers. My hope is that the U.S. government isn’t going to tolerate that for too much longer, but a lot of this depends on the outcome of the Trump-Xi summits this year.
When the Commerce Department crafted rules related to China, were you anticipating that it could respond with measures like these extraterritorial export controls on rare earths?
BIS has been cognizant of these issues for quite a while, and tried to navigate that as responsibly as possible. And certainly in the Biden administration, the way this was done, and I think it was done fairly effectively, was to roll out an advanced notice of proposed rulemaking, flagging that OICTS is interested in this tech area.
We then rolled out a proposed rule, which plants another flag to let China know this is happening. They can voice objections. And in that build up to the final rule, just before it’s issued, we had some backchannel conversations to say, “We are doing this. These are the reasons we’re doing this.” And also to couch it in terms of, “China, you have similar restrictions in your own domestic markets for a lot of these technology areas. You don’t allow U.S. companies to have full unfettered access, even in the connected vehicle space. And so you’ve similarly recognized national security concerns here.”
You take all of these steps to prepare the relationship for these actions. And we did not see China have such a severe response.
What did you view as the right end state of Chinese involvement in U.S. tech sectors?
China will always be a major player in tech. Maybe with time, industry will create new cybersecurity protections that will allow the U.S. government to feel more comfortable with some of these connected technologies coming from China. A lot of those cybersecurity standards can create pretty robust defenses against hackers. But what the ICTS program is looking at is the supply chain, where access to systems and data by the supplier is not a bug, it’s a feature. Cybersecurity standards don’t do anything to address those risks.
Do you view certain sectors as completely off limits for Chinese investment or involvement in U.S. supply chains?
It all depends on how much control the company winds up having through its investment. If it’s truly just a passive investor, I see very little risk associated with that.
I’m really curious to see what happens with robotics. China’s obviously advancing rapidly, and its market share is increasing. And to the extent robotics become incorporated more thoroughly in critical infrastructure, and we become reliant on Chinese robotics, I see a real problem there.
I don’t know that I’m willing to say they should never be involved in certain tech areas. I think there are areas that give me greater pause. For example, China’s involvement in our power grid, through the use of inverters, is a real concern to me. I’m really curious to see what happens with robotics. China’s obviously advancing rapidly, and its market share is increasing. And to the extent robotics become incorporated more thoroughly in critical infrastructure, and we become reliant on Chinese robotics, I see a real problem there.
| MISCELLANEA | |
|---|---|
| FAVORITE BOOK | To Kill a Mockingbird |
| FAVORITE FILM | Little Miss Sunshine |
| FAVORITE MUSIC | This is always a tough one, and it really depends on my mood. I like anything from classic rock, to hip hop, to folk rock, to reggae. It’s really a blend. |
The Trump administration cut a deal on TikTok, brokering its sale to a consortium of U.S. investors. It’s controversial because the platform still licenses its algorithm from Bytedance, its former Chinese parent company. Is that a model when you talk about ways the U.S. government can figure this out for how to deal with the data issue?
I’m not going to comment on that one. TikTok has been such a thorny issue. The Biden administration felt like that kind of an agreement was never going to fully address the national security risk. The Trump administration feels like it has.
What kind of car do you drive?
I have a Honda, a Hyundai and a VW.
Does any part of you want to drive one of these Chinese electric cars?
They are cool, but I don’t need all of those bells and whistles. It’s almost overwhelming.
Noah Berman is a staff writer for The Wire based in New York. He previously wrote about economics and technology at the Council on Foreign Relations. His work has appeared in the Boston Globe and PBS News. He graduated from Georgetown University.
