DeepSeek's rise raises data privacy, national security concerns

The emergence of a newly popular artificial intelligence (AI) model from Chinese startup DeepSeek is raising national security and data privacy concerns for the U.S., not unlike those that spurred a ban on TikTok last month.   

While the Chinese AI model’s rise has investors worried about the necessity of American AI companies' massive infrastructure spending, it has experts concerned for other reasons — namely the potential ability for the Chinese government to access and manipulate the platform's data. 

“The privacy policy explicitly says that it collects information and secures it on servers in China. Any data that you're putting into DeepSeek, that is through the app or through a DeepSeek model available on the internet, that is collected and goes to China,” said Oliver Roberts, co-head of the AI Practice Group at law firm Holtzman Vogel. 

DeepSeek exploded onto the scene last month with its R1 model, quickly rising to the top of Apple’s App Store and overtaking OpenAI’s ChatGPT.  

The model’s rapidly growing popularity, along with the Chinese AI startup’s impressive claims about its development, sent investors into a panic about American-made AI, sparking a mass sell-off in the tech sector.  

DeepSeek claims to have built the R1 model using just a few thousand reduced-capacity chips from Nvidia, for a measly overall cost of $5.6 million. This contradicted the assumption of American firms that massive investment in AI infrastructure is necessary to advance the technology. 

Microsoft plans to invest $80 billion in data centers throughout 2025, while Meta will nearly double its spending on capital expenditures this year to between $60 billion and $65 billion. 

OpenAI, Oracle and SoftBank have also taken the lead on the Trump administration’s new Stargate project that plans to invest up to $500 billion in AI infrastructure in the next four years.  

Even as worries abound about what DeepSeek means for American-made AI, other concerns are arising from the Chinese startup’s privacy policies.  

DeepSeek automatically collects data on IP addresses, key stroke patterns and cookies, which is stored on “secure servers located in the People's Republic of China.”  

This raises the prospect that U.S. user data could end up in the hands of the Chinese government, which can legally compel Chinese companies to turn over data, not unlike U.S. law enforcement. 

This data could then be used to profile Americans or manipulate algorithms to target propaganda, Roberts suggested.  

He cautioned that businesses using DeepSeek could risk opening up their trade secrets to China, which has a poor track record on intellectual property protections. 

DeepSeek also currently lacks numerous privacy controls that exist in most other AI models, noted Rob Lee, chief of research and head of staff at SANS Institute, a cybersecurity firm.  

“Unlike OpenAI — which, while imperfect, has a stronger commitment to privacy and anonymization — DeepSeek collects and indefinitely stores massive amounts of user data in China, without clear anonymization measures,” Lee said in a statement. 

“That’s a significant risk, not just from a security standpoint, but in terms of potential data misuse, regulatory concerns, and overall trust in AI systems,” he added. 

The Hill has reached out to DeepSeek for comment.

Some companies have sought to take advantage of the open-source nature of DeepSeek’s models to alleviate these concerns. Perplexity AI has made DeepSeek’s R1 available but is hosting the model “exclusively in US & EU data centers” so that “your data never leaves Western servers.” 

“I think it's really important to distinguish between the DeepSeek products, which is their app, website and their API, and then the open-source model weights,” Dmitry Shevelenko, Perplexity’s chief business officer, told The Hill. 

“The product is very dangerous and scary because they are not only sending all your prompts and questions to China, they're doing scary tracking of your activity on your device as well that they can get access to,” he continued. 

“The flip side is the model weights, which are open source,” Shevelenko added. “We were able to take those and put them ourselves in a U.S. data center and quickly make that available in Perplexity as one of the models.” 

The national security and data privacy concerns emerging around DeepSeek echo the worries that surrounded TikTok and ultimately led Congress to pass a law requiring its China-based parent company ByteDance to sell the app or face a ban. 

The law received wide bipartisan support amid concerns the Chinese government could access U.S. user data and potentially manipulate the content they see on the popular video-sharing platform. More than 170 million Americans use the app, according to TikTok. 

The ban was set to go into effect Jan. 19. However, it is currently on hold after President Trump barred enforcement for 75 days amid efforts to reach a deal to keep the app available in the U.S. 

Several lawmakers have already voiced concerns to the new Trump administration about DeepSeek. 

In a letter to national security adviser Mike Waltz last week, Reps. John Moolenaar (R-Mich.) and Raja Krishnamoorthi (D-Ill.) urged him to consider prohibiting the federal government from acquiring AI systems based on Chinese models, like DeepSeek. They also asked the administration to restrict the use of these models in critical infrastructure. 

Moolenaar and Krishnamoorthi are the top lawmakers on the House Select Committee on the Chinese Communist Party (CCP). 

“[I]t is clear we are at an inflection point in the AI market where PRC AI systems are increasingly available for use in the United States,” they wrote, using an abbreviation for People's Republic of China (PRC). “It is imperative that we do not allow PRC AI systems to gain significant market share in the United States, while acquiring the data of U.S. users that only further enable the capabilities of the AI system.” 

Amid speculation that DeepSeek managed to circumvent U.S. export controls to obtain more advanced chips, the lawmakers also called on Waltz to consider new restrictions on chip sales.  

Sens. Elizabeth Warren (D-Mass.) and Josh Hawley (R-Mo.) similarly wrote to Howard Lutnick, Trump’s nominee to lead the Commerce Department, on Monday to urge him to close a “loophole” in the export control regime. 

“With last week’s release of DeepSeek’s R1, a Chinese artificial intelligence (AI) model that rivals leading U.S. models, we must confront the reality that the PRC challenge to our technological leadership is real, and missteps could seriously undercut our economic and national security,” they said. 

The U.S. developed an increasingly strict export control regime under the Biden administration in an effort to stymie China’s ability to develop artificial intelligence. 

DeepSeek’s rise raises questions about the effectiveness of these controls and the state of the broader tech war between Washington and Beijing. 

“If they have the ability to create models at the same level of complexity as ChatGPT and OpenAI’s products 4.0 as well as o1, then that could put China on pace with the U.S. in terms of AI development, which has broader issues of China's potential ability to create more advanced military equipment, weapons of mass destruction at a level we haven't seen,” Roberts added. 

Texas Gov. Greg Abbott (R) banned state officials from using Chinese-owned technology, like DeepSeek, on government-issued devices Friday, saying it "will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps.”