Excerpt of a Wired article by Justin Sherman (edited by Alan J Weissberger):
The Trump administration is clearly and publicly upping its scrutiny of Chinese-incorporated telecoms. After Washington’s crusade against Huawei, and a forthcoming Senate report that allegedly blasts U,S. regulators for failing to properly oversee Chinese telecoms and their handling of data, these recent actions aren’t exactly surprising. But even if they’re genuinely focused on real national security risks, that doesn’t change the fact that President Trump’s administration doesn’t have a broader strategy.
What the FCC sent to the four companies are called Orders to Show Cause. These orders instruct a recipient firm to demonstrate that its continued operation in the United States doesn’t pose national security risks. Specifically, the ones issued here demand evidence from the four telecoms of why the FCC shouldn’t “initiate proceedings to revoke their authorizations” to operate in the U.S., under Section 214 of the Communications Act.
“The Show Cause Orders reflect our deep concern … about these companies’ vulnerability to the exploitation, influence, and control of the Chinese Communist Party, given that they are subsidiaries of Chinese state-owned entities,” said FCC chair Ajit Pai. “We simply cannot take a risk and hope for the best when it comes to the security of our networks,” he added.
The orders to China Telecom (Americas) Corporation, China Unicom (Americas) Operations Limited, Pacific Networks Corporation, and ComNet (USA) LLC gave the companies until May 24 to respond. Included in this answer must be a “detailed description” of the firm’s “corporate governance,” network diagrams describing how its systems are used, lists and copies of interconnection agreements with other carriers, and descriptions of the extent to which the firm “is or is not otherwise subject to the exploitation, influence, and control of the Chinese government”—neither a small request nor a mere formality.
Editor’s Note: China Mobile, the largest wireless telecom carrier in China is missing from the above list!
Pacific Networks (of which ComNet is a subsidiary) is owned by the state-owned CITIC Telecom International; the government connection here is almost as direct. Linking its board room to the CCP’s Zhongnanhai headquarters is certainly a bit clearer here than with Huawei, which isn’t outright state-owned but has nonetheless been subject to many questions, especially from the White House, about its Chinese government ties. Again, Beijing’s potential access to data from Pacific Networks Corporation is a legitimate risk.
The clock is ticking for these companies to respond to the U.S. government. China Telecom asked the FCC for a 30-day extension on the original May 24 deadline. Its lawyers got a reply this past week considering extra time, conditioned on specifying by May 11 which parts of the order they want clarified. Meanwhile, the executive branch is forging ahead—per the recently issued executive order—with formalizing a committee to scrutinize foreign telecoms’ presence in the US. Recommendations to the FCC could include modifying a company’s FCC license with “mitigation” measures or even outright revoking it.
Many issues plague the recent executive order. There is broad language about which kind of FCC licenses can be reviewed; the EO’s title would suggest only those of foreign telecoms, but it appears it could be much bigger. The EO also leaves many questions of implementation up to a memorandum of understanding, which is due several weeks from now.
After the order’s publication, multiple people I spoke with had additionally drawn attention to the future head of this newly called-for, yet-to-be-created committee: the attorney general. In different times, perhaps that’d be a reasonable way to balance represented interests, from the intelligence community to the Departments of Defense and Homeland Security. But these are not normal times—and William Barr is hardly known for his impartiality or respect for the rule of law.
Zooming out even further, the U.S. government lacks clear and objective criteria to define and articulate what makes one foreign telecommunications supplier more trustworthy than another. After all, post-Snowden, it’s a bit hard for the U.S. to beat the “other countries backdoor their systems” argument, sans evidence, without raising eyebrows. The Trump administration also continues throwing digital sovereignty policies in other countries—from onerous source code inspection requirements to limited data localization provisions—into the same “protectionist” bucket. Given this reality, how will these telecom reviews be diplomatically handled?
Even the recent FCC orders don’t get especially detailed. Beyond citing that the companies are state-owned or are controlled by those that are state-owned, the documents don’t elaborate much on why these firms cannot be trusted. So, is it more about ownership, corporate governance, and legal authorities in the country of incorporation than it is about technical security issues?
Or for the administration’s China hawks, is it the mere connection to Beijing? Because as the Trump administration and the president in particular continue China-bashing, spreading xenophobic rhetoric (e.g., around coronavirus’ origins), and preferring in general a zero-sum engagement with counterparts in Beijing, it seems more likely that factor overshadows all else.
There are real national security risks that must be weighed around foreign telecommunications companies. Questions of foreign state ownership should be explored, especially as the world becomes more digitally interconnected and the technological supply chain is a growing vector for hacking and exploitation. But foregoing a broader strategy on supply chain security is not an effective, long-term option for parsing these modern digital risks. Despite the recent China focus, these questions of supply chain policy go far beyond Chinese technology firms, and the U.S. government needs a comprehensive and repeatable process for answering them.