On April 24, the Federal Communications Commission told four Chinese-incorporated telecommunications firms to present evidence to the US government that their US units don’t pose national security risks. According to The Wall Street Journal, a representative of China Telecom’s American arm said the company looks forward to “sharing information with the FCC that speaks to our role as a responsible telecom company.”
Just a couple of weeks prior, President Donald Trump signed an executive order to formally establish an executive branch committee to review foreign telecommunications firms in the United States, checking for national security risks. Shortly thereafter, the executive branch’s informal process for these kinds of reviews—presently called “Team Telecom,” and soon-to-be formalized through the recent EO—recommended the FCC ban China Telecom from operating in the country.
Justin Sherman (@jshermcyber) is an op-ed contributor at WIRED and a fellow at the Atlantic Council’s Cyber Statecraft Initiative.
The Trump administration is clearly and publicly upping its scrutiny of Chinese-incorporated telecoms. After Washington’s crusade against Huawei, and a forthcoming Senate report that allegedly blasts US regulators for failing to properly oversee Chinese telecoms and their handling of data, these recent actions aren’t exactly knock-your-socks-off surprising. But even if they’re genuinely focused on real national security risks, that doesn’t change the fact that President Trump’s administration doesn’t have a broader strategy.
What the FCC sent to the four companies are called Orders to Show Cause. These orders instruct a recipient firm to demonstrate that its continued operation in the United States doesn’t pose national security risks. Specifically, the ones issued here demand evidence from the four telecoms of why the FCC shouldn’t “initiate proceedings to revoke their authorizations” to operate in the US, under Section 214 of the Communications Act.
“The Show Cause Orders reflect our deep concern … about these companies’ vulnerability to the exploitation, influence, and control of the Chinese Communist Party, given that they are subsidiaries of Chinese state-owned entities,” said FCC chair Ajit Pai. “We simply cannot take a risk and hope for the best when it comes to the security of our networks.”
The orders to China Telecom (Americas) Corporation, China Unicom (Americas) Operations Limited, Pacific Networks Corporation, and ComNet (USA) LLC gave the companies until May 24 to respond. Included in this answer must be a “detailed description” of the firm’s “corporate governance,” network diagrams describing how its systems are used, lists and copies of interconnection agreements with other carriers, and descriptions of the extent to which the firm “is or is not otherwise subject to the exploitation, influence, and control of the Chinese government”—neither a small request nor a mere formality.
China Telecom and China Unicom are both state-owned enterprises, which raises legitimate questions about the Chinese government’s potential access to data. Could it easily request the companies hand over information to intelligence services? Could it compel the firms to insert backdoors on its behalf? What does this presence in the US mean from a resilience standpoint, when US networks could be potentially controlled or manipulated or flat-out shut off in a conflict-like situation?
Pacific Networks (of which ComNet is a subsidiary) is owned by the state-owned CITIC Telecom International; the government connection here is almost as direct. Linking its board room to the CCP’s Zhongnanhai headquarters is certainly a bit clearer here than with Huawei, which isn’t outright state-owned but has nonetheless been subject to many questions, especially from the White House, about its Chinese government ties. Again, Beijing’s potential access to data from Pacific Networks Corporation is a legitimate risk.
The clock is ticking for these companies to respond to the US government. China Telecom asked the FCC for a 30-day extension on the original May 24 deadline. Its lawyers got a reply this past week considering extra time, conditioned on specifying by May 11 which parts of the order they want clarified. Meanwhile, the executive branch is forging ahead—per the recently issued executive order—with formalizing a committee to scrutinize foreign telecoms’ presence in the US. Recommendations to the FCC could include modifying a company’s FCC license with “mitigation” measures or even outright revoking it.
Problem is, for all these actions—which concern legitimate questions about national security, focused on the Chinese government—the bigger picture shows a lack of strategy.
Many issues plague the recent executive order. There is broad language about which kind of FCC licenses can be reviewed; the EO’s title would suggest only those of foreign telecoms, but it appears it could be much bigger. The EO also leaves many questions of implementation up to a memorandum of understanding, which is due several weeks from now.
After the order’s publication, multiple people I spoke with had additionally drawn attention to the future head of this newly called-for, yet-to-be-created committee: the attorney general. In different times, perhaps that’d be a reasonable way to balance represented interests, from the intelligence community to the Departments of Defense and Homeland Security. But these are not normal times—and William Barr is hardly known for his impartiality or respect for the rule of law.
Zooming out even further, the US government lacks clear and objective criteria to define and articulate what makes one foreign telecommunications supplier more trustworthy than another. After all, post-Snowden, it’s a bit hard for the US to beat the “other countries backdoor their systems” argument, sans evidence, without raising eyebrows. The Trump administration also continues throwing digital sovereignty policies in other countries—from onerous source code inspection requirements to limited data localization provisions—into the same “protectionist” bucket. Given this reality, how will these telecom reviews be diplomatically handled?
Even the recent FCC orders don’t get especially detailed. Beyond citing that the companies are state-owned or are controlled by those that are state-owned, the documents don’t elaborate much on why these firms cannot be trusted. So, is it more about ownership, corporate governance, and legal authorities in the country of incorporation than it is about technical security issues?
Or for the administration’s China hawks, is it the mere connection to Beijing? Because as the Trump administration and the president in particular continue China-bashing, spreading xenophobic rhetoric (e.g., around coronavirus’ origins), and preferring in general a zero-sum engagement with counterparts in Beijing, it seems more likely that factor overshadows all else.
There are real national security risks that must be weighed around foreign telecommunications companies. Questions of foreign state ownership should be explored, especially as the world becomes more digitally interconnected and the technological supply chain is a growing vector for hacking and exploitation. But foregoing a broader strategy on supply chain security is not an effective, long-term option for parsing these modern digital risks. Despite the recent China focus, these questions of supply chain policy go far beyond Chinese technology firms, and the US government needs a comprehensive and repeatable process for answering them.
More Great WIRED Stories
- 27 days in Tokyo Bay: What happened on the Diamond Princess
- To run my best marathon at age 44, I had to outrun my past
- Why farmers are dumping milk, even as people go hungry
- What is fleeceware, and how can you protect yourself?
- Tips and tools for cutting your hair at home
- 👁 AI uncovers a potential Covid-19 treatment. Plus: Get the latest AI news
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones