Brendan Carr met with Taiwan’s foreign, digital and telecommunications policy authorities last week, the first Federal Communications Commission (FCC) commissioner to do so in Taiwan. As the country accounts for 90% of the world’s semiconductor production capacity, he didn’t exaggerate when he said, “A free and democratic Taiwan is vital to America’s prosperity.”
Carr also reiterated calls for comprehensive bans on TikTok (a company likely requiring action by the Committee on Foreign Investment in the United States) and telecommunications equipment providers Huawei Technologies Company and ZTE Corporation. Separately, Senator Mark Warner (D-VA) observed, “Not something you would normally hear me say, but Donald Trump was right on TikTok years ago. If your country uses Huawei, if your children are on TikTok… the ability for China to have undue influence is a much greater challenge and a much more immediate threat than any type of actual armed conflict.”
Indeed, many Americans may think that Huawei and ZTE are already banned, but that is not the case. Although these Chinese military entities have been restricted by the Departments of Defense, Treasury, and Commerce for certain federal and commercial uses, this does not prevent them from shipping their wares to consumers. Indeed, during the 2018-2021 period, the FCC reported that it approved some 3,000 Huawei applications for products using the US radio spectrum. To its credit, the FCC closed a loophole by barring Universal Service Fund funds from buying Huawei and ZTE. Going forward, the FCC would reject all future equipment authorization applications from Huawei and ZTE, an enforcement provision the FCC was supposed to finalize within a year of signing the Secure Equipment Act. The law was passed unanimously by Congress and signed by the President on November 11, authorizing the FCC to use its covered list. The deadline passed without any statement from the FCC.
While banning all future sales of Huawei and ZTE is welcome to improve security and deter Chinese government intrusion, this action does little to stop thousands of other technology companies from information belonging to the Chinese government and aligned with the military. Indeed, the Huawei/ZTE ban to date has created other security concerns, including the view that the ban to date is blocking equipment sales in the United States when it is not is not the case; the inference and implication that if Huawei/ZTE equipment is prohibited, then other Chinese equipment is ok; and the gambling, arbitration, and politicization of US cybersecurity regulation by US and Chinese actors, including, but not limited to, delaying, containing, and reducing restrictions on other businesses malicious equipment, white labeling/re-labeling of malicious equipment, counterfeit equipment and other undesirable acts. .
Piecemeal Progress: Winning the Battle but Losing the War
While the piecemeal approach is better than nothing, it creates significant, long-term security consequences. The practice of protecting Americans from Chinese government intrusion rests on a quagmire of cybersecurity policies administered by dozens of federal agencies, each with its own statutory authority and regulatory instruments. It is presumed to work together, although an audit may suggest otherwise.
Moreover, few recognize the Herculean lift to execute a single element of security policy and the associated bureaucratic army deployed to enable and enforce it. Regulation is not computer code that runs on its own. It takes many people to administer, let alone enforce, the Federal Prohibition to Purchase by National Defense Authorization Act (NDAA), the licenses required by the Entity List or the Office of Foreign Assets Control, or cyber hygiene protocols or list of vulnerabilities outlined by the National Institute of Standards and Technology Cyber and Infrastructure Security Agency.
Naturally, the Chinese parties are suing them in a US court. They hire the best law firms in Washington, many of whom employ former federal regulators – a daunting opposition. For example, the most active filer in the FCC’s covered list proceeding is John T. Nakahata, former chief of staff to FCC Chairman William Kennard. Today, Nakahata is the attorney for covered listing company Hikvision and has filed at least two dozen articles reflecting meetings with Chairman Rosenworcel and documents at the FCC.
Although Hikvision is restricted by the Commerce Department’s Entity List for systematic violation of the human rights of Muslims in western China and by the Pentagon for its alignment with the Chinese military, the FCC loose the rules of Hangzhou Hikvision Digital Technology Company (Hikvision) with broad exemptions for consumer use. Only the “public security” and “national security” uses face restrictions.
Notably, other federal laws already prohibit the use of this equipment for public safety and national security. Ironically, Congress enhanced the FCC’s authority precisely to fill the void, because federal statutes don’t cover consumers. However, with this exemption for Hikvision as well as Hytera Communications Corporation and Dahua Technologies Company, the FCC actually offers no safety for consumers. Unfortunately, Hikvision can continue to profit from it while committing what the Office of the United Nations High Commissioner for Human Rights calls crimes against humanity.
There is no former FCC attorney representing the interests of US consumers. Indeed, the most active registrant supporting FCC rules is IPVM, an independent provider of authoritative information and research on physical security technologies, including video surveillance, access control, and threat detection. weapons based in Bethlehem, Pennsylvania.
Separately, China Tech Threat called the covered list exemptions an undermining of the rules. After all, no one would deploy a video camera at home, office, school, bank or any other place except for security.
Ironically, this web of rules is the result of the rule of law, which inherently limits government intervention in the marketplace, but does not necessarily provide “security” as intended. Remember that the only function mandated by the US Constitution is defense, yet America’s preparedness for cyber warfare and protection against cyber intrusions are less than optimal. Many American businesses and individuals attempt to protect themselves with a range of defensive and offensive measures, but the task of detecting, identifying, and deterring threats is in the federal domain, which today is insufficient.
With federal authorities failing on security, states like Florida and Georgia stepped in. A recent executive order from Florida Governor Ron DeSantis prohibits the use and purchase of products and services manufactured by all Chinese government-owned entities, a much more comprehensive list than 10 on the FCC’s covered list.
For a related discussion of new export controls issued by the Bureau of Industry and Security, listing Yangtzee Memory Technology Corporate (YMTC), its suspicious relationship with Apple, tune into this event on Tuesday.