Brendan Carr met with Taiwan’s foreign, digital and telecommunications policy authorities last week, the first Federal Communications Commission (FCC) Commissioner to do so in Taiwan. With the country accounting for 90 percent of the world’s semiconductor manufacturing capacity, he was not exaggerating when he said, “A free and democratic Taiwan is vital to America’s prosperity.”
Carr also reiterated calls for an outright ban on TikTok (a business likely to require action by the Committee on Foreign Investment in the United States) and telecommunications equipment providers Huawei Technologies Company and ZTE Corporation. Separately, Sen. Mark Warner (D-VA) remarked: “This is not something you would normally hear me say, but Donald Trump was right about TikTok years ago. If your country is using Huawei, if your kids are on TikTok … the ability for China to exert undue influence is a far greater challenge and a far more immediate threat than any kind of actual, armed conflict.”
Indeed, many Americans may think that Huawei and ZTE are already banned, but that is not the case. While these Chinese military entities have been restricted by the Departments of Defense, Treasury, and Commerce for certain federal and commercial uses, that doesn’t stop them from shipping their products to consumers. Indeed, during the period 2018-2021, the FCC reported that it approved about 3,000 applications from Huawei for products using US radio spectrum. To its credit, the FCC closed a loophole by banning Universal Service Funds from buying Huawei and ZTE. Going forward, the FCC is reportedly denying all future applications for equipment authorizations from Huawei and ZTE, an enforcement order that the FCC was supposed to finalize within a year of the signing of the Secure Equipment Act. The law was passed by a unanimous Congress and signed by the President last November, 11, giving the FCC the power to use its Covered List. The deadline passed without any statement from the FCC.
While banning all future sales to Huawei and ZTE is welcome to improve security and prevent Chinese government intrusion, this action does nothing to stop thousands of other Chinese government and military IT companies. Indeed, the Huawei/ZTE ban to date has created other security concerns, notably the perception that the ban to date prevents sales of equipment in the US, when it does not. the conclusion and conclusion that if Huawei/ZTE equipment is banned then other Chinese equipment is fine. and gaming, arbitrage, and politicization of US cybersecurity regulations by US and Chinese players, including but not limited to delaying, restricting, and reducing restrictions on other malicious equipment companies, white-labeling/re-labeling malicious equipment, counterfeit equipment and other adverse effects.
Piecemeal Progress: Winning the battle but losing the war
While the piecemeal approach is better than nothing, it creates significant, long-term security implications. The practice of protecting Americans from intrusion by the Chinese government rests on a brush with cybersecurity policy administered by dozens of federal agencies, each with its own separate legislative authority and regulatory tools. It is assumed that this works together, although a check could indicate otherwise.
Moreover, few recognize the Herculean elevator of executing any security policy and the associated bureaucratic army deployed to enable and deliver it. Regulation is not self-executing computer code. It takes a lot of people to manage, let alone enforce the National Defense Authorization Act (NDAA) federal procurement ban, the authorization required by the Entity List or the Office of Foreign Assets Control, or cyber hygiene protocols, or the list of vulnerabilities described by the Cybersecurity and Infrastructure Security Service of the National Institute of Standards and Technology.
Of course, the Chinese parties contest any action against them in US courts. They hire Washington’s top law firms, many of which employ former federal regulators – an intimidating opposition. For example, the single most active user of the FCC’s Black List process is John T. Nakahata, former Chief of Staff to FCC Chairman William Kennard. Today Nakahata is a consultant to Covered List company Hikvision and has filed at least a dozen documents reflecting meetings with Chairman Rosenworcel and documents with the FCC.
Despite Hikvision being delisted from the Commerce Department’s entity list for systematically violating the human rights of Muslims in Western China and the Pentagon for aligning itself with the Chinese military, the FCC chill out the rules for digital technology company Hangzhou Hikvision (Hikvision) with broad exceptions for consumer use. Only “public safety” and “national security” uses face restrictions.
In particular, other federal laws already prohibit the use of this equipment for public safety and national security. Ironically, Congress strengthened the FCC’s authority precisely to fill the gap because federal statues do not cover consumers. However, with this exemption for Hikvision as well as Hytera Communications Corporation and Dahua Technologies Company, the FCC does not actually offer any safety to consumers. Unfortunately, Hikvision can continue to profit by committing what the UN High Commissioner for Human Rights calls crimes against humanity.
There is no such former FCC attorney advocating for US consumers. Indeed, the most active archive supporting the FCC rules is IPVM, an independent provider of authoritative information and research on physical security technology, including video surveillance, access control and weapons detection based in Bethlehem, PA.
Separately, China Tech Threat called the Covered List exceptions an undermining of the rules. After all, no one would use a video camera at home, office, school, bank or other location if safety and security did not allow it.
Ironically, this web of rules is the result of the rule of law – which inherently limits government intervention in the market, but does not necessarily provide “safety” as intended. Remember, the only mandated function of the US Constitution is defense, and yet America’s preparedness for cyber warfare and protection against cyber intrusion is far from optimal. Many US companies and individuals are trying to protect themselves with a range of defensive and offensive measures, but the job of identifying, detecting and preventing threats is the federal domain, which is currently falling short.
With federal authorities failing to provide security, states like Florida and Georgia have stepped in. A recent executive order by Florida Governor Ron DeSandis bans the use and purchase of products and services by all Chinese government entities, a much more comprehensive list compared to the 10 on the FCC’s coverage list.
For a related discussion on the new export controls issued by the Bureau of Industry and Security, the listing of Yangtzee Memory Technology Corporate (YMTC), its suspected relationship with Apple, tune in to this event on Tuesday.