Today, China Tech Threat filed comments with the U.S. Federal Communications Commission (FCC) on proposed rules that would prohibit all future authorizations for communications equipment deemed to pose an “unacceptable risk to national security.”
In June, the FCC adopted a Notice of Proposed Rulemaking and Notice of Inquiry seeking comment on a proposal to prohibit future approvals of communications equipment that pose unacceptable risk to U.S. national security and whether approvals should be revoked from products and services from the FCC’s Covered List pursuant to the Secure and Trusted Communications Networks Act of 2019.
China Tech Threat’s comments, filed jointly with BluePath Labs, advises the agency on how to ensure the Covered List of vulnerable equipment vendors is current and relevant. It names two companies, Lenovo and YMTC, that evade U.S. regulation despite dangerous ties to the Chinese government and military.
Below are key points from the filing. A full copy is linked here.
- Most Americans don’t realize that they are at risk from intrusion by the People’s Republic of China (PRC) when they use products and services like smartphones by Huawei and ZTE, video surveillance cameras by Hikvision and Dahua, and Hytera radios that are widely available on Amazon.com, Best Buy, and Walmart. Despite significant policy to curtail national security risk, the FCC approved 3000 authorizations for Huawei alone since 2018.
- The FCC proposes to close this gap by restricting, if not revoking, equipment authorizations from these firms, which it has placed on its Covered List per Congress’ 2019 Secure and Trusted Networks Act. The FCC has a unique, important authority granted by Congress to regulate commercial equipment which uses radio frequencies.
- The FCC has made a good start to propose restricting equipment from five Chinese military aligned companies, but there are many more entities operating in the US which pose an unacceptable national security risk. Per the requirements of the Secure and Trusted Networks Acts, Lenovo and YMTC should be added to the FCC’s Covered List. Both these entities meet the technical and administrative criteria established by the Secure and Trusted Networks Act. Multiple US agencies have reported that traffic has been re-routed and re-directed on Lenovo equipment; DoD describes the security risk of the using this equipment and has restricted it internally. As a semiconductor fabricator, YMTC, which the White House called out in a recent report, can enable kill switches on chips which can cause remote disruption, if not shutdown of a piece of equipment, and even a network.
- All information technology from the People’s Republic of China (PRC) is vulnerable to that government’s intrusion, whether through technical means like control channels, backdoors or kill switches or through government practices of surveillance, espionage, and sabotage. The only way to effectively mitigate the risk of PRC intrusion is to restrict the device.
“We applaud the FCC efforts to update its rules to address the growing threat of vulnerable PRC devices deployed in American homes, schools, and workplaces,” said China Tech threat Co-Founder Dr. Roslyn Layton. “Americans think that the policies adopted at the federal level keep them safe, but they don’t. The Department of Defense has called out the unacceptable risk of PRC intrusion on Huawei smartphones, Lenovo laptops and YMTC chips, but these products are still widely available or installed in other consumer electronics. The FCC wants to close this loophole and has the Congressional mandate, authority, and capability to do so.”