China Tech Threat welcomes the recent Federal Communication Commission (FCC) announcement giving 30-days notice to four Chinese carriers (China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet) to explain Chinese government ownership and control of their businesses. The move reflects a recent Executive Order strengthening so-called Team Telecom. The FCC’s action is built upon the recommendation U.S. Departments of Commerce, Defense, Homeland Security, Justice, and State and the U.S. Trade Representative.
The Team Telecom order is designed and timed to strengthen executive authority so there is greater support for the FCC to prevent and remove licenses to entities presenting a national security risks. While the Order fast-tracks review with 30 day shot clock for applicants, it also applies retrospectively and hence triggered the review of the four Chinese firms. However important, the Team Telecom Order has a critical blind spot. The wording of the order mandating review “applications and licenses” may unwittingly prohibit its jurisdiction to actors in unlicensed spectrum, which by definition, do not need a license. While the FCC sets power levels for electromagnetic interference on devices (that symbol on the back of equipment), it says nothing about the security of the device. While vulnerable technology can be ripped and replaced from licensed networks, there is no mechanism for the FCC to recall devices from unlicensed spectrum for security reasons.
As Roslyn Layton explains in Forbes, the US may be safe from malicious Chinese providers on 5G, but Wi-Fi networks are vulnerable. The FCC action correctly denied a license to China Mobile, but it can’t stop China Mobile’s daughter company China Mobile Group Device Co. from operating in unlicensed spectrum. Dr. Layton further describes how firms owned and affiliated with the Chinese government are using these loopholes to run around US security policy, whether by infiltrating America’s standards organizations or its Wi-Fi networks. China’s objectives for dominance in information technology and control of the global data trade has been described in its influence of international standard-setting organizations such as the International Telecommunications Union (ITU), the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Governance Forum (IGF), the Internet Engineering Task Force (IETF), and the International Standards Organization standards (ISO).
Among the 800 members of the Austin, TX based Wi-Fi Alliance are many firms owned and affiliated with the Chinese government and listed in the US National Vulnerabilities Database, restricting their use in the federal government. These member firms include Wi-Fi Alliance honoree Lenovo, world’s leading maker of laptops, ZTE Corporation (network equipment), Hangzhou Hikvision Digital Technology Co., Ltd. (surveillance cameras), Lexmark (printers), and TCL Corporation (smart TVs). China Tech Threat’s report Stealing from the States: China’s Power Play in IT Contracts documents how such companies have evaded rules against their deployment in US federal networks to embed themselves at the state level, home to treasure troves of sensitive data for elections, financial reports, and personal information but which have fewer security controls.