At its April 2018 open meeting, the Federal Communications Commission adopted a Notice of Proposed Rulemaking that proposes and seeks comment on a rule prohibiting the use of Universal Service Fund (USF) funding to purchase equipment or services from suppliers that pose a national security threat to the integrity of U.S. communications networks or the U.S. communications supply chain. Comments are due on or before June 1, 2018, and reply comments are due on or before July 2, 2018. An earlier blog post provided a summary of the NPRM. This blog post identifies a few broader issues surrounding the FCC’s proposal.

Past Behavior Is Informative: China Has Ripped Off American Companies’ Trade Secrets And Intellectual Property For Years

For many years now, the U.S. federal government and American companies within the communications and technology industries have been suspicious of Chinese companies and China’s ruling party, and for good reason. Although China joined the World Trade Organization in 2001, a move many hoped would push the country to embrace free markets, its economy remains heavily managed by the state. Through various means, China forces technology transfers in which foreign companies doing business in China are required to disclose key technology and trade secrets to their Chinese partners. Moreover, Chinese companies often engage in outright theft of foreign companies’ intellectual property through corporate cyberespionage. If a foreign company wants access to the Chinese market, it must be willing to play by these rules and it must be willing to accept a playing field that is uneven at times. It’s a simple as that. More importantly though, these brief examples showing how China “cheats” at business provide an excellent prologue to the FCC’s blacklist rule. China’s government restricts its citizens’ access to certain Internet services and sites, and censors online expression. If China’s government wants a Chinese telecom equipment manufacturer to bake secret backdoors into their equipment that is sold overseas, you better believe it will happen. At least that’s the prevailing conventional wisdom in the West.

What About U.S. Cybersecurity Experts: Even If The Threat Serious, Can’t Someone Stop It

The underlying assumption in the NPRM is that communications equipment produced by certain foreign companies contain secret backdoors that will give foreign actors easy access to U.S. communications networks. Another thought is the equipment may contain a secret kill switch, enabling foreign actors to shut down integral parts of U.S. communications networks from abroad any time they want. Pretty scary, right?

One common response to all of this is doesn’t the U.S. has the cybersecurity expertise and resources to sufficiently defend against these threats. The short answer is yeah maybe, but probably not at the scale this problem potentially presents.

You rarely ever see news coverage about how a U.S. company successfully fought off a cyber-attack. Data breaches and DDoS attacks are what you hear about. Don’t mistake coverage of breaches as an indication of cybersecurity expertise. There are sophisticated cybersecurity firms helping businesses defend themselves against all kinds of hackers, including state actors. New cybersecurity firms pop up every day. And, you better believe U.S. federal agencies have some of the best cybersecurity experts in the world. It seems this would be a great new business opportunity for cybersecurity firms to specialize in auditing Huawei equipment.

Despite all of this, the scale at which blacklisted equipment could spread through U.S. communications networks, and assuming secret backdoors really do exist, the potential for foreign actors to use that equipment to launch nefarious cyber operations pose too big of a problem. It cannot be addressed simply by saying U.S. cybersecurity firms will detect these backdoors and shut them down. The potential scale of the problem is just too great.

Will Small Carriers Be Required To Rip Out Equipment From Their Networks

On one hand, the real loser here would appear to be rural America. Equipment manufactured by companies likely to be blacklisted – Huawei and ZTE – account for a very small percentage of total U.S. communications network infrastructure, but most of it is used in networks that serve rural America. Communications providers that serve these high-cost areas bought Huawei equipment because of the low price (and the quality). They don’t have the luxury of choosing a more expensive equipment from a different vendor because cost is such an important factor in their network planning decisions.

Rural providers serve sparsely populated areas where it can cost tens of thousands of dollars to connect one customer location to the network. It’s hard to recover costs across a small customer base. Rural providers can’t negotiate volume discounts like AT&T, CenturyLink, or Verizon. Here’s what Joe Franell, CEO of rural communications provider Eastern Oregon Telecom, told the Wall Street Journal about his decision to save $150,00 on network upgrades by using Huawei equipment:

“Our margins are pretty thin,” Mr. Franell said. “If you start dictating what kind of equipment I can use, it tips the scales.” He said he thinks the new legislation making the rounds in Washington is more likely driven by nationalism and protectionism than by real concerns about hacking and spying. ”I’m not going to rework my whole business plan based off a rumor or an unsubstantiated allegation,” he said.

There have been suggestions that the rule should be more expansive. For instance, it’s possible that the existing use of blacklisted equipment by a USF recipient could jeopardize all future USF support distributions. This could result in equipment being ripped out of networks and replaced. As evidenced by the above quote from the company in Oregon, applying the proposed rule in this way could be extremely costly for rural carriers that have already deployed equipment produced by manufacturers thought to be placed on the blacklist.