Trump administration moves to revoke China Telecom's US licenses on security grounds

A legal filing claims China Telecom is in violation of federal and state cybersecurity and privacy laws, but evidence is redacted.

smart city - wireless mobile network

Highlighting the diminished opportunities for Chinese telecom and technology providers in the US, the Department of Justice (DOJ) announced last week that the Trump Administration would seek to revoke and terminate the licenses of mobile operator China Telecom. China Telecom is authorized to provide communications, data, television and business services in the US as a facilities-based common carrier. It obtains spectrum licenses from the Federal Communications Commission (FCC) under what is called international Section 214 authorizations.

The DOJ announcement said relevant executive branch agencies unanimously recommended that the FCC revoke the telco’s licenses because it is an arm of the Chinese government and therefore poses “substantial and unacceptable national security and law enforcement risks.” Those agencies collectively represent an ad hoc arrangement of the Departments of Justice, Defense, and Homeland Security, formerly known as Team Telecom, which was established to ensure that the FCC defers to the executive branch when it comes to, among other things, matters of foreign ownership of communications assets in the US.

The redacted legal filing containing the agencies’ recommendation was submitted to the FCC’s International Bureau Filing System (IBFS)  by the Department of Commerce’s National Telecommunications and Information Administration (NTIA), which filed on the agencies’ behalf. NTIA’s filing was the first that followed a somewhat unexpected April 4 Executive Order, which formalized or codified for the first time the Team Telecom arrangement.

Non-compliance with state and federal cybersecurity, privacy laws

In their filing, the agencies said that China Telecom poses risks to security and law enforcement because of inaccurate public representations by China Telecom concerning its cybersecurity practices and inaccurate statements by China Telecom to US government authorities about where China Telecom stored its US records. According to the filing, this latter point raises significant questions about whether China Telecom is complying with federal and state cybersecurity and privacy laws.

The agencies expressed particular concern about the nature of China Telecom’s US operations, which, they argue, could give China Telecom the ability to engage in economic espionage and sabotage, mainly through the re-routing of US internet traffic through Chinese servers using something called BGP (border gateway protocol) hijacking. The filing contains a string of links to allegations about China Telecom as a source of BGP hijacking, which, although the filing doesn’t emphasize this fact, often results from simple error and not malign intent.

The recommendation filed by the agencies redacts all the evidence of China Telecom’s cybersecurity wrongdoings. On the federal front, the agencies say specific redacted cybersecurity weaknesses place the company in violation of federal law by allowing customers to believe they received a higher level of cybersecurity than they did, a deceptive practice that the Federal Trade Commission has found in other circumstances to be a violation of the Federal Trade Commission Act. (FTCA).

At the state level, the agencies argue China Telecom violated federal law through its redacted and unspecified missteps by failing to comply with a range of state laws requiring formal cybersecurity policies and appropriate data protection practices. The recommendation says that China Telecom, which offers a variety of communications services across the US, operates in Ohio, Colorado, Delaware, and California, all of which have data privacy protection laws that the agencies argue China Telecom has violated.

“They don’t [present] evidence that China Telecom has done anything nefarious,” one long-time communications attorney familiar with the US-China telecommunications dynamic tells CSO. “Who knows what’s been classified and what they’ve been saying?”

“It does very much speak to the administration’s and the commission’s disposition toward Chinese enterprises,” he adds. “It doesn’t matter if it’s a state-owned enterprise or it’s a private enterprise. It’s very anti-Chinese. The action on China Telecom does not come as a surprise. It was just a matter of time.”

Further actions against Chinese telcos?

The executive order formalizing Team Telecom is entitled “Establishing the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.” It appears to lay the groundwork for further revocation actions by the FCC against Chinese telecom providers. The commission already has a significant track record in clamping down on Chinese interests in US telecommunications, almost all of which center on allegations of supply chain sabotage and espionage.

Last May, the FCC denied an application by China Mobile to provide telecommunications services between the United States and foreign destinations “due to several factors related to China Mobile USA’s ownership and control by the Chinese government.” As is true with the current case made by NTIA in its filing regarding China Telecom, the FCC said that China Mobile’s ownership by the Chinese government makes it a substantial and serious national security risk.

Last November, the FCC barred the use of its $8.5 billion universal service fund for the purchase of equipment from Chinese tech giants ZTE and Huawei. (On March 12, this ban was codified in the Secure and Entrusted Communications Act, which prohibits federal subsidies from going toward the purchase of communications equipment or services that pose a national security risk). Huawei has separately been subjected to two executive orders that bar the sale of their gear in the US and bar US companies from selling essential technology to the Chinese telecom supplier.

One telecommunications executive familiar with cybersecurity threats who requested anonymity separately tells CSO that the US government just wants to marginalize China from a telecom perspective. “On the part of the US government, there is a complete lack of trust in technology or telecommunications coming out of China,” he said. “The executive order speaks to the full-court press on the part of multiple agencies where they are working to limit the availability and the use of certainly Huawei and ZTE and potentially other providers.”

The communications attorney familiar with the FCC’s China politics predicts that China Unicom is the next Chinese company in the administration’s crosshairs, in keeping with the April 4 executive order. “China Unicom is next,” he says. “There’s no question about that,” noting that both China Telecom and China Unicom got their licenses at the same time and have been operating in the US for 15 years.

Although the administration and the commission may have legitimate evidence that China Telecom, or Huawei or China Unicom pose serious supply chain security threats to US national and economic security, there is a downside to, in essence, punishing Chinese companies, he says. “It is a threat to the ability of US companies to continue doing business in China, particularly in this sector,” the attorney says. “For the past twenty-odd years, both in terms of service and in terms of equipment, the telecom industry has increasingly been one of global interdependence.”

In the meantime, China Telecom, through its attorneys, has asked the FCC for the opportunity to respond to the allegations presented in the government’s filing before it moves on the proposed revocation. They have asked the commission to refrain from taking any action before China Telecom can give a response at an evidentiary hearing.

Copyright © 2020 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)