Skip to content

Cybersecurity, CFIUS, and the Propose SoftBank Purchase of Sprint-Nextel

By
Sunday, May 26, 2013 at 3:42 PM

Some readers may have read about the ongoing proposal that SoftBank purchase a controlling interest in Sprint/Nextel.  As the Washington Post has reported, the Dish network has made a competing offer to purchase Sprint.

Not content with the overt business competition, Dish has also taken a second step of attempting, through the political process, to deter the SoftBank purchase.  SoftBank, you see, is a foreign-owned company (it is domiciled in Japan) and Dish has raised the specter that a foreign company might gain a controlling interest in a critical domestic company.  You may have seen the full page color ad in the Post comparing the purchase of Sprint to the now-infamous proposed purchase of an American port company by Dubai Ports World.   And, needless to say, Dish has is political advocates – a Republican Congressman whose district is home to Dish and Senator Chuck Schumer.

I have no real knowledge of the substance of the purchase – except that it seems SoftBank has offered some pretty significant concessions to US concerns, including that the US would be able to nominate a national security expert of its own choosing to the new SoftBank board.  But I thought that it would be worth offering a short “explainer” of why, after all, the US government has any say at all in a proposed private sector transaction.

The answer lies in the Committee on Foreign Investment in the United States (CFIUS).  CFIUS is an inter-agency committee authorized to review transactions that could result in control of a US business by a foreign person (known as “covered transactions”), in order to determine the effect of such transactions on the national security of the United States.  CFIUS operates pursuant to section 721 of the Defense Production Act of 1950, as amended by the Foreign Investment and National Security Act of 2007 and as implemented by Executive Order 11858 (as amended), and regulations at 31 C.F.R. Part 800.  The Director of National Intelligence is tasked with conducting an intelligence assessment of the risks posed by certain transactions and reporting to the committee on his findings.  His representative sits, ex officio, on the committee and brings a counter-intelligence perspective to its deliberations where appropriate.

If CFIUS determines that the proposed transaction poses a risk of some sort it may prohibit the transaction altogether or, far more frequently, it may enter into a mitigation agreement that puts in place mechanisms and requirements that it deems necessary to ameliorate the risk.  Though CFIUS was initially created to focus on the sale of companies that would result in foreign control of defense-critical industries, in the post-9/11 world it has come, as well, to focus on sales that will effect critical infrastructure (such as the sale of port facilities to Dubai Ports World).  This focus has, on at least one publicly acknowledged occasion, involved the review of a purchase that implicated cybersecurity concerns.

According to the Congressional Research Service, the Israeli firm Check Point Software Technologies decided to call off its proposed $225 million acquisition of Sourcefire, a U.S. firm specializing in security appliances for protecting a corporation’s internal computer networks, because of a CFIUS inquiry).  I’m personally aware of several similar transactions, the details of which are protected by the confidentiality rules that apply to CFIUS activities.

But the bottom line here seems clear – CFIUS has the legal authority to review the proposed SoftBank purchase.  Apparently it is in the midst of doing so and as part of that review SoftBank has already offered some concessions to mitigate concerns.  Dish Network’s political intervention through Congress is an attempt to influence the CFIUS process through public pressure.  We’ll see how that works out.

A Happy Memorial Day to one and all.

 

 

Filed under: Cybersecurity

Tags: