FCC Adopts More Transparency and Coordination in Foreign Telecom Review Process

By Justin Sherman
Wednesday, October 7, 2020, 8:01 AM

On Sept. 9, the Federal Communications Commission (FCC) elaborated on forthcoming changes to the United States’s process for screening foreign telecommunications companies for security risks. This announcement follows, and directly responds to, an April 4 executive order that turned Team Telecom—the U.S. government’s previously informal review group for doing just that—into an executive branch committee. That formalizing of Team Telecom allowed the government to step up its power to act against foreign telecoms operating in the country, whether by making a firm’s license conditional on certain security measures or even recommending a firm be kicked out of the U.S. altogether. All of this likely happened in reaction to a Senate investigation and subsequent report published in June, which found the executive branch had failed to adequately manage the security risks of Chinese state-owned telecoms operating in the country.

These recent developments matter because they directly affect the ongoing U.S.-China technology conflict, which has taken on an especially political and process-absent bent in the Trump administration—but which isn’t bound to vanish anytime soon. A lot of media attention is devoted to foreign-owned software, with the TikTok and WeChat sagas, but an ongoing and less-covered policy shift is occurring in how the U.S. government screens foreign-owned telecoms for security risks as well. And in this domain, the recent FCC publication says, the commission is promoting more transparency to the public and more coordination within the U.S. government on these foreign-owned telecom security issues.

For more than two decades, the document states, the FCC has referred applications for telecom licenses with “reportable foreign ownership” to executive branch agencies “for their input on any national security, law enforcement, foreign policy, and trade policy concerns.” This has occurred “when an applicant has a 10% or greater direct or indirect foreign investor,” and the referrals have been made to an array of agencies from the Department of Defense to the U.S. Trade Representative and the National Telecommunications and Information Administration (NTIA). If a review of a foreign-owned telecom is deemed necessary, Team Telecom would initiate the inquiry. From 2013 to 2019, the FCC says, it referred to the executive branch an average of 16 percent of submarine cable and international Section 214 licenses (the latter are the licenses needed by foreign firms). The process has evolved over time, according to the FCC, such as when the NTIA requested the committee require foreign-owned applicants to provide more information on issues such as ownership structure and network operations.

The big shift now under way, with a large focus on Chinese state-owned telecommunications companies, was spurred by the aforementioned Senate report, which found relevant executive branch agencies (the FCC included) exercised “minimal oversight” of those foreign-owned firms and thus did not adequately protect U.S. national security. So, President Trump signed an executive order in April 2020, midway through the Senate investigation and likely because of it, and changed up the U.S. government’s process for dealing with this element of digital supply chain security. The Senate report still found the committee’s power limited, even after the executive order.

The goals of the FCC’s recent changes to the screening process for foreign telecoms are twofold: more public transparency and more coordination within the government. On the first point, the FCC is adopting a new security review timeline for foreign-owned telecoms—“a 120-day initial review followed by a 90-day secondary assessment”—because commenters on the issue emphasized that predictable review timelines are “critical to securing foreign capital in U.S. communications services and infrastructure and maintaining U.S. competition and innovation.” The FCC is also establishing new rules for transparency—such as rules about the information the executive branch needs for a review and which kinds of applications will be reviewed. It is also exempting from review international Section 214 applications “where the only reportable foreign ownership interests are held by wholly owned intermediate holding companies and the ultimate ownership and control is held by U.S. citizens or entities.” Significantly, though, the FCC will continue referring foreign-owned telecoms for executive branch review even if they have already been screened by the Committee on Foreign Investment in the United States (CFIUS), because it says executive branch review of FCC-referred telecoms “includes issued that are not addressed by CFIUS.”

Second, the FCC is promoting more coordination within the government on this issue set, including through more standardization of the screening process. It will be publicly publishing “a standardized set of national security and law enforcement questions (Standard Questions) that elicit the information needed by the Committee within those categories of information that we establish today.” By contrast, there has been some public information about the committee’s recent (and still ongoing) reviews of Chinese state-owned telecoms in the United States, but there is still opportunity for more transparency. The FCC said it will also be requiring foreign telecoms to send information directly to the new executive branch committee, which itself should adopt some transparency mechanisms to avoid leaking any sensitive information.

The FCC’s new report clarifies many other changes—as well as policies that won’t change—and, again, this is not a comprehensive summary. They include requiring that most covered foreign applicants for FCC licenses certify they will comply with the Communications Assistance for Law Enforcement Act, a law for lawful interception of communications; continuing the current practice of allowing inspected telecoms a chance to respond to national security and law enforcement concerns; and requiring that most covered applicants

certify that they will make communications to, from, or within the United States, as well as records thereof, available in a form and location that permits them to be subject to lawful request or valid legal process under U.S. law. We find that this certification requirement will ensure that, to the extent any of an applicant’s operations are based principally outside of the United States, such applicant would not be able to use that network configuration to avoid complying with legal requirements that would apply to a U.S.-based provider providing the same services. This certification would require that applicants make communications and records related to services covered by their license or authorization available in response to lawful U.S. request or legal process, regardless of whether communications are carried, or records are maintained, locally in the U.S. or elsewhere.

This is not, the FCC says, the same as effectively creating a data localization requirement because the executive branch “has made clear that U.S. policy favors the free flow of information, which is antithetical to forced localization” and the CLOUD Act “requires U.S. service providers to comply with law enforcement orders issued under the Stored Communications Act regardless of whether a communication, record, or other information is located within or outside of the United States.”

All told, the Senate report—which looked into executive branch oversight of foreign state-owned telecommunications firms operating in the U.S.—concluded that more resources and authorities are needed for the executive branch to more effectively manage and mitigate national security risks posed by foreign state-owned telecoms. Some of these changes would have to come through Congress, and there is an open question as to whether legislation of the kind the Senate report recommends (increasing the authority and resources of the committee) might be passed at some point. Passing that kind of law would certainly enable the committee to operate more effectively within the government, both in the powers it could be given to review foreign-owned telecoms for security risks and in the resources it would have to conduct those reviews. One finding of the Senate investigation, for instance, was that Team Telecom was woefully inadequately funded and staffed.

But within the purview of the FCC’s existing authorities, the commission’s report makes clear that the agency is moving to adopt changes called for by the executive order as well as those raised generally by other stakeholders who are dissatisfied with the existing review process. The FCC is right to push for more transparency. In an age when supply chain decisions around the world are increasingly driven or underpinned by nationalism—in perception or in reality—clarifying the questions asked in telecom decisions and some of the criteria used to judge one foreign-owned telecom more trustworthy than another is essential for building a more cohesive, repeatable, long-term process around this issue. The FCC is also right to push for more coordination and to work to minimize unnecessary and counterproductive friction in the review process.

Key to watch, then, is what, if anything, will visibly change going forward—and that includes the executive branch’s ongoing look into four Chinese state-owned telecommunications carriers presently operating in the United States. The FCC sent letters to the four telecoms asking for information on why they don’t pose national security risks, and many of them responded. There has been some movement since then (like an Aug. 17 notice to China Telecom that the FCC passed on some information from the company to the Justice Department), but by no means has a clear decision been reached. How the FCC handles companies may reveal the impact of the new review process for foreign telecoms.