House Intelligence Committee Report Finds Huawei and ZTE Could Undermine US National Security, 10/8/2012.

House Intelligence Committee Report Finds Huawei and ZTE Could Undermine US National Security

October 8, 2012. Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersburger (D-MD), the Chairman and ranking Democrat of the House Intelligence Committee (HIC) released a part of a report [60 pages in PDF] titled "Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE". The HIC did not release a "classified annex" to the report.

This report finds that "the risks associated with Huawei's and ZTE's provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests".

It recommends that "Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. U.S. network providers and systems developers are strongly encouraged to seek other vendors for their projects."

Huawei responded in a release that the HIC report "failed to provide clear information or evidence to substantiate the legitimacy of the Committee's concerns". The report "employs many rumors and speculations to prove non-existent accusations".

Huawei also wrote that "We have to suspect that the only purpose of such a report is to impede competition and obstruct Chinese ICT companies from entering the US market."

This report recommends that the US intelligence community "should actively seek to keep cleared private sector actors as informed of the threat as possible".

This report recommends that the Committee on Foreign Investment in the United States (CFIUS) "must block acquisitions, takeovers, or mergers involving Huawei and ZTE".

The report recommends that proposals to give the CFIUS authority to review "purchasing agreements should receive thorough consideration by relevant Congressional committees". However, the report cites no pending bills.

The CFIUS was created by Section 721 of the "Defense Production Act of 1950", which is codified at 50 U.S.C. App. 2170. This section was significantly revised by HR 556 (110th Congress), the "Foreign Investment and National Security Act of 2007". President Bush signed it into law on July 26, 2007. It is now Public Law No. 110-49.

Neither the CISPA, SECURE IT Act, nor CSA would expand CFIUS authority to include purchasing agreements. See, HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA", S 2151 [LOC | WW], the "SECURE IT Act", and S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012" or "CSA".

This report recommends that "U.S. government systems, particularly sensitive systems, should not include Huawei or ZTE equipment, including component parts. Similarly, government contractors -- particularly those working on contracts for sensitive U.S. programs -- should exclude ZTE or Huawei equipment in their systems."

It also states that "Committees of jurisdiction within the U.S. Congress and enforcement agencies within the Executive Branch should investigate the unfair trade practices of the Chinese telecommunications sector, paying particular attention to China’s continued financial support for key companies."

In addition, "Committees of jurisdiction in the U.S. Congress should consider potential legislation to better address the risk posed by telecommunications companies with nation-state ties or otherwise not clearly trusted to build critical infrastructure. Such legislation could include increasing information sharing among private sector entities, and an expanded role for the CFIUS process to include purchasing agreements."

The report is silent as to whether antitrust regulators in the US should leverage their power to block mergers to impose supply chain conditions.

For example, both the Department of Justice's (DOJ) Antitrust Division and the Federal Communications Commission (FCC) will stand in judgment of the proposed T-Mobile USA MetroPCS combination. See, story titled "T-Mobile USA and MetroPCS to Merge" in TLJ Daily E-Mail Alert No. 2,457, October 3, 2012.

Both companies do business with PRC companies. For example, on September 21, MetroPCS and ZTE announced in a release that MetroPCS will sell the ZTE Anthem 4G. See also, March 16 release.

TLJ spoke during the Bush administration with then DOJ Assistant Attorney General Thomas Barnett regarding the role of national security in DOJ telecom antitrust merger reviews during a recess of a House Judiciary Committee (HJC) hearing. He explained that the DOJ conducts economic analysis and applies federal antitrust law. However, he used words such a "primary", rather than "only", to describe the DOJ's concern for antitrust law and economics. He also passed up the opportunity to state that national security concerns never influence DOJ antitrust merger reviews. (Also, the questions did not reference foreign supply chain concerns.)

The HIC investigated Huawei and ZTE. This included requests records, asking questions, traveling to the PRC, and conducting a hearing.

The HIC held a hearing on September 13 titled "National Security Threats Posed by Chinese Telecom Companies Working in the U.S." Charles Ding (Corporate SVP of Huawei) and Zhu Jinyun (SVP for North America and Europe, ZTE) argued that their companies are independent of the government and military of the People's Republic of China (PRC) and do not present security threats to the US or US businesses. See, story titled "House Intelligence Committee Holds Hearing on PRC Telecoms" in TLJ Daily E-Mail Alert No. 2,451, September 19, 2012.

The report is notable for its lack of factual allegations that identify specific acts by either Huawei or ZTE that constitute support for cyber espionage, and cyber warfare activities by PRC companies, government or military. However, the report does not disclose classified information that the HIC received from US intelligence agencies.

The report emphasizes the lack of cooperation provided by the two companies during the HIC's investigation, and the extensive record or cyber espionage, and theft of trade secrets and intellectual property, by PRC companies and government.

This report concludes that the HIC "remains unsatisfied with the level of cooperation and candor provided by" Huawei and ZTE.

"Neither company was forthcoming with detailed information about its formal relationships or regulatory interaction with Chinese authorities. Neither company provided specific details about the precise role of each company’s Chinese Communist Party Committee. Furthermore, neither company provided detailed information about its operations in the United States. Huawei, in particular, failed to provide thorough information about its corporate structure, history, ownership, operations, financial arrangements, or management. Most importantly, neither company provided sufficient internal documentation or other evidence to support the limited answers they did provide to Committee investigators."

This report was prepared by Rep. Roger and Rep. Ruppersburger. It was not subjected to consideration and vote by the full Committee. However, other members of the HIC announced their support.

For example, Rep. Adam Schiff (D-CA) stated in a release that "At a time when Chinese collection intelligence efforts against the United States are significant, and Chinese theft of American trade secrets is rampant, handing critical telecommunications infrastructure to Huawei and ZTE poses too great a threat to our security and economy."

He added that "until the Chinese government takes real steps to curtail Chinese cyber intrusions and the theft of trade secrets, and these firms become far more transparent, the U.S. government and private sector entities must view the provision of critical infrastructure by these two companies as a risky proposition."