What have CFIUS and Team Telecom been up to?
In the past few years, two federal government interagency committees—the Committee on Foreign Investment in the United States (CFIUS) and Team Telecom—have begun to play an important role in the government’s effort to counter potential threats from Chinese companies’ involvement in the United States. Both committees review certain foreign companies’ American investments. CFIUS has jurisdiction over a broad swathe of foreign investment in the U.S., and Team Telecom’s jurisdiction covers certain licenses for foreign telecommunications companies to operate. Both committees have become more assertive—often retroactively ordering divestiture or revocation against Chinese companies, sometimes years after an investment was completed or a license granted. And notably, both committees seem to be broadly maintaining a similar posture under President Biden as under President Trump.
This post reviews both committees’ origins and activities.
The Committee on Foreign Investment in the United States
The Committee on Foreign Investment in the United States is an interagency committee, headed by the treasury secretary, tasked with reviewing foreign in-bound investments for national security risks. If CFIUS deems a foreign investment a national security threat, it can force the investor to pursue measures to mitigate the risks or recommend that the president prohibit the transaction or order divestiture of a past investment. CFIUS orders or presidential orders on CFIUS’s recommendation are subject only to limited judicial review, and the government does not have to produce extensive justifications for its national security recommendations or divestment orders. CFIUS never publicizes its reviews and publishes few details about its internal deliberations or reasoning for specific cases. CFIUS, historically, intervened rarely and focused primarily on investments critical to national security.
CFIUS’s few public actions, along with media reports on CFIUS activity over the past five years, yields several trends that are particular to CFIUS, beyond those trends shared with Team Telecom and enumerated above. CFIUS has been particularly aggressive toward in-bound Chinese investment in the semiconductor industry (a long-standing concern) and to investments giving Chinese firms access to Americans’ personal data (a new concern). Moreover, while CFIUS under the Biden administration seems on track to continue Trump-era CFIUS’s aggressive focus on China and technology, Biden’s emerging effort to multilateralize foreign investment screening via intelligence sharing partnerships with allies and coordinated reviews suggests a potential break with Trump.
CFIUS 2016–2018: China, Chips and Data
From 2008 to 2018, Chinese investments went from being reviewed less than those of France, Canada, the United Kingdom, or Japan to being the most scrutinized of any country, with more Chinese deals examined than those of the next three countries combined, with particular attention paid to acquisitions in advanced technology sectors.
From 2016 to 2018, all three transactions that the president blocked were Chinese investments in the semiconductor sector. In 2016, President Obama blocked Fujian Grand Chip Investment Fund from acquiring a U.S. subsidiary of German semiconductor company Aixtron SE, because the transaction “threaten[ed] to impair [U.S. national security,” given Aixtron’s role as a semiconductor “producer and innovator.” In 2017, Obama blocked Chinese firm Canyon Bridge Capital Partners Inc. from acquiring Lattice Semiconductor Corp., a U.S. company that sold semiconductors to the U.S. military, due to threats posed by China to the semiconductor supply chains. Finally, in 2018, Trump blocked Singapore-incorporated Broadcom’s hostile takeover of U.S. semiconductor manufacturing leader Qualcomm. Though no Chinese firm was directly involved, CFIUS, in a letter addressed to the parties, expressed concerns that Broadcom would reduce research and development expenditures, facilitating Chinese telecom giant Huawei’s 5G telecom dominance, and that the merger would disrupt Qualcomm’s ability to supply the Department of Defense and U.S. infrastructure.
Beyond scrutiny of semiconductor investments, CFIUS was also active in policing transactions that enabled Chinese companies to access personal data. In 2016, AppLovin, a U.S.-based mobile advertising company, agreed to sell itself to Chinese private equity firm Orient Hontai Capital. However, Reuters reported in November 2017 that AppLovin was forced to transform the deal from a sale to Orient Hontai Capital into a debt investment and a reduced 9.98 percent equity investment, in order to avoid giving the private equity firm a majority stake in the company. CFIUS was reportedly concerned about a Chinese company acquiring AppLovin’s data.
CFIUS’s review of China Oceanside Holdings Group’s acquisition of U.S. insurance company Genworth, although eventually approved in June 2018, delayed the deal by almost two years from its initial announcement. To overcome CFIUS’s data privacy concerns, Genworth agreed to “use a U.S.-based, third-party service provider to manage and protect the personal data of Genworth’s U.S. policyholders” as a mitigation measure. Similarly, CFIUS delayed approving Chinese conglomerate HNA Group’s proposed acquisition of U.S. hedge fund SkyBridge Capital until the parties eventually abandoned the deal. On Jan. 2, 2018, it was announced that CFIUS had rejected Ant Financial’s takeover of U.S. money transfer company MoneyGram International Inc. According to Reuters, the two companies proposed mitigation measures, but CFIUS rejected them, fearing U.S. citizens’ identification data would not be safe should the transaction go through. These data-related actions portended CFIUS’s direction over the coming years.
FIRRMA: Origin, Purpose and Key Provisions
In 2018, Congress passed the Foreign Investment Risk Review Modernization Act (FIRRMA)—a major expansion of CFIUS’s authority and standardization of CFIUS processes—largely in response to perceptions that the threat from Chinese investment was rapidly exceeding CFIUS’s exisitng capacity. As FIRRMA sponsor John Cornyn noted, under Beijing’s 2015 “Made in China 2025” plan, China seeks to dominate Fourth Industrial Revolution industries, such as semiconductors, artificial intelligence, robotics, and information technology by 2025. Chinese businesses had already increased their technological capabilities through foreign direct investment in the U.S., which rose approximately 18,000 percent in a decade, to $45.2 billion in 2016.
FIRRMA doesn’t just apply to China-related issues, but it did single out China by requiring CFIUS to issue specific reports to Congress on Chinese investments. FIRRMA’s sponsors cited as justification for the legislation China’s “weaponization” of often ostensibly private investment in the U.S. and “foreign adversaries’” (China’s) efforts to use investments to “obtain sensitive dual-use U.S. technologies, many of which have potential military applications[, which] have jeopardized the United States’ ability to maintain our historical military advantage and have, in turn, weakened our defense industrial base.” One major concern among lawmakers centered on China’s exploitation of a loophole exposed during telecom company Huawei’s pre-FIRRMA acquisition of 3Leaf, a U.S. server technology company. Because the transaction was only for $2 million and involved only the purchase of patents, Huawei declined to notify CFIUS, believing the transaction too insignificant to require reporting. Although CFIUS reviewed the transaction after the fact and ordered divestment, Huawei had already gained access to 3Leaf’s sensitive technology.
FIRRMA broadened the definition of “covered transactions” (transactions that must be reported to CFIUS for review before completion) to include even minority investments in businesses in certain sensitive U.S. industries. FIRRMA defines these sensitive businesses as “TID U.S. business”—that (a) “produces, designs, tests, manufactures, or develops … critical technologies,” (b) “owns, operates, manufactures, supplies, or services critical infrastructure,” or (c) “maintains or collects sensitive personal data” of American citizens threatening national security (emphasis added). Minority investments in TID businesses that give investors access to (a) “material nonpublic technical information,” (b) “membership or observer rights on the board of directors,” or (c) involvement in substantive decision-making receive CFIUS scrutiny.
FIRRMA also expands the definition of “critical technologies” to include “emerging and foundational technologies” controlled by the 2018 Export Control Reform Act (ECRA). While not referenced explicitly, fears of China’s technological ambitions appear implicit in FIRRMA’s language mandating that CFIUS consider “whether a covered transaction involves a country of special concern that has a demonstrated or declared strategic goal of acquiring a type of critical technology or critical infrastructure that would affect United States leadership in areas related to national security” when determining which transactions are covered.
FIRRMA authorizes the Treasury Department to list certain “excepted foreign states” from CFIUS’s expanded jurisdiction. The list, which CFIUS can change according to certain criteria, includes just Australia, Canada and the United Kingdom because of their “robust intelligence-sharing and defense industrial base integration mechanisms with the United States.”
Post-FIRRMA, two key procedural trends emerged. First, CFIUS has begun investigating more “non-notified transactions.” These are transactions that do not have to be reported but CFIUS later determines may threaten national security. CFIUS contacted parties in non-notified transactions a record 117 times in 2020, more than in 2018 and 2019 combined. The rise of non-notified transactions demonstrates that post-FIRRMA, CFIUS is more proactive and more willing to take initiative. A second indicating an increasingly China-focused process—is the rise of short-form “declarations,” instead of formal filings to save time and expense, mostly used for low-risk investments from allied countries. Rather than filing a formal notice, such low-risk investors can file a simple declaration, which results in a shortened 30-day review process, after which CFIUS can clear the transaction, request the parties file a more formal written notice, or initiate a unilateral review. From 2019 to 2020, short-form declarations—overwhelmingly from investors in allied countries such as the U.K. and Canada--even as formal filings have declined. This fast-track process has enabled CFIUS to focus its resources and attention on investments from U.S. adversaries--namely China. Likely in part due to increased U.S.-China tensions, Chinese foreign direct investment into the U.S. plummeted since peaking in 2016 at $45 billion. In 2018–2020, Chinese foreign direct investment averaged a mere $7 billion. Chinese investor CFIUS filings have declined accordingly, from 55 to 22.
Post-FIRRMA CFIUS 2018–2020: Data Dominance
From 2018 to 2020, after FIRRMA singled out “personal data,” the only two official forced divestitures and two other major reported CFIUS actions all concerned fears about Chinese access to Americans’ personal data. CFIUS has also targeted several investments retroactively, forcing divestiture years after the initial investment, even for transactions that, at the time, did not require a filing.
In March 2019, CFIUS forced Chinese gaming company Beijing Kunlun Tech Co. (Kunlun) to sell the U.S. dating app Grindr, which it acquired in 2016. CFIUS’s concerns regarding Grindr seemed to focus on privacy, given that Grindr had tens of millions of users—most of whom were members of the LGBTQ community—and collected its users’ personal location data, messages and HIV status. Indeed, one year prior, two U.S. senators wrote to Kunlun’s CEO asking for information about Grindr’s privacy protections, particularly around users’ HIV status data. Reportedly, American officials worried the Chinese government could conceivably use information gathered to blackmail American officials or contractors, threatening national security. In May 2020, Kunlun finally announced CFIUS’s approval of a sale to an American buyer.
In April 2019, CNBC reported that CFIUS had effectively forced iCarbonX, a Shenzhen-based company, to sell its recently acquired majority stake in PatientsLikeMe, a U.S.-based health data company that provides a platform to connect patients with similar medical conditions. Per CNBC, the likely reason was the Chinese company’s access to vast amounts of Americans’ sensitive health data.
In March 2020, on CFIUS’s recommendation, Trump ordered China-based Beijing Shiji Information Information Technology Co. Ltd. to divest itself of U.S. software company StayNTouch. Again, Trump provided no detailed information regarding the reasoning behind the order, aside from noting that he had “credible evidence” that Shiji, through its acquisition, “might take action that threatens to impair [U.S.] national security.” It’s impossible to say for certain, but given StayNTouch’s role as a software company providing management systems to hotels to connect with former customers, the Trump administration may have been worried about Shiji’s access to StayNTouch’s stores of Americans’ personal and financial records. The divestment order further suggests a data focus, as it required Shiji to “divest all interests in … data (including customer data managed and stored by StayNTouch),” to “refrain from accessing … hotel guest data through StayNTouch,” and to “ensure that controls are in place to prevent any such data access until such time as the divestment has been completed.”
The final CFIUS action of the Trump years was also the most prominent and most notable for two reasons: It resulted in only the second-ever instance of CFIUS litigation, and CFIUS for the first time failed in attempting to force divestiture. In August 2020, Trump formally ordered Chinese social media company ByteDance to divest from TikTok. The order followed a months-long investigation, urged on by senators of both parties, among others, regarding the risk that TikTok’s Chinese ownership posed to American data security, potential foreign influence operations and censorship,
Numerous complications arose from this action, especially because Trump had issued another executive order targeting TikTok one week before the CFIUS order, under power granted to him under the International Emergency Economic Powers Act (IEEPA) to outright ban “transactions” with entire companies. For readers interested in more background, Lawfare has published posts that explain the relationship between the IEEPA action and the CFIUS probe.
The Trump administration’s forced divestiture soon ran into a series of hurdles. First, Trump’s own professed desire for the U.S. government to take “a cut” of any TikTok sale provided evidence of mercantilist, not national security, motives. Even as Trump gave the sale to Oracle “his blessing,” he also insisted that ByteDance would be contributing $5 billion to an education fund, which ByteDance denied. Second, perhaps in part because of these confusing statements, two different federal judges issued preliminary injunctions against the IEEPA order following lawsuits from TikTok and several TikTok creators, challenging the order, adding more confusion to TikTok’s legal status. Finally, on Nov. 10, 2020, TikTok and ByteDance sued over CFIUS’s action in particular, accusing CFIUS of procedural violations (“reject[ing] mitigation” and “truncat[ing] its review and investigation”) under the Administrative Procedure Act and Due Process Clause. They also alleged that CFIUS acted beyond its jurisdiction by targeting ByteDance’s ownership of TikTok at all. The only acquisition ByteDance made within CFIUS’s purview was of another company, Musical.ly, which ByteDance then integrated with its preexisting TikTok platform. Therefore, because TikTok itself was not acquired through foreign investment, ByteDance alleged that TikTok was off limits to CFIUS and outside of its jurisdiction. But the whole ordeal has so far yielded no court rulings. CFIUS, after granting ByteDance repeated extensions on the divestment deadline, reportedly placed the divestment on indefinite hold, stalling the litigation
TikTok’s legal future remains uncertain under the Biden administration. While President Biden clearly shares Trump’s concerns about TikTok—banning his campaign staff from using it, and calling it a “genuine concern”—the Biden administration requested the CFIUS lawsuit be held in abeyance, pending a review. On June 9, Biden formally revoked Trump’s IEEPA order regarding TikTok, replacing it with an order urging the federal government to “evaluate these threats through rigorous, evidence-based analysis.” The order also directed the commerce secretary to develop recommendations—legislative and executive—on how best to protect Americans’ personal data against foreign-adversary controlled systems, suggesting that CFIUS may act against TikTok in the future.
Biden and CFIUS: Continuity and Change
Despite the reconsideration of the TikTok order, all signs indicate the Biden administration CFIUS remains as laser focused on China as post-FIRRMA CFIUS under Trump. The accelerated downward trend of Chinese foreign direct investment in the U.S., which reached only $800 million in the first quarter of 2021, suggest that Chinese investors might be wary of the investment climate in the U.S.. In the first half of 2021, non-notified transactions were up another 50 percent, suggesting that CFIUS has maintained its post-FIRRMA proactive posture.
Biden has repeatedly urged liberal democracies to coordinate a strategy for issues around technology and China and seems to be including CFIUS within his broader cooperation goals. Biden is reportedly “working to create a process for sharing information on potentially troubling investments with foreign allies,” including through channels like the “Quad,” a group of four democratic, China-skeptical Indo-Pacific countries (Australia, Japan, India and the U.S.), and the just-launched joint U.S./EU Trade and Technology Council. This would be consistent with FIRRMA, which urges CFIUS to “establish a formal process for the exchange of information … with governments of countries that are [U.S.] allies or partners.” Biden’s push toward greater international cooperation may be aided by the trend among U.S. allies, concerned about Chinese foreign direct investment in their own strategic sectors, toward more rigorous foreign investment screening. Since 2019, Japan, Australia, Canada, the United Kingdom, Germany and the European Union have all strengthened their investment-screening regimes.
President Biden has not yet forced a divestiture, but reporting suggests that CFIUS remains focused on Chinese companies’ access to American critical technology (semiconductors in particular) and Americans’ personal data.
On June 15, CFIUS informed Magnachip Semiconductor that it was pausing Magnachip’s acquisition by Chinese investor Wise Road Capital and imposing “interim mitigation measures” pending review. Because this was a non-notified transaction, CFIUS proactively contacted the parties requesting a filing, and the pause followed just four days after they filed. On Aug. 27, Magnachip disclosed that CFIUS had sent the parties a letter suggesting CFIUS’s opposition. The letter asserted that CFIUS had “identified risks to [U.S.] national security … arising as a result of the merger” and had “not identified any mitigation measures.” Following further CFIUS investigation, “absent new information,” CFIUS intends to “refer the matter to the President for decision.” Although Magnachip maintains only that it and its “[p]arent are assessing next steps,” the deal seems doomed. Magnachip is a Korean company and, according to the Wall Street Journal, “Magnachip officials said the deal doesn’t deserve U.S. scrutiny because its operations are in South Korea and almost all of its sales and employees are in Asia and Germany.” That CFIUS is investigating such a transaction, and so rapidly, illustrates CFIUS in action post-FIRRMA. Given how critical companies in allied countries are to the semiconductor supply chain and the risks of technology transfer in the deal, this action makes sense from a national security perspective, but CFIUS’s extraterritorial focus is notable.
While CFIUS’s action against Magnachip was apparently unilateral, there has also been reporting that CFIUS is coordinating with U.S. allies. Recent reporting suggests that CFIUS is scrutinizing Tencent’s minority investment in Japanese e-commerce site Rakuten, which collects users’ personal data and browsing and shopping history. In April 2021, the Japan Times reported that the “Japanese and U.S. governments are planning to jointly monitor e-commerce giant Rakuten Group Inc. for fear of customer data falling into the hands of Chinese authorities” (emphasis added). Coordination between CFIUS and allied government officials tasked with reviewing foreign investment is likely a model that CFIUS will pursue moving forward.
Both the Magnachip acquisition pause and the Rakuten investigation signal continued focus on semiconductors and data, but the Biden administration has started to demonstrate what a foreign investment screening regime that relies increasingly on international cooperation could mean in practice.
A final CFIUS matter to watch is the U.S. Innovation and Competition Act of 2021 (USICA)—a science and technology investment bill that the Senate passed on June 8, which broadens CFIUS’s jurisdiction to certain gifts to, and contracts with, universities. The language may be altered in negotiations with the House, and it remains uncertain whether the bill will be passed into law at all, but USICA may add to CFIUS’s remit.
Team Telecom
The informally named Team Telecom is another national security foreign investment interagency committee review process that has in recent years been focused on China and Chinese threats in cyberspace. Composed of national security Department of Defense, Department of Justice, and Department of Homeland Security secretaries, Team Telecom reviews telecommunications license applications for foreign-owned companies to operate in the U.S. or connect the U.S. to foreign communications networks.
Team Telecom was created by a 1997 Report and Order, in which the Federal Communications Commission (FCC) stated that it would seek guidance from expert executive branch national security agencies regarding applications for telecommunication licenses when the applicants have a foreign investor with at least 10 percent ownership and there are “national security, law enforcement issues, foreign policy and trade concerns [raised] by the Executive Branch[.]” The FCC has referred three types of applications to a group of executive branch agencies concerned with national security, which would eventually become Team Telecom. The FCC referred international Section 214 licenses, referring to § 214 of the Communications Act of 1934, which bars common carriers from constructing new or extending existing telecommunications lines without an FCC certificate stating that “public convenience and necessity require or will require it,” which the FCC has interpreted to encompass national security, law enforcement, and trade concerns; international submarine landing cable licenses, under the Submarine Cable Licensing Act, to connect the U.S. to other countries, which the FCC can “withhold or revoke” when it would “maintain[] the rights and interests of the United States … or will promote the security of the United States;” and other licenses that, under Communications Act § 310(b), require the FCC to conduct a foreign investment review.
For 23 years, the FCC referred these foreign-owned applications to executive branch national security agencies. Over the years, ad hoc advice-seeking transitioned into an informal procedure whereby Team Telecom reviewed license applications and issued recommendations: approve the license, deny the license, or accept the license conditioned on a national security mitigation agreement. Although the FCC has sole discretion over these licenses, it typically heeds Team Telecom recommendations.
Team Telecom actions since 2019 demonstrate key themes: Team Telecom has focused overwhelmingly on China and has been increasingly aggressive in its retroactive targeting of previously granted licenses, and the FCC has maintained bipartisan unanimity in its rulings across both Trump and Biden administrations. Team Telecom’s concerns have included surveillance, economic espionage and hacking threats, disruptions to law enforcement, and, critically, China’s access to Americans’ data.
Section 214 Denial: China Mobile
On May 9, 2019, for the first time ever, the FCC, on Team Telecom’s recommendation, denied an application for international § 214 authorization. In 2011, China Mobile International (USA) Inc.—a Chinese state-owned enterprise (SOE)—applied for authorization to provide international telecommunications services in the U.S. The FCC sought advice from Team Telecom, which, a full seven years later, in July 2018, issued its recommendation to deny China Mobile’s application. The recommendation—based on government documents, criminal prosecutions, and classified intelligence, particularly related to recent increases in Chinese cybersecurity breaches and economic espionage—asserted that the application did not serve the public interest because of national security risks. Team Telecom noted that the national security environment has changed since China Mobile’s initial filing, given China’s sophisticated use of state and non-state actors, including SOEs, for cyber interactions and attacks on America. This change warranted a different outcome from the FCC’s prior grants to other Chinese SOEs. They also found that, due to its government ownership, “China Mobile is vulnerable to exploitation, influence, and control by the Chinese government” and would thus “likely comply with requests by the Chinese government for information, access to its network, and any other assistance, including cyber intrusion and attacks.” Per Team Telecom, § 214 authorization for China Mobile could therefore facilitate further cyberattacks and economic espionage.
China Mobile responded to the petition to deny, arguing that the FCC should reject Team Telecom’s recommendation. China Mobile denied its subservience to the Chinese government, noting that the malign activities Team Telecom cited were not conducted by China Mobile. Team Telecom replied that China’s military-civil fusion strategy and its history of pressuring SOEs and other companies suggests ongoing national security risks. Team Telecom also asserted that mitigation would not suffice, because China Mobile would still own its network, operate its equipment, and be compelled to comply with instructions from Chinese government officials to violate any mitigation agreement.
The FCC unanimously denied China Mobile’s application, accepting Team Telecom’s view of changed national security circumstances and of China Mobile’s risks, while also adding its own arguments. It cited several other analyses confirming Chinese government control over SOEs and noted that, regardless of ownership, China’s National Intelligence Law required that Chinese companies give Chinese intelligence agencies access to their data and “control of [their] facilities, including communications equipment.”
Several FCC commissioners, both Democrats and Republicans, issued separate statements urging a hardline against Chinese threats, foreshadowing future Team Telecom actions. Commissioner Michael O’Rielly urged reforming and streamlining Team Telecom procedures, and Commissioner Brendan Carr proposed the FCC “go even further” and revoke Chinese SOEs’ existing § 214 authorizations.
Formalization of Team Telecom
In 2020, President Trump signed Executive Order 13913, formalizing Team Telecom. The order should be understood in the context of the 2019 China Mobile denial and other government actions countering Chinese telecommunications companies’ involvement in the U.S. in the past two years. These included Trump and Biden executive orders to secure telecommunications supply chains; a statute prohibiting federal subsidies used for telecom network services or equipment that pose a national security threat; an FCC rule barring the use of certain funds to purchase equipment or services from Huawei and ZTE (which the U.S. Court of Appeals for the Fifth Circuit upheld); and an IEEPA executive order that forced the delisting of China Mobile, Chinese Telecom and China Unicom from the New York Stock Exchange.
Executive Order 13913 also responded to those frustrated with Team Telecom delays, a cohort ranging from the hawkish O’Rielly to China Mobile itself. The FCC issued notice of a proposed streamlining to Team Telecom in 2016, but Executive Order 13913 was not finally issued until April 4, 2020. Despite Team Telecom’s new formal name (the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector), the committee is still referred to as Team Telecom. (Perhaps CFAFPUSTSS was simply too long!)
The executive order established Team Telecom procedures. It laid out detailed timelines and processes for how the committee will conduct reviews, determine recommendations and gather information from applicants. But beyond procedure, the executive order did not fundamentally change Team Telecom’s jurisdiction or national security objectives (although it does clarify that the FCC can revoke existing licenses). Committee members on Team Telecom are departments of Justice, Homeland Security, and Defense secretaries as committee members, with the attorney general serving as chair, and various other cabinet secretaries as “committee advisors.” On Sept. 30, the FCC issued a Report and Order reforming its own processes in response to the executive order. Notably, the FCC clarified that it could refer even CFIUS-reviewed investments to Team Telecom.
Several FCC commissioners expressed support for the executive order, including O’Rielly, Carr and then-Chairman Ajit Pai. After the FCC Report and Order, Commissioner Jessica Rosenworcel—now acting chairwoman—insisted that “we make a mistake if we stop here” and urged review of several existing Chinese SOEs’ § 214 licenses. Commissioner Geoffrey Starks urged focus on Chinese-owned submarine landing cables. In the time since the executive order was signed, these two focuses—revocation and submarine cables—have dominated Team Telecom’s and the FCC’s actions.
Section 214 Revocation: China Telecom
Days after Trump signed the executive order, Team Telecom, for the first time, recommended the FCC revoke an existing authorization. It recommended the FCC “revoke and terminate its 2007 certification that China Telecom (Americas) Corp. (China Telecom) meets the present or future public convenience and necessity requirement under Section 214.” The recommendation, however, had no formal link to the passage of the executive order and was issued under the old informal Team Telecom procedures. It listed 14 different factors weighed in its determinations but singled out four national security justifications in particular—much of which were similar to those in the China Mobile recommendation. First, the executive branch noted “changed circumstances in the national security environment,” especially “the Chinese government’s malicious cyber activities.” Second, China Telecom’s state-ownership placed it “under the ultimate … control of the Chinese government” and thus in danger of potential forced compliance with Chinese government demands. Third, the executive branch noted China Telecom had apparently failed to comply with cybersecurity and privacy laws based on inaccurate statements, both to the government and to its customers, regarding its cybersecurity practices, demonstrating “China Telecom’s lack of trustworthiness.” According to the executive branch, such untrustworthiness would hinder cooperation with law enforcement and undermine the security of any mitigation agreement.
Fourth, and perhaps most critical, Team Telecom noted that “China Telecom’s U.S. operations … provide opportunities for increased Chinese state-sponsored cyber activities, including economic espionage and the disruption and misrouting of U.S. communications traffic.” China Telecom’s role as a managed service provider, with access to networks and data centers, exposed customer data across key sectors, potentially facilitating economic espionage. Moreover, China Telecom’s numerous physical telecommunication equipment connections in the U.S. allow it to facilitate disruption and misrouting of U.S. data and communications traffic.
On Dec. 10, the FCC unanimously ordered the instituting of proceedings to revoke and terminate China Telecom’s domestic and international authorizations. The FCC rejected China Telecom’s contention that “revocation requires a finding of an egregious violation of a specific requirement,” instead contending that it can revoke § 214 authorization “because of conditions coming to the attention of the Commission that would have warranted a refusal to grant a license on an original application.” The FCC then essentially deferred to Team Telecom’s national security assessments about the risks posed by China Telecom.
China Telecom challenged the FCC’s commencement of revocation proceedings in the U.S. Court of Appeals for the Fourth Circuit on procedural grounds, arguing that “the Commission’s refusal to designate its Section 214 revocation proceedings against [China Telecom] for a hearing on the record before an ALJ … was arbitrary and capricious, contrary to law, or an abuse of discretion” and denied China Telecom constitutional due process. This was not a challenge to the merits of the FCC’s decision, merely the reliance on written submissions, rather than the lack of an on-the-record hearing before a neutral arbiter. The FCC responded by arguing that the commencement of revocation proceedings was not final and therefore not yet reviewable and thus urged the court to dismiss for lack of jurisdiction. On May 10, the Fourth Circuit accepted the FCC’s argument, dismissing China Telecom’s suit for lack of jurisdiction.
More Section 214 Revocations: China Unicom, Pacific Networks and ComNet
On April 24, 2020, the same day the FCC issued its order to show cause to China Telecom, it issued other orders to show cause to Chinese SOE China Unicom as well as to Pacific Networks and ComNet (both indirectly controlled by Chinese SOE CITIC Group), asking them to explain why the FCC should not begin revoking their authorizations. As with China Telecom, the FCC informed these SOEs that the national security environment had changed since they were first granted licenses to operate in the U.S. in the 2000s.
On March 17, 2021, the FCC ordered an institution of proceedings to revoke China Unicom’s and Pacific Networks’ and ComNet’s domestic and international authorizations. After rejecting China Unicom’s procedural concerns, as it did with China Telecom’s, the FCC laid out its basis for revoking § 214 authority. It accepted executive branch fears that China Unicom’s obligation to assist its Chinese government owners threatened U.S. national security and that its U.S. operations provided an opportunity for Chinese state-sponsored economic espionage, along with disruption and misrouting of communication. Notably, the FCC also emphasized that China Unicom’s numerous points of presence and border gateway protocol routers in the U.S. could enable it to maliciously forward or redirect Americans’ communications data to China for collection or espionage purposes. Moreover, the FCC voiced concerns that China Unicom, as a service provider, controls telecommunications systems or infrastructure and the security of these systems, placing it “in a unique position to use this access to exploit its customers.” China Unicom would thus threaten U.S. national security through its “access to personal identifiable information (PII) and [customer proprietary network information] (CPNI)” and other records associated with its customers. The order issued by Team Telecom for Pacific Networks and ComNet followed similar lines.
Submarine Cables
As recounted in the eventual FCC order, in 2017, a consortium led by Hong Kong-based Pacific Light Data Communication Co. Ltd., which is majority owned by Chinese Telecom company Dr. Peng Group, applied for a license to land and operate the Pacific Light Cable Network (PLCN)—a fiber optic submarine cable system. The other members of the consortium were Google-owned GU Holdings and Facebook-owned Edge Cable Holdings
The PLCN was intended to extend from the U.S. to Hong Kong, branching off to Taiwan and the Philippines. Designed to be state-of-the-art with the largest capacity of any trans-Pacific cable system and low costs, the PLCN was also to be the first subsea cable directly connecting the U.S. to Hong Kong. Of the main U.S.-to-Hong Kong trunk, Pacific Light Data was to own two-thirds and operate four of six fiber pairs, while Facebook and Google were each to own one-sixth and operate one of six fiber pairs. However, Google owned 100 percent of the branch going from the main line to Taiwan, and Facebook owned 100 percent of the branch to the Philippines.
On April 8, 2020, while the PLCN application was pending, the FCC granted the Team Telecom agencies’ petition for a special temporary authority (STA) for GU Holdings to provisionally continue operating for six months only the portion of the cable system between the U.S. and Taiwan. This STA was conditioned on GU Holdings accepting a provisional national security agreement. This functioned like a mitigation agreement and included various requirements such as reporting breaches, allowing audits and site visits, providing a list of all personnel who physically access the Taiwan segment, and GU Holdings’ promise to “pursue diversification of interconnection points in Asia [i.e., away from China], including but not limited to Indonesia, Philippines, Thailand, and Vietnam.”
On June 17, 2020, Team Telecom acted on the main PLCN application and recommended a partial denial and partial grant, approving only the portions owned exclusively by Google and Facebook connecting to the Philippines and Taiwan. While neither Pacific Light Data nor Dr. Peng Group are SOEs, Team Telecom nevertheless expressed concerns regarding Pacific Light Data’s connections to China Unicom and Dr. Peng Group’s “support for [China’s] intelligence and security services under [Chinese] law,” its subjection to China’s national security laws, “and questions about Dr. Peng’s past compliance with U.S. laws when acquiring U.S. telecommunications assets.” China’s “demonstrated [] intent to acquire U.S. persons’ data to harm U.S. national security” led Team Telecom to fear that approving the Hong Kong landing station “would expose U.S. communications traffic to such collection.” Team Telecom also noted China’s “recent actions eroding Hong Kong’s autonomy through the proposed expansion and applicability of the PRC’s national security laws to Hong Kong,” which rendered Hong Kong no less a threat than mainland China. In some ways, this was more straightforward than concerns around misrouting data to China in the § 214 cases, because, with the PLCN, data would already be going directly through Chinese territory. Team Telecom’s fears of data collection echoed CFIUS’s fears, and Team Telecom even cited FIRRMA’s focus on personal data and the executive order ordering Shiji to divest from StayNTouch based on data collection concerns.
Google and Facebook withdrew their application for the original PLCN in August 2020, before the FCC could rule on it. On Sept. 9, 2020, Google and Facebook filed another application for a subsea landing cable license (just for the part of the PLCN that Team Telecom had recommended granting) to connect the U.S. to Taiwan and the Philippines, but notably not Hong Kong, and, notably, without Pacific Light Data or Dr. Peng Group as partners.
Subsequently, several other cable license applications, designed, in part, to connect with the PLCN have either been withdrawn or modified to exclude passage through China, suggesting the FCC and Team Telecom scrutiny had its desired effect. On Sept. 10, 2020, a Facebook-led consortium, including Amazon and China Mobile, officially withdrew its application to connect San Francisco to Hong Kong, Singapore and Malaysia. The following summer, Facebook and Amazon resubmitted an application for a cable license to connect the U.S. to the Philippines after buying out former co-investor China Mobile. On March 11, 2021, Facebook officially withdrew another application to build the Hong Kong Americas cable connecting Hong Kong and San Francisco. Later that month, Facebook and Google announced plans for two new cables—Echo and Bifrost—connecting the U.S. to Guam and then Indonesia and Singapore directly, rather than via Hong Kong. On Aug. 15, Facebook and Google announced a new cable, Apricot, which would connect numerous Asian countries to the Echo network, by connecting Singapore, Indonesia, and Guam with the Philippines, Japan, and Taiwan—excluding Hong Kong once again.
Likely Continued Hawkishness
Following the March 17 orders, the FCC appears to remain concerned with Chinese companies’ involvement in U.S. telecommunications networks and will likely continue to heed Team Telecom’s recommendations. Acting FCC Chairwoman Rosenworcel announced that she had directed the FCC’s International Bureau to reexamine past grants of § 214 applications and “recommend options for addressing evolving national security risks.” Commissioner Starks praised the “bipartisan consensus across the federal government that American communications must be protected from companies owned or controlled by the Chinese government.” However, he also voiced concerns that Chinese carriers “own data centers” in the U.S., which store Americans’ data. This arrangement makes the data vulnerable to an order to “secretly share this data with the Chinese government.” He urged the Biden administration and Congress to expand FCC jurisdiction to protect against this threat.
Both CFIUS and Team Telecom will no doubt continue aggressive targeting of Chinese company involvement in the U.S. economy. They will do so to protect American national security against Chinese economic espionage, surveillance, acquisition of innovative American technology and theft of Americans’ data.