FCC closes another loophole for imported Chinese telco gear

Law court crime punishment

The US Federal Communications Commission (FCC) has firmed up rules to effectively ban the sale of a raft of tech and telco products from China.

Announced late last week, the update to the Secure Equipment Act makes equipment and devices produced by Huawei, ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology ineligible for the FCC’s certification programme.

This matters because despite putting these companies on its so-called ‘Covered List’ of stuff that poses a national security risk, and despite barring the use of public funds to acquire hardware and services from these companies, it was still OK to import and sell their offerings as long as no federal money was involved.

“That does not make any sense,” said FCC chairwoman Jessica Rosenworcel, in a statement on Friday. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorisation procedures with the rest of our national security policies.”

Without the rubber stamp that the FCC’s certification programme provides, a company can’t legally import and sell electronic equipment.

“The action we take today covers base station equipment that goes into our networks. It covers phones, cameras, and Wi-Fi routers that go into our homes. And it covers re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive,” Rosenworcel said. It covers video surveillance equipment too.

“I support amending our equipment authorisation programme to eliminate potential loopholes whereby equipment that is listed on our List of Covered Communications Equipment and Services (Covered List) could still be authorised and allowed to enter into the United States. Specifically, by closing the possibility of using the Supplier Declaration of Conformity process if an entity produces covered equipment, we shift oversight of these higher risk entities to the certification process. This will make sure that equipment receiving authorisation is clearly eligible,” said FCC commissioner Geoffrey Starks, in a separate statement.

In addition, the FCC will also require companies applying certification designate a representative located in the US to act on their behalf. Originally proposed by Starks, it means that anyone who breaks the rules will be subject to US law enforcement.

“If you want to be authorised to sell your equipment in the United States, we must be able to enforce our rules against you if you violate them. Full stop,” he said.

The FCC isn’t stopping here, either.

It is also mulling extending the certification programme to include components, not just products, and has invited interested parties to chime in with their thoughts. Presumably the intention here is to close off another potential attack vector for Chinese spies and hackers and restrict trade. If implemented, it would ultimately force smartphone makers like Apple, Samsung and so-on to remove any Chinese-made bits-and-bobs from their products. Given that human fallibility and software are by far the two biggest attack vectors for cyber attackers, it likely wouldn’t make much difference, but there are probably some PR points up for grabs, if nothing else.


Get the latest news straight to your inbox. Register for the newsletter here.

One comment

  1. Avatar Andy Tiller 28/11/2022 @ 9:02 pm

    Anyone seen any actual evidence of these security loopholes? Or even any explanation of how there could potentially be a potential loophole?

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.