Cybersecurity & Tech Foreign Relations & International Law

The Technical Consequences of Trump’s Telecom Supply Chain Emergency

Nicholas Weaver
Wednesday, May 22, 2019, 2:16 PM

On May 15, President Trump once again declared a national emergency to invoke legal authority to make sweeping changes to U.S. policy, this time to secure the telecommunications supply chain. I’ve already made my views clear on Huawei’s suitability for U.S. markets and the need for a blanket ban on Chinese-sourced telecommunications equipment in U.S. infrastructure.

Photo: White House

Published by The Lawfare Institute
in Cooperation With
Brookings

On May 15, President Trump once again declared a national emergency to invoke legal authority to make sweeping changes to U.S. policy, this time to secure the telecommunications supply chain. I’ve already made my views clear on Huawei’s suitability for U.S. markets and the need for a blanket ban on Chinese-sourced telecommunications equipment in U.S. infrastructure. It may surprise Lawfare readers to hear that, though it purports to address a serious security threat, this executive order actually troubles me greatly.

My biggest worry is the lack of details in the order itself. Though widely understood as a means of barring the sale of Huawei materials for use in U.S. infrastructure, the declaration does not mention any country or corporation by name, but instead gives the commerce secretary the authority to designate specific transactions, companies or countries as posing a risk to U.S. telecommunications infrastructure and to determine appropriate steps to mitigate the threat. Later that day, the commerce secretary took up the gauntlet, designating Huawei and its affiliates as threats and prohibiting the firm from purchasing U.S.-made parts, many of which Chinese suppliers like Huawei rely on, without government approval. (The department granted limited exemptions to the Huawei policy on Monday.)

If it is used only to restrict purchases of telecommunications infrastructure from Chinese firms, this would be ideal, similar to the restrictions placed in the most recent National Defense Authorization Act (NDAA) banning the use of Huawei equipment by firms providing telecommunications services to the U.S. military. (And the NDAA ban already had its desired effect—only a few secondary providers in the U.S. use Huawei-sourced infrastructure—so the order’s having that effect would be largely redundant.)

Other Huawei equipment, such as cellular telephones, does not pose the same security risks. For the typical person who doesn’t have to worry about Chinese intelligence, the security risks are no worse than any other non-Google Android phone. Many companies might be perfectly satisfied with Huawei network switches. It is the combination of China’s adversarial interests in espionage with the particular nature of telecommunications infrastructure that makes Huawei unsuitable for that sector. It is also not the U.S.’s job to keep other countries from shooting themselves in the foot. If a country wants to let China’s spy services operate on easy-mode, it is their decision, not ours. Attempting to eliminate Huawei’s global competitiveness by forbidding sales to Huawei from U.S. firms is about affecting Huawei’s global standing, not just its standing in the U.S.

There is already significant indication that the scope intended by the combination of the White House order and the Commerce Department finding is much more like the ZTE “death sentence,” a blanket ban on sales to that firm. Reporting suggests that both Google and Xilinx (the leading vendor of field programmable gate arrays, programmable chips that often form the glue holding together complex digital systems) are cutting most ties with Huawei as a result of this order. Although rules are not yet in place, many companies seem to believe this is going to be a blanket ban after the 90-day temporary extension expires.

Such a blanket ban is bad for long-term U.S. interests. Sales by Google, Xilinx and others to Huawei and other Chinese firms for telecommunications components do not harm our national security. As just one example, preventing future Huawei phones from accessing Google’s ecosystem by revoking Huawei’s Google Play license will eliminate the critical Android updates that are now bundled in the Google Play store rather than the core Android OS. How would making phones weaker around the world act to secure users against Chinese intelligence activity?

The widespread presence of U.S. technology in Chinese equipment also gives the United States leverage in our sanctions programs. The ZTE case demonstrated clearly how having U.S. components in Chinese telecommunications equipment can prove a powerful tool for enforcement and negotiation, a tool we are already in danger of losing because of the reaction to the ZTE incident. I would expect a continued “de-Americanization” of the global electronics supply chain as a consequence of this decision.

It is urgent that the Commerce Department issue some additional guidance. Is the intent to simply limit Huawei systems in U.S. telecommunications, or is the intent to isolate Huawei? Would some installations of servers, workstations or Motorola cell phones made by Lenovo, a Chinese firm, apply? If so, under what circumstances? What about hardware and software from Israeli and French firms? The longer we lack guidance about the Commerce Department’s intentions, the more damage this order’s ambiguity may create.

Even if the negative side effects of the president’s order are simply a case of incompetence rather than deliberate malice, it would be hard to blame foreign buyers of U.S. computer components for avoiding American-sourced components in the future. We are no longer a country that can be trusted.


Nicholas Weaver is a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and Chief Mad Scientist/CEO/Janitor of Skerry Technologies, a developer of low cost autonomous drones. All opinions are his own.

Subscribe to Lawfare