Scott R. Anderson

This fall marks 15 years of lawfare and we're celebrating the only way we know how by gathering our community of readers, listeners and contributors for an in person celebration in Washington D.C. get your tickets today@lawfaremedia.org 15 years.

Darina

Hi, I'm Darina, co founder of OpenPhone. My dad is a business owner and growing up I'll never forget his old ringtone. He made it as loud as it could go because he could not afford to miss a single customer call. That stuck with me when we started OpenPhone. Our mission was to help businesses not just stay in touch, but make every customer feel valued no matter when they might call. OpenPhone gives your team business phone numbers to call and text code customers all through an app on your phone or computer. Your calls, messages and contacts live in one workspace so your team can stay fully aligned and reply faster. And with our AI agent answering 24. 7, you'll really never miss a customer. Over 60,000 businesses use OpenPhone. Try it now and get 20% off your first six months@openphone.com tech and we can port your existing numbers over for free. Open Phone no missed calls, no missed.

Advertisement Voice

Customers Imagine a world of extraordinary comfort where Bolen Branch Bedding wraps you in the softest. Embrace the coziest experience made from the world's finest 100% organic cotton, all so you can sleep better. Start building your fall sanctuary with Boland Branch's iconic signature sheets made with a buttery, breathable weave that gets softer with every wash. Enjoy 15% off your first set of sheets with free shipping and returns at B O L L& Branch.com with code BUTTERY. See site for details and exclusions.

Adam Chan

We discovered that actually something like 75 to 80% of the testing that's done for devices that are sold into the US Is done in China, which is really I you know, most national security professionals, you know, their jaw sort of drops as I say that, given how sensitive this function is.

Scott R. Anderson

It's the Lawfare podcast. I'm Senior Editor Scott R. Andersen for today's episode. As part of our special the Regulators series, Contributing editor Brandon Van Grack and I sat down with Adam Chan, the National Security Council at the Federal Communications Commission.

Adam Chan

Something sort of to note about the covered list if, for example, Huawei phones are on the covered list. So Huawei cannot get its phones authorized to be sold in the U.S. that said, Huawei has a lot of equipment that's already authorized that was authorized before Huawei equipment was added to the covered list. And our rules took effect in February of 2023. And so a 2022 model Huawei phone can still be imported or sold in the US with no restrictions at all.

Scott R. Anderson

Today we're Talking about the FCC's growing and increasingly important national security work.

Brandon Van Grack

I think to start, you hold multiple roles in the national security espieta at the fcc. The first counselor in national security. You chair the Council on National Security. Similarly sounding, different titles and responsibilities. And before we get into what those are, wanted to talk a little bit about your, your background that positioned you to hold these particular roles at the fcc.

Adam Chan

I think most relevant piece of my background probably I worked on the House Select Committee on the Chinese Communist Party that was set up a couple years ago. Sort of the thinking behind that select committee was that the national security issues, particularly threats from, from China, span a whole range of different committees of jurisdiction. Right. So it's not just a military threat, but it's also not just a technological or economic regulation threat, et cetera. And so rather than sort of just having like Committee on Foreign Affairs, Armed Services Committee, Energy and Commerce Committee, Financial Services Committee, all sort of tackle this problem segmented to have a committee that can look at the sort of whole landscape. So my role there when I was working on sort of a whole range of kind of legislation, oversight, etc. Was to kind of survey the landscape of the different authorities there are out there on national security that could be leveraged to promote US Interests with regard to the CCP in particular there, as part of that, we got to know a lot of different things the US Government can do. Authorities. It has a lot of what Congress has, the executive branch, et cetera, one of which obviously is in the sort of telecom communications sector space. So now being at the fcc, able to sort of drill down into a somewhat narrower area, but still sort of use a lot of the authorities the FCC has to tackle the problem.

Brandon Van Grack

So it sounds like you transitioned from talking about regulation and regulatory action to in fact being one of the regulators. And so let's talk about that. For example, your position as chair of the Council on National Security and as a National Security Council, what is the jurisdiction, what is the purview of your role, but also that group.

Adam Chan

Yeah, it's definitely nice to transition from Congress to the Executive branch. I think it's certainly a lot easier to get things done when you don't need to do, you know, bicameralism and presentment and don't, don't need to get even. You know, 435 House members, you know, majority to vote so it is nice being a regulator in that sense, but yet in terms of my role. So when Chairman Carr was, you know, announced that he would become chairman, he brought me in to be sort of his lead advisor on national security in his own personal office. There historically has not been sort of a single point person advising the Chairman on national security issues. Traditionally, the way it's worked is it's been sort of divided mostly by kind of, you know, type of telecom, you know, something like, oh, there'll be the wireline advisor and the wireless advisor. Even though sort of both of those cover some areas of national security. My role, I sort of look at sort of all the different things the different bureaus and offices at the FCC are doing. That touch on national security kind of head up that work kind of as part of this role. One of the first things Chairman Carr did on becoming Chairman was establish this new Council on National Security that's internal to the fcc that I think really does a lot of actually somewhat similar to the China Committee that I discussed earlier in the sense of historically, you know, the FCC I think has like 15 different bureaus and offices. Almost all of these do some work that touch on the national security issue. And so we have different bureaus and offices often engaging in regulatory actions on national security without necessarily sort of coordinating or having a kind of unified approach. And so through this council that I direct, it has representatives from all the different relevant bureaus, both the chiefs of the bureaus or offices, as well as sort of other lawyers there who can specialize in the national security space. And the basic idea is to one, encourage kind of information sharing, but also sort of allows for kind of unified agenda, sort of common themes, and allows a sort of united approach to the national security issue. I mean, I can talk in more detail about that, but I mean, it's both sort of getting the kind of regulatory bureaus and offices talking to each other. But we also then can integrate the regulatory functions with the Office of General Counsel, which then has to defend the actions in court, as well as the Enforcement Bureau, which can bring enforcement actions for violations of our rules.

Brandon Van Grack

Maybe one question before maybe jumping into sort of the FCC and making sure we understand the role it plays. But what about interagency coordination? Does the Council play a particular role? Because some of the areas and the regulations and areas that we're going to talk about have a significant interagency component to it. And so what role do you, or what role does the Council play in terms of dealing with those?

Adam Chan

That is something particularly in the national security space where all of these issues touch on the authorities of a whole range of different agencies. And so we work very closely and are frequently talking with a range of interagency partners, whether that's the ICTS office at Commerce or doj, National Security Division or DHS or what have you, or the White House. I think it's definitely helpful to have those connections as well and again be able to have for those sort of more national security focused agencies like National Security, points of contact that sort of can speak on behalf of the FCC as a whole.

Brandon Van Grack

And just a point of order, because you said the acronym icts. Can you just tell what is icts?

Adam Chan

Oh, yeah, yeah, sorry, sorry. So icts, I think. What does the acronym stand for? Information and Communications Technology and Services. This is an office in the Commerce Department, Bureau of Industry and Security, that basically regulates information communications technology for national security risks. After an executive order from 2019. It's a recent office that's been stood up that has a lot of overlapping and intertwined authorities with the fcc.

Scott R. Anderson

I want to dig a little further into what the Council is doing and what the FCC is doing, particularly around a couple of issues. But I think it's useful to step back and talk about this at a higher level for listeners who may not be familiar with the FCC and its work and how it intersects with national security. When you say National Security Agency, FCC is not at the top of the list. It may not even be on the first page in most people's minds, I suspect. But it is an agency that is increasingly active in this space that we've talked to other folks from on this podcast, notably digging into it. And so this is kind of a part of an FCC series we've been having. It is really interesting the areas where it intersects. So talk to us a little bit about that. Where does the FCC situation in the broader national security interagency landscape and why has that made it more of a national security agency or at least more integral to national security concerns, among other concerns in recent years, particularly in this era of major power competition being the primary national security driver?

Adam Chan

Yeah, no, it's a good question. I mean, definitely. I think I speak to a lot of people who didn't know the FCC even really does national security. But actually in many ways it's sort of an interesting kind of return to the FCC's roots when Congress first established the FCC in 1934 in the Communications Act, Section 1 of the Communications act, that sort of grants the FCC broad kind of public interest regulatory jurisdiction and establishes the purposes for which the FCC should regulate. The sort of two purposes of Section 1 were, one, to increase access to communications technology, but the second was for the purposes of national defense. So this was sort of front and center of how Congress was thinking about this. I know outside the Chairman's office there's sort of a wall of photos of sort of past chairs of the fcc and like the first few are in full military dress because this, this really was thought of as a national security agency given how central communications technology, whether it's sort of radio as initially conceived or now a much broader scope, is to national security. And I mean, I know, you know, listeners all I'm sure have seen in the news, you know, things involving, you know, Starlink and satellite communications in Ukraine or drones and other sort of connected devices that the FCC regulates and how they have sort of obvious national security impacts and that kind of thing. And the sort of whole sort of command and control structure of the military depends on communications technology as well as, you know, just any sort of advanced technology now all involve, you know, sort of technology products that are connected, have, you know, sort of Bluetooth and WI fi connectivity, all of which sort of come within the kind of FCC jurisdiction they rely on, you know, things like submarine cables that carry most of Internet traffic and what have you. So I think both the sort of advances in technology as well as the sort of, as you say, great power competition have made the FCC more relevant. Recently, you know, the FCC has been engaged in a variety of things. Some of these have been involved in sort of traditional telecom like we denied or revoked international telecom licenses to, you know, some of the major Chinese carriers. We have this rip and replace program concerning Huawei and ZTE equipment in telecom networks. The FCC also is a licensor. So we license a whole range basically, you know, from media to radio to telecommunications services to radio frequency devices. So think like basically any tech product emits radio frequency. You know, this things think, you know, phones, computers, drones, connected vehicles, any smart device you have all have to get authorized by the FCC to be imported or sold. In the US we license all satellites and submarine cables. And so there's a range of communications technology there. Some of these licenses we refer to team Telecom, which is national security agencies that can review some of these for, for national security risks. Congress has also stepped in in recent years. In 2019 they passed the Secure and Trusted Communications Networks act. And then in 2021 they passed the Secure Equipment act, which both sort of gives us new sort of national security authorities and obligations, particularly around certain what's called covered communications equipment or services. These are communications equipment or services that a sort of national security entity or Congress have determined to pose unacceptable risks to national security. And so as part of that sort of, we are sort of more empowered and also have obligations to look at some of these national security issues.

Scott R. Anderson

So the Council on National Security and your role in IT and kind of in the SEC generally suggests the FCC is really trying to adapt to these new demands on its role, understanding national security as part of its mandate, an increasingly important part of its mandate, or one that maybe requires some adaptation to do effectively. Talk to us about what that adaptation looks like. What is the Council on National Security doing or pushing for in the FCC and the FCC's interactions with both interagency and international partners. That may be a little bit different way about how the SEC has gone about its work in the past to address these new challenges, most of which are arising from particularly China, Russia to some extent as well. But these other major power competitors that are unlike Al Qaeda and terrorist groups and national security threats of yesteryear, competitors in these spaces. So talk to us what's being done differently. We had a long conversation with Leon Igal, who was previously the head of enforcement at fcc. We dug deep in some of the enforcement actions that have been a growing activity. We know that's one slice of what the FCC is doing. Talk to us about the other areas and how they integrate and what the Council is doing to coordinate them.

Adam Chan

Yeah, I mean, so Chairman Carr, I think, has long prioritized national security. And so I think we, the FCC is looking to do more in this space. And I think that's why he brought me on, set up this council, etc. The council, when it was announced earlier this year, was announced with sort of three goals in mind. All, as you say, kind of pointed directly at the foreign adversary threat in particular, which, which we see as sort of most significant. The sort of first of these was to like mitigate and reduce supply chain dependencies and other risks there, like dependencies on and reliance on foreign adversaries. Second was to reduce vulnerabilities to cyber intrusions like surveillance or espionage from foreign adversaries. And then the third was to win the strategic competition for the technologies of the future to win against China. I think with these three goals in mind are sort of guiding a lot of the FCC's national security work, either sort of advancing one or both of those. I think we've rolled out, and I think we will continue to roll out a sort of steady drumbeat of new regulations that help both protect American communications networks from foreign adversaries, as well as hopefully promote and sort of promote innovation. And, you know, Chairman Carr just launched this Build America agenda, which is not sort of national security focused specifically, but obviously as we sort of increase, you know, U.S. infrastructure investment, that that obviously helps us from a national security perspective as well. I think some of what the Council's been doing differently, as I say, I mean, some of it is just a sort of unified agenda approach. So a lot of you've seen a lot of our new sort of regulations. We've been using sort of common terms and themes and getting sort of getting regulations that come out of different bureaus to advance and adopt sort of similar or the same kind of regulatory frameworks. Another thing, I mean, I know you talked with Loyan, as you mentioned, who headed up enforcement in the previous administration, that I think now one thing the Council does very well, I think, is to integrate the Enforcement Bureau with some of the regulatory bodies. So one of the first actions the Council publicly announced was this investigation into entities identified on the FCC's covered list. I'm sure we'll get into the covered list later, but those basically sort of entities that have been found to pose national security risks. Think Huawei, China Telecom, China Mobile, that kind of thing. We previously revoked their international telecommunications licenses, but we have reason to believe, or had reason to believe that they're still providing a lot of services and engaging in operations within the United States, whether that's supplying data centers or engage in white labeling of their products or that kind of thing. And so the Enforcement Bureau launched a big sort of led on a kind of big investigation into this. But this is sort of done in cooperation with the Council because I think sort of our hope here is sort of not, not only to bring potential penalties should we see violations of our rules, but also to help inform kind of future regulatory actions and new rules that can actually crack down on some of these operations that are perhaps exploiting loopholes in the FCC's existing rules. Chairman Carr calls this ending the end run around our rules. And so I think there, I mean, that's sort of just an example of kind of how the Council can help sort of function and make the FCC into sort of a more collaborative sort of agency when it comes to national security.

Scott R. Anderson

I want to dig into some of these specific actions. Before we do that, I want to tackle one other aspect that has come up, I think, in a lot of conversations Brandon and I have been having with people working in the regulatory side of national security agencies over the last few years who've been doing this podcast series. That's this question of international cooperation, because obviously telecommunications has a strong international component, and the telecommunications industry is of national security concern in the United States. Not just in the United States, but also in Europe and other territories where we have business interests, we have political interests, and where China, Russia, other adversaries are also seeking influence. Talk to us about the international side of this. How does the FCC approach the diplomatic half of the job or the law enforcement and intelligence cooperation coordination part of its job? And is that a growing part of what the fcc, the National Security Council, are considering doing?

Adam Chan

Yeah. No, I think it is particularly important, especially one. I mean, it's part of the strategic competition with other great powers. The FCC works closely, especially with the State Department, on some of the diplomatic outreach involved in sort of U.S. representation at international organizations such as the ITU, the International Telecommunications Union. That sets a lot of the global standards here where there is really fierce competition between the U.S. and particularly in China. There's sort of. We also sort of engage with, you know, other sort of regulated entities to sort of help promote, you know, trusted technology and clean networks abroad. We, you know, engage our counterparts as the sort of telecom regulators in other countries. Often I think we can come in as sort of trusted partners there that aren't necessarily just sort of beating the drum of rah rah Americanism, but can sort of also provide a kind of technical, kind of independent evaluation. You know, here are the actual vulnerabilities or risks if you use Huawei equipment, for example, that I think is often helpful as well as, you know, trying to get our allies and partners to adopt sort of similar measures. So I know I was on a recent podcast talking about the submarine cable rules we adopted recently, but I've been having other sort of international engagements with counterparts in allied countries to help sort of promote and sort of socialize these the sort of regulations. We have to obviously get some of our allies to adopt similar measures so that there can be sort of harmonized rules which then helps like, promote connectivity between those allies and helps ensure that our allies also have sort of similar kind of national security protections of their networks.

Scott R. Anderson

So let's move on and talk about some of the specific things the SEC has been up to in the last few months. Better half of a year that you've been there and that this administration has been in place. One issue we should flag for people, but that you've already done a long conversation with us for with our colleague Justin Sherman, one of our contributing editors at Lawfare a few weeks ago on the Lawfare podcast is undersea cables really important, really interesting issue, really interesting things FCC is doing there. We're not going to talk about that here because you've already done a very deep dive with Justin. So folks who are interested in that should look back in their podcast feed, look for that episode. We've got some other things that we also want to talk about in terms of what the FCC is up to. Brandon, I'll hand it back to you for that.

Brandon Van Grack

Yeah, again, I think getting the specifics will help listeners fully appreciate all the touch points the FCC has undersea cables. Again, great podcast and you could spend a whole nother one talking about their import. So let's move on to another topic because again, FCC has been, I think, remarkably busy in this space. And let's talk about the so called bad labs rule because I think most people, even in the national security space, if they hear the term bad labs, they think of COVID especially if you're talking China. And that's not what we're talking about. So I say this because maybe you can help set up what is the particular issue or concern that was the basis for the new rule and order that you all announced.

Adam Chan

It's actually really a sort of fascinating issue that I wasn't tracking until recently. Most national security professionals I've sort of raised this with also were not tracking this at all and didn't even sort of understand this was an issue. But I think it's worth taking a step back, just sort of listeners can kind of understand the FCC's authorities and our sort of equipment authorization process. Basically any what's called a radio frequency device. So again, think basically any connected product phones and computers to smartwatches, baby monitors, AirPods, AirPods, et cetera. I mean you've probably seen little FCC logo on your devices that's a sign that it got an FCC authorization. So in order to import or sell into the United States any of those devices, you need an FCC authorization. And so that's it's one of our sort of most and we have sort of broad, pretty sweeping sort of authority to kind of regulate these in the public interest. So it gives us a lot of lot of authority there. One other sort of background point I'll flag that's kind of relevant for the bad labs I mentioned earlier, the covered list, this, this was something Congress set up in the Secure Networks Act, Secure Equipment act. It's basically list of communications equipment or Services that another entity have found to pose unacceptable risks to national security. The Secure Equipment act actually required us to prohibit the authorization of any communications equipment that's actually listed on the covered list. So some, some things on the covered list, for example Huawei telecommunications equipment or hikvision communications equipment, they make a lot of surveillance cameras a Chinese military company. And so part of this is now they cannot get their new devices to be authorized and sold within the US.

Brandon Van Grack

Is it technology specific or company specific? When we talk about the covered list.

Adam Chan

The initial covered list was set up, gave out the sort of wrong impression to a lot of people, but it's actually a list of equipment and services as opposed to a lot of the other sort of bad guy lists that the US Government maintains, such as the Commerce Department entity list or DoD's Chinese military company list that actually identify specific entities or, you know, ofac sanctions that actually identify specific persons, companies, entities that pose national security risks. This actually identifies specific equipment or services now that can be associated with entities. But again, the Huawei is not listed on our covered list. Huawei, like telecommunications and video surveillance equipment produced by Huawei and any of its affiliates and subsidiaries, is on our covered list. And so that is, that is a relevant distinction. And then that, that also means, for example, certain equipment on our covered list. It's, it's not all the equipment produced by that entity. For example, I mentioned hikvision earlier. It's actually hikvision equipment only insofar as it's intended to be used in critical infrastructure or government facilities or something like.

Brandon Van Grack

That, then that's the foundation that there are some equipment and services where there can't be an authorization. But the point is many can receive an authorization and that you issued a new rule and order that pertains to that authorization. Let's talk about what that entails.

Adam Chan

Right. So as part of the authorization, which again is sort of critical to this like vast sector of the economy, I mean like literally trillions of dollars in goods sort of passed through this, the FCC authorization process for a lot of the equipment. Basically anything that sort of intentionally emits radio frequency, I don't need to sort of bore the listeners with sort of the very minutiae of sort of which specific devices. But many of the most sort of important or risky devices need to get go through this process called certification, where they're tested in a lab and then certified by a telecommunications certification body. For a long time, FCC rules were focused exclusively on sort of technical requirements. So again, does this emit harmful frequency that's going to interfere with communications networks. Does this operate at the right power levels? Does this operate how it, you know, said it does in the manual, that kind of thing recently, and obviously that sort of critical work recently. In addition to that, these sort of labs and certification bodies are now also responsible for making sure the equipment is not covered equipment. The FCC does not itself inspect every new device, but instead of these sort of tens of thousands of devices that are authorized each year, we rely on the certification bodies to say no, this, this we certify, you know, this is actually not a Huawei phone or that kind of thing.

Hesu Jo

Ever feel like you're carrying something heavy and don't know where to put it down? Or wonder what on earth you're supposed to do when you just can't seem to cope? I'm Hesu Jo, a licensed therapist with years of experience providing individual and family therapy, and I've teamed up with BetterHelp to create mind if We Talk, a podcast to demystify what therapy's really about. In each episode, you'll hear guests talk about struggles we all face, like living with grief or managing anger. Then we break it all down with a fellow mental health professional to give you actionable tips you can apply to your own life. Follow and listen to Mind if We Talk on Apple Podcasts, Spotify, Amazon Music, or wherever you get your podcasts. And don't forget, your happiness matters.

Advertisement Voice

Did you know adults 60+ lose more than $60 billion each year to financial exploitation? Greenlight's new Family Shield plan empowers you to monitor your accounts for suspicious activity, protect yourself with up to $1 million identity theft coverage, and reassure loved ones that you're safe with location sharing and place alerts. Get peace of mind today@greenlight.com protect. That's greenlight.com protect. I'm no tech genius, but I knew if I wanted my business to crush it, I needed a website.

Hesu Jo

Now, thankfully, bluehost made it easy.

Advertisement Voice

I customized, optimized and monetized everything exactly how I wanted with AI. In minutes my site was up.

Hesu Jo

I couldn't believe it.

Advertisement Voice

The search engine tools even helped me get more site visitors. Whatever your passion project is, you can set it up with Bluehost with their 30 day money back gift. What have you got to lose? Head to bluehost.com to start now.

Brandon Van Grack

In terms of understanding the impetus for the rule and order, are there particular instances and issues like understanding the potential for there to be an issue is the foundation for this the awareness that in fact there were some issues with some of the tests and some of the labs, and therefore figuring out how to address those issues.

Adam Chan

So the basic idea of the rule is now that we sort of gain new insight into how critical these labs and certification bodies are wanting to make sure we can actually trust them to do the important work they're doing. And so especially as we're now sort of moving into this foreign adversary competition, we noted a lot of these labs were actually owned or controlled by really problematic entities that would sort of raise red flags in any kind of basic kind of national security due diligence review, for example. I mean, I think sort of most notably, and it sort of illustrates how kind of almost silly this is. But we learned last year, I think it was, that there was a lab that was owned by Huawei. So you had a Huawei owned lab that was responsible for testing all the tech devices that could be approved into the United States. And you know, the FCC is supposed to rely on the Huawei tests. And also, you know, Huawei equipment is itself banned in the U.S. you know, are we going to trust that Huawei can actually certify? Yes, this is not Huawei equipment, we promise. And I mean, so I think that sort of illustrates kind of how the FCC got involved in this. Looking closer, we discovered that actually something like 75 to 80% of the testing that's done for devices that are sold into the US is done in China, which is really, I think most national security professionals, their jaw sort of drops as I say that, given how sensitive this function is. And so I think we see sort of major concerns with some of these untrustworthy entities. I mean, one, like, are they just giving us accurate results either about whether this involves sort of covered equipment or like, is this emitting harmful frequency? Like, can we trust the results we're getting? There are also issues. It's not a secret, but you know, China has engaged in sort of decades long campaigns of IP theft around sensitive technology. Is it a good idea to be having these labs, many of which are owned directly by the Chinese government, doing a sort of deep dive into all the latest technology products that are being sold in the U.S. can we trust that sort of IP will be protected, that malware won't be inserted? That even just having these sort of bad guy entities learn so much about the US market and the sort of products that are sold raise major concerns? And these were concerns that some of our national security partners raised. And some concerns I think we see as pretty obvious. And so sort of thinking through that I think was very Much the impetus behind sort of the rule we adopted in May, which I mean sort of kind of brief overview and can go into more details if you want. But we adopted it in May. It was unanimously approved by all five commissioners. Again, sort of a sign of bipartisanship at the FCC on national security issues that has continued since, you know, the first Trump administration and Chairman Pai, through the Biden administration and Chairwoman Rosenwortzel and now Trump too, and Chairman Carr. But the basic idea is to prohibit the use of test labs and telecommunications certification bodies if they are, you know, owned by, controlled by or, you know, subject to the direction of any what we describe as prohibited entities. And we define prohibited entities, again with reference to both basically entities on any of the government bad guy lists that I mentioned earlier. And that includes foreign adversary countries. So it would include something like a lab owned directly by the Russian government or owned directly by the Chinese government or something, something to that effect. We also sort of adopted a kind of further notice of proposed rulemaking where we proposed to go a step further and actually ban the reliance on of any lab in any foreign adversary country. Obviously that raises pretty substantial supply chain disruption potential. And so we're also actually in that further notice seeking comment on how we can sort of engage in a kind of reshoring near shoring friends shoring exercise where we actually can accelerate the build out of testing capacity in the US and allied countries with whom we have mutual recognition agreements or other sort of agreements there that we can sort of obviously trust a lab in the United Kingdom more than we can necessarily in Russia or something to that effect.

Scott R. Anderson

Let's talk about another proposed rulemaking that you guys have put forward that's changing the way FCC has done something and that's about foreign ownership notifications and disclosures as I understand it. Although correct me if I'm getting some of the details wrong on this, you all are proposing a shift, shift in how the SEC does a range of disclosures from a more general foreign ownership disclosure requirement that applies to a variety of subsets of services products, licensing conditions to something that focuses much more on requiring more disclosure for foreign adversary linked services and companies. Talk to us about that shift and what it is intended to accomplish. What is falling short of the current disclosure system and why do you think this is a better approach and particularly where it's applying? Why is it that you're focusing on the areas on the questions, the information you want to gather that you are focusing on in this proposed rule for.

Adam Chan

Those who sort of know anything about the fcc. From the very beginning, some actually required by the Communications act, some through rules, the FCC has had foreign ownership reporting requirements or restrictions for a range of media. I mean, I think most people are probably tracking that. You know, there are limits on certain, you know, foreign government ownership of broadcasters or that kind of thing. And so the FCC does collect foreign ownership reporting in a range of contexts. I think we see this as deficient in a number of respects. I think the sort of first and kind of most obvious one is usually this information is either like not public or like hidden on some FCC database in a PDF file. You know, at some point that was very difficult for the public to access. And so a lot of this is actually sort of informing the public of some of these risks. It's kind of in line. There's actually a bipartisan bill in Congress called the FACT act, which passed almost unanimously out of the House recently. But our action is pretty in line with kind of where Congress is here. But we adopted again a couple months ago, again, unanimously, a notice of proposed rulemaking that would basically collect information from all licensees that get an FCC license authorization permit, etc. So again, radio licenses, space licenses, TV licenses, submarine cable licenses, radio frequency, like, equipment authorizations, like we just discussed, to sort of run the gamut of that so that we could sort of understand the landscape better. What we're specifically looking for certifications of which of these entities are owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. That's a definition that we've adopted in sort of many of our actions recently. It's taken from the Commerce Department's ICTS office, which I mentioned earlier, again, trying to sort of harmonize these standards both within the FCC and then across the government. I think our goal here, again, to your point, how is this different from what we've been doing in the past? I think it's different in two primary ways. First of all, it's much more comprehensive and it's not just limited to certain licenses, whereas other licenses don't have to do the foreign reporting. It's also a harmonized standard. So it's not a different reporting requirement for a radio license than a TV license or something like that. And so I think some of that will also hopefully help kind of reduce some of the burden and regulatory burden. Like, like there's a clear standard here. But also the sort of second is, rather than sort of foreign ownership generally, it is specifically looking at foreign adversaries that I think we see, you know, particular risks there that, say, don't arise if, say again, a British person or a British company develops, owns a telecom network in the United States that does not sort of pose the same kind of national security concerns as might be had if a Russian company did, or an Iranian company or any of the other sort of foreign adversaries. And I should say sort of brief aside here, that sort of, when I say foreign adversaries, referring to, again, the sort of list of six foreign adversaries that the last three administrations have determined to be foreign adversaries, that's China, Russia, Iran, North Korea, Cuba and Venezuela. And so we've just sort of adopted that, relying on the executive branch determination there. I think another point I'll make on the sort of foreign ownership point, I think it's sort of broadly in line also with something I talked about on the submarine cable podcast, the America First Investment policy memo that the President came out with earlier this year, which basically recommends for a lot of sort of inbound and outbound investment transactions, a sort of hard line on foreign adversaries, while a streamlined and welcoming approach for American investment, for allied investment. I think we see some of that here as well, actually. If we could sort of potentially reduce the reporting burden for foreign ownership reporting in some areas, as long as we have this sort of rigorous reporting for foreign adversaries, I think that's definitely a sort of goal of the Commission generally and something we're sort of moving towards and hoping to kind of finalize this rule soon.

Scott R. Anderson

So this move strikes me as particularly interesting because in some ways it actually could be framed as national security concerns replacing and eclipsing more traditional policy concerns, motivating FCC actions as I have understood them. Well, maybe I'm off base on that because you can imagine a variety of policy reasons unrelated to national security why you would care about foreign ownership. For a much broader universe in foreign adversaries, you could be concerned if our picking something random. Our drone industry started to be dominated by Indian companies, not because India is a country with our relationship. We would not want to make them a foreign adversary, put them on a foreign adversary at least most weeks. But they are a company where you can see a future where their overweighted influence in a particularly sensitive industry could be a point of concern. That has always been my understanding of how the SEC approaches this foreign ownership question, which is that really any sort of foreign ownership could be a concern. We have to map it and get the landscape. Now, I understand you're not replacing foreign ownership requirement. They're not saying these don't exist more generally, but it really seems to be so focused on this universe of foreign adversaries in a way that is, like you said, kind of deburdening a variety of other sort of rivals. I'm just curious how much of this is really saying the national security concerns are the dominant concerns of the space and the broader competition concerns or foreign influence, for reasons that aren't tied up with those foreign adversaries are kind of secondary to that primary national security objective.

Adam Chan

Right. I mean, and it's not like those don't matter. And in some spaces, Congress has mandated certain reporting, and certainly we're not looking to adjust that. I mean, in certain traditional areas, I think it is certainly important to be concerned about other sorts of foreign influence. But I think there's at least a particular and acute concern now, just given what we've seen on the national security threats. And so therefore, having a sort of publicly available list of the licenses that we have given out that are owned by, controlled by, subject to the jurisdiction or direction of foreign adversaries can hopefully both inform us as well as inform industry as it makes investment decisions and for members of the public and consumers as they're making decisions. And so I think that transparency will be helpful. I'll also note, I mean, I think of relevance to our discussion earlier, I think this really is a good example of sort of the role that the Council on National Security can play very well. Like, this was an action that was sort of, you know, the Wireline Bureau sort of took the lead and kind of drafting this, but it was really a sort of whole of commission effort because again, they're sort of licenses given out by a whole range of different entities. And so again, sort of having a harmonized approach where, you know, if you read the notice of proposed rulemaking, it's sort of fun if you want to learn about the fcc, because we have a long list of licenses and authorizations and permits that we give out and sort of proposing to collect reporting information on all of these, once again, can also sort of help kind of harmonize what the commission is doing in all of these sort of different contexts.

Brandon Van Grack

So let's talk about another area where you all are taking actions in a space that people might not fully appreciate, but impacts many of us, which is automated vehicles. So can you talk to us a little bit about the FCC's role with respect to automated vehicles and what's in fact happening?

Adam Chan

So, first of all, on the kind of FCC's role. So once again, and here's where the Sort of FCC authorities are often kind of niche. We're not the main automobile regulator. We defer to sort of Department of Transportation to set road safety standards and you know, the EPA to set, you know, fuel economy standards and Department of Energy to it. Right. So there are a whole range of actors here. Where the FCC comes in is if a part in a car has connectivity features, uses blue like your Bluetooth or WI Fi in the car, that's using some part, it's using wireless spectrum that the FCC regulates. And so that's where the FCC comes in and has authority over this space. There's a rulemaking the FCC did a few years ago to sort of help, we allocated a specific band of spectrum for connected vehicle technology to help enable this growth industry. As you say, that sort of, kind of most recent thing the FCC has been looking at. The Commerce Department's ICTS office issued rules earlier this year in the winter on connected vehicles, specifically connected vehicles, as well as certain hardware and software within connected vehicles, if they are designed, developed, manufactured or supplied by any person owned by, controlled by or subject to the jurisdiction or direction of a foreign adversary, basically poses sort of very sweeping sort of prohibitions on any transactions involving these technologies, this equipment, the software. They delayed those rules a couple years to 2027 or 2029, depending on the sort of specifics within the rule. But as part of this action, they made like a determination that the sort of what they called vehicle connectivity systems, hardware and automated driving systems, again, basically anything within a vehicle that's connected, that these when has the foreign adversary control pose unacceptable risks to the national security of the United States. And that sort of determination in that language triggers our covered list under the statute Congress set up. And so we put out a kind of public notice a couple months ago asking for public input on our assessment that this means we have to add that sort of technology, the sort of connected vehicle technology to our covered list. Usually we don't actually put out a public notice getting public input at all when we add something to the covered list because oftentimes the determinations are very straightforward. This Commerce identified a sort of broader array of technologies. And also for the first time, the specific determination did not name specific entities, but took this much broader approach. And so sort of figuring out exactly how to tailor our action so that it's consistent with the statute is something we got public input on.

Brandon Van Grack

We're considering now, I assume part of that as well is trying to appreciate how much of this technology is in fact relied on by manufacturers to figure out the impact of placement on the COVID list because some of the rules with respect to some of the implementation with respect to automated connected vehicles anticipates a delay because it will lead to disruption. And I would assume anticipate that part of the input from the public is trying to figure out how to right size that.

Adam Chan

Yeah, well, so it's actually interesting. So Commerce and ICTS was very conscious and in their rule they say, okay, we find unacceptable risks in national security, but we need to balance that against concerns to industry disruption, et cetera. The FCC is actually not allowed to engage in that balancing exercise. So we actually can't consider the sort of supply chain disruption. Right. So it could be that the entire economy would collapse. And like that's because we're statutorily obligated to add to the covered list any equipment that's found to pose unacceptable risks to the national security of the United States. That said, I don't believe, you know, if we do end up doing this action, I don't believe it would disrupt the entire auto industry or cause any sort of really substantial harm beyond what sort of the Commerce rule already has. Because in many ways I actually think the FCC action could work in tandem with Commerce. The FCC action is much narrower in scope. I mean it would not sort of include the vehicles themselves, just sort of these certain connectivity features. There's not this sort of broad enforcement against any transaction. It relies on sort of self attestation at the enforcement stage. It also sort of, perhaps most importantly comes with a kind of built in glide path for industry because I mean something sort of to note about the covered list. For example, Huawei phones are on the covered list. So Huawei cannot get its phones authorized to be sold in the, in the U.S. that said, Huawei has a lot of equipment that's already authorized that was authorized before Huawei equipment was added to the covered list. And our rules took effect in February of 2023. And so a 2022 model Huawei phone can still be imported or sold in the US with no restrictions at all. Inquiry whether that's a good idea or whether consumers should buy those phones. But in the connected vehicle space, let's say we were to add that to the covered list tomorrow. That means a Chinese company would not be able to get its 2026 model connected widget in a car authorized for sale in the US but its 2025 model that it got authorized this summer can be sold indefinitely even after, at least from our perspective, the Commerce Department timelines take effect. Our rules are also Narrower because they don't look at like say, component parts. So say if you have a, you know, telematics control unit that controls the sort of connectivity in a car that also happens to have a, you know, Chinese chipset in it, like that wouldn't be prohibited under our action. Whereas my understanding is Commerce that there might be some, some similar prohibitions. But it's definitely something. We have been working closely with Commerce, the Bureau of Industry and Security, icts that handles this and sort of understand their rules, make sure we're sort of harmonizing and kind of doing any action we take would necessarily be in accordance with their specific determination. We have had a lot of engagement with industry and sort of welcome that to understand an industry that again, the FCC knows telecom very, very well. We talk a lot with our partners there, but we know the auto industry less well and getting informed on that has been helpful.

Scott R. Anderson

Let's talk about one last area where I know the FCC has been anticipating some action in part driven by a statute Congress passed last year. That's the area of drones, a growing market, a market that has a lot of different industries interested in it, where FCC 8 plays a unique role. Talk to us about what the FCC is considering in the space of drones, particularly in response to the NDAA last year and actions that may come directly from that and may be kind of moving in the same direction that Congress enacted.

Adam Chan

Yeah, I mean, drones is sort of an increasing area of focus both for us, but I think also the broader administration and the public and international partners. I think anyone who's sort of been following the news will have seen the role drones have played in Ukraine. I mean, the recent sort of, that sort of spectacular kind of attack that Ukraine launched inside Russia against Russian military bases involving just cheap commercial drones was I think, sort of a wake up call. We've seen instances of unidentified drones like in the US itself. And so the FCC has been involved in a kind of range of actions around sort of counter UAS and counter drone measures, as well as sort of looking how to kind of promote and sort of accelerate the deployment of drones, particularly US made drones. Because, you know, listeners are probably aware we have major sort of supply chain dependence here on China that supplies the vast majority of commercial drones in the US market. In fact, DJI, the Chinese military company, controls something like 70, 80% of the US drone market, which again, seeing what happened in Ukraine, like, is it a good idea to have a Chinese military company have millions of drones flying around the US Certainly a lot of national security professionals have said otherwise. I think Congress, recognizing the concern with DJI drones, also Autel Drones, another Chinese company in the drone space in last year's ndaa in section 1709, actually passed a provision which requires some national security agency to issue a specific determination for the FCC's covered list on whether, you know, basically any drone or other connected equipment produced by dji, Autel or any of its subsidiaries, affiliates, JV partners, et cetera, pose unacceptable risks to the national security of the United States. And so if they were to determine, yes, some or all of them do, then we would have to add that to the covered list and prohibit authorizations for equipment produced by those entities. However, Congress also included a sort of fallback provision default that says if within one year none of these agencies have made a determination, the FCC shall automatically add this equipment to the covered list. And so that I think the deadline ends in like December 23rd. And so at some point in the next few months, I mean, there'll either be a determination or there will be no determination. And likely the FCC will then add DJI and Autel drones to the covered list, which would be significant because that would prohibit the authorization for import or sale of any new model DJI or AUTEL drones. Now, again, there is a glide path for industry because a DJI model that was approved, you know, last month can still be sold. But again, that will be a sort of there will need to be a lot of sort of crowding in of investment to support the US Drone industry or allied drone makers to sort of COVID a lot of that slack. But that is something sort of significant that the FCC has been looking at there.

Scott R. Anderson

Well, Adam, this has been a phenomenally useful survey of a lot of things the FCC is up to in the national security space. Some interesting, some in the weeds. Talk to us about what you're looking forward to for the rest of the year and the year to come. What do you see the big areas being that are brewing on the horizon for the FCC in your capacity, in your lane, for folks who want to stay abreast of what the FCC is up to in this space, what are the hot areas they should have their eyes on?

Adam Chan

Appreciate that some will be finalizing the rules that I already mentioned. So look for that in the coming, you know, weeks, months. I know. You know, our bad labs rule, for example, goes into effect September 8th. You know, at least soon after that, there should be a sort of tranche of labs that are kicked out of our process. What we'll sort of have final rules on NPRMS I mean something will happen with with regard to connected vehicles and drones, as I mentioned, I think we'll have new regulations coming out. I think some some of the enforcement investigations we launched I think will what will come to fruition. Also looking at potential other areas, taking a look at threats to space, for example, that we've done less on, but how can we have greater security on that front? Looking at team telecom issues more generally, we just did the big submarine cable rule as we discussed, but also more general team telecom ideas and then continuing to drill down on on certain supply chain components that I think a range of national security agencies are looking at as well.

Scott R. Anderson

Excellent. Well, we have gotten a lot to think about, but thank you Adam so much for joining us here today on the Lawfare Podcast.

Adam Chan

Yeah, thank you so much for having me.

Scott R. Anderson

The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get an ad for free versions of this and other Lawfare Podcasts by becoming a Lawfare material supporter at our website, lawfaremedia.org support. You'll also get access to special events and other content available only to our supporters. Please rate and review us wherever you get your podcasts. And look out for other podcasts including Rational Security, Allies, the Aftermath and Escalation, our latest Lawfare Presents podcast series about the war in Ukraine. In addition, check out our written work@lawfaremedia.org the podcast is edited by Jen Pat and our audio engineer. This episode was Kara Shillin of Go Rodeo. Our theme song is from Alibi Music. As always, thank you for listening.

Advertisement Voice

Imagine a world of extraordinary comfort where Bolin Branch Bedding wraps you in the softest. Embrace the coziest experience made from the world's finest 100% organic cotton, all so you can sleep better. Start building your fall sanctuary with Bolen Branch's iconic signature sheets made with a buttery, breathable weave that gets softer with every wash. Enjoy 15% off your first set of sheets with free shipping and returns at B O L L& Branch.com with code BUTTERY. See site for details and exclusions.