Court upholds FCC right to ban tech from Chinese-owned telecom companies
The Federal Communications Commission (FCC) acted within its authority when it banned video surveillance products made by two Chinese-owned companies, a federal appeals court said in a Tuesday decision.
The agency’s ban on products made by Hikvision and Dahua is appropriate under a 2021 law, the Secure Equipment Act (SEA), which is meant to counteract the national security threat posed by telecommunications equipment accessible to the Chinese government, the U.S. Court of Appeals for the D.C. Circuit ruled.
As a result of the SEA, the FCC was required to stop approving marketing and sales for telecommunications’ products deemed to be a national security threat, which led the agency to ban video-surveillance equipment manufactured by Hikvision and Dahua on the grounds that it could be used by China to surveil U.S. critical infrastructure.
Small and medium sized business owners seeking security cameras are the primary U.S.-based customers for Hikvision and Dahua’s U.S. subsidiaries.s.
Although the ruling is a victory for the FCC, the court sided with the companies’ argument that the FCC too broadly defined critical infrastructure when it ordered the ban.
The FCC order banning the companies’ equipment said it applies when the equipment is used for the “purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”
But the court said the agency’s interpretation of what constitutes critical infrastructure is “unjustifiably broad and is therefore arbitrary and capricious.”
The FCC relied on the Patriot Act, a relevant Obama administration presidential policy directive and the Cybersecurity and Infrastructure Security Agency’s (CISA) set of National Critical Functions to create its definition, according to the court decision.
Hikvision and Dahua argued that while the Patriot Act may be an appropriate template, the FCC overextended when it included terms from the more expansive presidential policy directive and the CISA provisions.
The court ruled that by defining critical infrastructure as any “systems or assets” that the court emphasized are merely “connected to” the 16 sectors captured by the presidential policy directive and 55 elements of the CISA risk management document, the FCC overstepped.
“The FCC failed to explain or justify its use of the expansive words ‘connected to,’ and the scope of the definition is therefore arbitrarily broad,” the ruling said.
The court called it “entirely implausible that every single system or asset that is ‘connected to,’ for example, the food and agriculture sector, or to the function of supplying water, is ‘critical’ to the national security of the United States.”
The agency must revise its definition of critical infrastructure, which the court said should be based strictly on the language outlined in the 2019 National Defense Authorization Act. That legislation barred federal agencies from using or buying “covered” technology made by Chinese companies and specifically cited products made by Hikvision and Dahua.
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.