Lawfare Daily: Adam Chan on the FCC’s Growing Role in National Security

[Intro]

Adam Chan: We discovered that actually something like 75 to 80% of the testing that's done for devices that are sold into the U.S. is done in China, which is really, I, I think you, you know, most national security professionals, you know, their jaw sort of drops as I say that, given how sensitive this function is.

Scott R. Anderson: It's the Lawfare Podcast. I'm Senior Editor Scott R. Anderson for today's episode as part of our special the Regulators series, contributing editor Brandon Van Grack, and I sat down with Adam Chan, the National Security Counsel at the Federal Communications Commission.

Adam Chan: Something sort of to note about the covered list. If for, for example, Huawei phones are on the covered list. So Huawei cannot get its phones authorized to be sold in the, in the U.S., that said, Huawei has a lot of equipment that's already author rise, that was authorized before Huawei equipment was added to the covered list, and our rules took effect in February of 2023. And so a 2022 model Huawei phone can still be imported or sold in the U.S. with no restrictions at all.

Scott R. Anderson: Today we're talking about the FCCs growing and increasingly important national security work.

[Main Podcast]

Brandon Van Grack: I think to start, you hold multiple roles in the national security space at the FCC, the first counselor on national security, you chair the Council on National Security similarly sounding, different titles and responsibilities, and before we get into what those are, wanted to talk a little bit about your background that positioned you to hold these particular roles at the FCC.

Adam Chan: I think most relevant piece of my background probably, I worked on the House Select Committee on the Chinese Communist Party that was set up a couple years ago. Sort of the thinking behind that select committee was that the national security issues, particularly threats from, from China span a whole range of different committees of jurisdiction, right?

So it's not just a military threat, but it's also not just a, you know, technological or economic regulation threat, et cetera. And so you, you know, rather than sort of just having like Committee on Foreign Affairs, Armed Services Committee, Energy and Commerce Committee, Financial Services committee, all sort of tackle this problem segmented, to have a committee that can look at this sort of whole landscape.

So my role there when I was working on sort of a whole range of kind of legislation, oversight, et cetera was to kind of survey the landscape of the different authorities there are out there on national security that could be leveraged to promote U.S. interests with regard to the CCP.

In, in in particular, there as part of that, we got to know a lot of different things the U.S. government can do authorities. It has a lot of what Congress has, the executive branch, et cetera. One of which obviously is, is in the sort of telecom communication sector space. So now being at the FCC able to sort of drill down into a, a, a somewhat narrower area, but still sort of, you know, use a lot of the authorities the FCC has to tackle the problem.

Brandon Van Grack: So it sounds like you transitioned from sort of talking about regulation and regulatory action to in fact, being one of the regulators. And so let's talk about that. For example, your position as chair of the Council on National Security and as a national security counsel, you know what, you know, what is the jurisdiction, what is the purview of your role, but also that group.

Adam Chan: Yeah, it, it, it's definitely nice to transition from Congress to the executive branch. I think it's certainly a lot easier to get things done when you don't need to do, you know, you know, bicameralism and presentment and don't, don't need to get even, you know, 435 house members, you know, majority to vote. So it is nice being a regulator in that sense.

But yet in terms of my role, so when Chairman Carr was you, you know, announced that, that he would become chairman, he brought me in to be sort of his lead advisor on national security in his own personal office. There historically has not been sort of a, a single point person advising the chairman on national security issues.

Traditionally, the way it's worked is it's been sort of divided mostly by kind of, you know, type of telecom. You know, something like, oh, there'll be the wire line advisor and the wireless advisor, even though sort of both of those cover some areas of national security. My role, I, I sort of look at sort of all the different things, the different bureaus and offices at the FCC are doing that touch on national security, kind of head up that work.

Kind of as part of this role, one of the first things Chairman Carr did on becoming chairman was establish this new council on national security that's internal to the FCC that, that I think really does, does a lot of a, actually somewhat similar to the China committee that I discussed earlier in the sense of historically. You know, the FCC, I think has like 15 different bureaus and offices, almost all of these do some work that touch on the national security issue. And so we have different bureaus and offices often engaging in regulatory actions on national security without necessarily sort of coordinating or having a kind of unified approach.

And so through this council that I, you, you, you know, direct it has representatives from all the different relevant bureaus, both the chiefs of the bureaus or offices as well as you, you know, sort of other, other lawyers there who can specialize in the national security space. And, and, and the basic idea is to one, like, encourage kind of information sharing and, but also sort of allows for kind of unified agenda, sort of common themes and allows you, you know, a sort of united approach to the national security issue?

I, I mean, I, I can talk, you know, in, in more detail about that, but I mean, it's both sort of getting the kind of regulatory bureaus and offices talking to each other, but we also then can integrate the regulatory functions with the Office of General Counsel, which then has to defend the actions in court as well as the Enforcement Bureau, which can bring enforcement actions for violations of our rules.

Brandon Van Grack: Yeah. And maybe one question, and before maybe jumping into sort of the FCC and, and making sure we understand the role it plays, but what about interagency coordination? Like, does the council play a particular role? Because some of the areas and the regulations and areas we're gonna talk about have a significant interagency component to it. And so like what role do you, or what role does the council play in terms of dealing with those?

Adam Chan: That, that is something, I mean, particularly in the national security space where all of these issues touch on the authorities of a whole range of different agencies. And so we work very closely and, and are frequently talking with, with, with, with a range of interagency partners, whether that's, you know, the ICTS Office at Commerce or DOJ National Security Division or DHS or, or, or what have you, or, or, or the White House. I think it's, it, it's definitely help helpful to have those connections as well. And, and again, be able to have, or those sort of more national security focused agencies, like national security points of contact that sort of can speak on behalf of the FCC as a whole.

Brandon Van Grack: And just a point of order, 'cause you said the acronym ICTS. Can you just tell like, what is ICTS?

Adam Chan: Oh, yeah, yeah. Sorry, sorry. So I, I-C-T-S, I, I think what, what does the acronym stand for? Information, Communications, Technology, and Services. This is a, an office in the Commerce Department’s Bureau of Industry and Security that basically regulates information communications technology for national security risks. They, they, after, you know, an executive order from 2019 it's sort of a recent office that's been stood up that has a lot of kind of overlapping and intertwined authorities with the FCC.

Scott R. Anderson: So I wanna dig a little further into what the council is doing and what the FCC is doing, particularly around a couple of issues. But I think it's useful to step back and talk about this at a higher level for listeners who may not be familiar with the FCC and its work and how it intersects with national security.

When you say National Security Agency, FCC is not at the top of the list, it may not even be on the first page in most people's minds, I suspect, but it is an agency that is increasingly active in this space, that we've talked to other folks from on this podcast, notably digging into it and so this is kind of a part of a, of an FCC series we've been having. It is really interesting the areas where it intersects. So talk to us a little bit about that.

Where does the FCC sit in the broader national security interagency landscape? And why has that made it more of a national security agency, or at least more integral to national security concerns among other concerns in recent years, particularly in this era of major power competition being the primary national security driver?

Adam Chan: Yeah, no, it's a, it's a good question. I mean, definitely. I, I think I speak, speak to a lot of people who are sort of, didn't know the FCC even really does national security. But actually, in many ways it's sort of an interesting kind of return to the FCC’s roots when Congress first established the FCC in, in 1934 in the Communications Act.

Section One of, of the Communications Act that sort of grants the FCC broad kind of public interest regulatory jurisdiction and establishes the purposes for which the FCC should regulate. The sort of two purposes of section one were, one, to like increase access to communications technology, but the second was for the purposes of national defense. So this was sort of front and center of how Congress was thinking about this. I know outside the chairman's office there's sort of a wall of photos of sort of past chairs of the FCC and like the first few are in full military dress.

Because this, this really was thought of as a national security agency, given how central communications technology, whether it's sort of radio as, as, as initially conceived or now a much broader scope is to, to national security. And I mean, I know, you know, li- listeners all I'm sure have seen in the news, you know, things involving, you know, Starlink and, and satellite communications in Ukraine or, or drones and other sort of connected devices that the FCC regulates and, and how they have sort of obvious national security impacts and, and that kind of thing.

And the sort of whole sort of command and control structure of the military depends on communications technology as well as you, you know, just any sort of advanced technology now all involve, you know, sort of technology products that are connected, have, you know, sort of Bluetooth and Wi-Fi connectivity, all of which sort of come within the kind of FCC jurisdiction. They rely on, you know, things like submarine cables that carry most of internet traffic and, and, and what have you.

So I think both the sort of advances in technology as well as the sort of, as you say, great power competition have made the FCC more relevant. Recently you, you know, the FCC has been engaged in, in a variety of things. Some of these have been involved in sort of traditional telecom, like, like we denied or revoked international telecom licenses to, you know, some of the major Chinese carriers. We have this rip and replace program concerning Huawei and ZTE equipment in telecom networks.

The FCC also is a, a licenser, so we license a whole range, basically, you know, from media to radio to telecommunication services to radio frequency devices. So think like basically any tech product emits radio frequency, you know, this thinks, think you know, phones, computers, drones, connected vehicles, any smart device you have––all have to get authorized by the FCC to be imported or sold in the U.S. We license all satellites and submarine cables and so there's a range of communications technology there. Some of these licenses we refer to Team Telecom, which is national security agencies that can review some of these for, for national security risks.

Congress has also stepped in in recent years. In 2019, they passed the Secure and Trusted Communications Networks Act. Then in 2021, they passed the Secure Equipment Act, which both sort of gives us new sort of national security authorities and obligations particularly around certain what's called “covered” communications equipment or services. These are communications equipment or services that a sort of national security entity or Congress have determined to pose unacceptable risks to national security.

And so as, as, as part of that sort of, we, we are sort of more, more empowered and also have, have obligations to look at some of these national security issues.

Scott R. Anderson: So the Council on National Security and your role in it, and kind of in the FCC, generally suggests the FCC is really trying to adapt to these new demands on its role, understanding national security as part of its mandate and increasingly important part of its mandate, or one that maybe requires some adaptation to do effectively.

Talk to us about what that adaptation looks like. What is the Council on National Security doing or pushing for in the FCC and the FCC’s interactions with both interagency and international partners? That may be a little bit different way about how it's go, how the FCC has gone about its work in the past to address these new challenges, most of which are arising from particularly China, Russia to some extent as well, but these other major power competitors that are, you know, unlike al-Qaeda and terrorist groups and national security threats of yesteryear competitors in these spaces.

So talk to us what's being done differently. We had a long conversation with Loyaan Egal, who was previously the head of enforcement at FCC. We dug deep in some of the enforcement actions that have been a growing activity. We know that's one slice of what the FCC is doing. Talk to us about the other areas and how they integrate and what the council is doing to coordinate them.

Adam Chan: Yeah, I, I mean, so Chairman Carr, I, I think, has long prioritized national security and, and, and so I think we, the FCC is, is looking to do more in this space, and I think that's why he brought me on, set up this council, et cetera.

The, the, the council, when it was announced earlier this year was announced with sort of three goals in mind. All as you say, kind of pointed directly at the foreign adversary threat in particular, which whi- which we see as sort of most significant. The sort of first of these was to like mitigate and reduce supply chain dependencies and, and other risks there, like dependencies on and reliance on foreign adversaries.

Second was to reduce vulnerabilities to cyber intrusions, like surveillance or espionage from foreign adversaries. And then the third was to win the strategic competition for the technologies of the future to win a a against China. I think with these three goals in mind are sort of guiding a lot of the FCC’s national security work, either sort of advancing one or both of those.

I think we've rolled out and I think we will continue to roll out a, a sort of steady drumbeat of, of new regulations that help both protect American communications networks from foreign adversaries as well as hopefully promote and, and sort of promote innovation. And, you know, Chairman Carr just launched this Build America agenda which is not sort of national security focus specifically, but obviously as we sort of increase, you know, U.S. infrastructure investment, that, that obviously helps us from a national security perspective as well.

I think some of what the council's been doing differently, a, as I say, I mean some of it is, is just a sort of unified agenda approach. So a lot of, you've seen a lot of our new sort of regulations, we've been using sort of common terms and themes and getting sort of get, getting regulations that come out of different bureaus to advance and adopt sort of similar or, or the same kind of regulatory frameworks.

An, another thing, I mean I know you talked with Loyaan, as you mentioned, who headed up enforcement in the previous administration that I, I think now one, one thing the council does very well, I think, is to integrate the enforcement bureau with some of the regulatory bodies. So one of the first actions the council publicly announced was this investigation into entities identified on the FCC’s covered list.

I'm sure we'll get into the covered list later, but tho, those basically sort of entities that have been found to pose national security risks. Think Huawei, China Telecom, China Mobile, that, that kind of thing. We, we previously revoked their international telecommunications licenses, but we, we have reason to believe or had reason to believe that they, they, they're still providing a lot of services and engaging in operations within the United States, whether that's, you know, supplying data centers or, you know, engage in white-labeling of their products or that kind of thing.

And so the enforcement bureau launched a big––sort of led on a kind of big investigation into this. But this is sort of done in, in cooperation with the council because I think sort of our hope here is sort of not, not only to bring potential penalties should we see violations for our rules, but also to help inform kind of future regulatory actions and new rules that can actually crack down on some of these operations that are perhaps exploiting loopholes in the FCC’s existing rules.

Chairman Carr calls this you, you know, ending the end-run around our, our rules. And, and so I think there, I mean that's sort of just an example of kind of how a council can help sort of function and make the FCC into sort of a, a, a more collaborative sort of agency when it comes to national security.

Scott R. Anderson: So I wanna dig into some of these specific actions. Before we do that, I want to tackle one other aspect. It has come up I think in a lot of conversations Brandon and I have been having with people working in the regulatory side of national security agencies over the last few years we've been doing this podcast series, and this is question of international cooperation.

Because obviously telecommunications has a strong international component and the telecommunications industry is of national security concern in the United States. Not just in the United States, but also in Europe and other territories where we have business interests, we have political interests, and where China, Russia, other adversaries are also seeking influence.

So talk to us about the international side of this. How does the FCC approach the, the diplomatic half of the job, or the law enforcement and intelligence cooperation coordination part of its job, and is that a growing part of what the FCC the National Security Council are considering doing?

Adam Chan: Yeah, no, I, I, I mean, I think, I think it is, it is particularly important. Especially one, I mean, it's sort of part of the strategic competition with other great powers. The FCC works closely, especially with the State Department on, on some of the diplomatic outreach involved in sort of US representation at international organizations such as the ITU, the International Telecommunications Union, that sets a lot of the global standards here, where there is, you know, really fierce competition between the U.S. and particularly in China.

There, there was sort of, we, we also sort of engage with you, you know, other sort of regulated entities to sort of help promote, you know, trusted technology and clean networks abroad. We, you, you know, engage our counterparts as the sort of telecom regulators in other countries. Often I think we can come in as trusted partners there that aren't necessarily just sort of beating the drum of rah rah Americanism, but can sort of also provide a kind of technical, kind of independent evaluation. You know, here are the actual vulnerabilities or risks if you use Huawei equipment, for example. That, that I think is, is often helpful as well as, you know, trying to get our allies and partners to adopt sort of similar measures.

So I know I was on a recent podcast talking about the submarine cable rules we, we adopted recently, but I, I've been having other sort of international engagements with counterparts in, in, in allied countries to help sort of promote and sort of socialize these, the, the, the sort of regulations we have to obviously get, get some of our allies to adopt similar measures, so that there can be sort of harmonized rules, which then helps like promote connectivity between those allies and helps ensure that our, our allies also have sort of similar kind of national security protections of their networks.

Scott R. Anderson: So let's move on and talk about some of the specific things the FCC has been up to in the last few months, you know, better, half of a year that you've been there and that this administration has been in place. One issue we should flag for people, but that you've already done a long conversation with us for, with our colleague Justin Sherman, one of our contributing editors at Lawfare a few weeks ago on the Lawfare Podcast is undersea cables.

Really important, really interesting issue, really interesting things FCC is doing there. We're not gonna talk about that here because you've already done a very deep dive with Justin, so folks who are interested in that should look back in their podcast feeds. Look for that episode. But we've got some other things that we also wanna talk about in terms of what the FCC is up to. Brandon, I'll hand it back to you for that.

Brandon Van Grack: Yeah, and again, I think getting the specifics will help sort of lis- listeners fully appreciate all the touchpoints the FCC has. And so undersea cables––I mean, again, great podcast, and, and you can spend a whole ‘nother one talking about their import. So let's move on to another topic.

'Cause again, FCC has been, I think, remarkably busy in this space. And let's talk about the, the so-called bad labs rule 'cause I think most people, even in the national security space, if they hit the term “bad labs,” they think of COVID. Especially if you're talking China. And that's not what we're talking about. 'Cause, so I, I say this because maybe you can help set up what is the particular issue or concern tat was the basis for an the new rule and order that, that you all announced.

Adam Chan: It's actually really a sort of fascinating issue that I, I wasn't tracking until recently. Most national security professionals I've sort of raised this with also were like not tracking this at all and, and didn't even sort of understand this, this, this was an issue.

But I think it's worth taking a step back just so sort of listeners can kind of understand the FCCs authorities and our sort of equipment authorization process. Basically any what, what's called a radio frequency device–so again, think basically any connected product, phones and computers to smartwatches, baby monitors, AirPods, AirPods, et cetera.

Like, I mean, you've, you've probably seen little FCC logo on your devices that that's a sign that it got an FCC authorization. So in order to import or sell into the United States, any of those devices you need an FCC authorization. And so that's it. It's one of our, sort of most, and we have sort of broad, pretty sweeping sort of authority to kind of regulate these in the public interest. So, so, so, so it gives us a lot of, a lot of authority there.

One, one other sort of background point, I'll flag that's kind of relevant for the bad labs I mentioned earlier the covered list. This, this was something Congress set up in the Secure Networks Act, Secure Equipment Act. It's basically list of communications, equipment, or services that another entity have found to pose unacceptable risks to national security.

The Secure Equipment Act actually required us to prohibit the authorization o any communications equipment that's actually listed on the covered list. So some, some things on the covered list. For example, Huawei telecommunications equipment or Hikvision communications equipment. They, they make a lot of surveillance cameras, a Chinese military company, and so part of this is now they cannot get their new devices to be authorized and sold within the U.S.

Brandon Van Grack: Is it technology specific or company specific when we talk about the covered list?

Adam Chan: The initial covered list was set up, gave, gave out the sort of wrong impression to a lot of people, but it's actually a list of equipment and services as opposed to a lot of the other sort of bad guy lists that the U.S. government maintains, such as the Commerce Department entity list, or

DODs Chinese military company list that actually identify specific or you know, OFAC sanctions that actually identify specific persons companies, entities that pose national security risks. This actually identifies specific equipment or services now that can be associated with entities.

But a, again, the Huawei is not listed on our covered list. Huawei, like telecommunications and video surveillance equipment produced by. Huawei and any of its affiliates and subsidiaries is on our covered list. And, and, and so that is, that is a relevant distinction. And then that, that also means, for example, certain equipment on our covered list, it's, it's not all the equipment produced by that entity.

For example, I mentioned Hikvision earlier. It's actually hick vision equipment only insofar as it's intended to be used in you, you know, critical infrastructure or government facilities or something like that.

Brandon Van Grack: So then that's the foundation that there are some. Equipment and services where there can't be an authorization, but the point is many can receive an authorization and that you issued a new rule and order that pertains to that authorization. And so let's, let's talk about what that that entails.

Adam Chan: Right. So as part of the authorization, which again, is sort of critical to this like vast sector of the economy, I mean like literally trillions of dollars in goods sort of passed through this, the, the FCC authorization process for a lot of the equipment, ba basically anything that sort of intentionally emits radio frequency. I, I, I don't need to sort of bore the listeners with sort of the very minutiae of, sort of which specific devices, but many of the most sort of important or risky devices need to get, go through this process called certification, where they're tested in a lab. And then certified by a telecommunications certification body.

For, for a long time FCC rules were focused exclusively on sort of technical requirements. So again, does this emit harmful frequency that's going to interfere with communications networks? Does this operate at the right power levels? Does this operate how it, you know, you know, said it does in the manual. That, that, that kind of thing recently. And, and you know, obviously that sort of critical work.

Recently in addition to that, these sort of labs and certification bodies are now also responsible for making sure the equipment is not covered equipment. The FCC does not in itself inspect every new device but instead, you know, of these sort of tens of thousands of devices that are authorized each year. We, we rely on the certification bodies to say, no, this, this, we certify you, you, you know, this is actually not a Huawei phone or that kind of thing.

Brandon Van Grack: In terms of understanding sort of the, the impetus for the rule and order, are there particular instances and issues like understanding the potential for there to be an issue is the foundation for this, the awareness that in fact, there were some issues with some of the tests and some of the law labs, and therefore figuring out how to address those issues?

Adam Chan: So, so the basic idea of of the, the, the rule is you, you know, now that we gain new insight into how critical these labs and, and certification bodies are wanting to make sure we can actually trust them to do the important work they're doing. And so, especially as we're now sort of moving into this foreign adversary competition, we, we noted a lot of these labs we're actually under control by really problematic entities that would sort of raise red flags in any kind of basic kind of national security due diligence review.

For, for example, I, I mean, I think sort of most notably, and it sort of illustrates how kind of almost silly this is, but we, we learned last year, I think it was, that there was a, a lab that was owned by Huawei. So you had a Huawei owned lab that was responsible for testing all the tech devices that could be approved in, into the United States. And you, you know, the FCC is supposed to rely on the Huawei tests. And also you, you, you know, Huawei equipment is itself banned in, in, in the U.S. You know, are we gonna trust that Huawei can actually certify, yes, this, this is not Huawei equipment. We promise.

And, and I mean, so, so, so I think that sort of illustrates kind of how, how the FCC got involved in this. You know, looking closer, we discovered that A actually, so, so something like 75 to 80% of the testing that's done for devices that are sold into the U.S. is done in China which is really, I, I think, you know, most national security professionals, you know, their jaw sort of drops as I say that given how sensitive this function is.

And so I think we see, you know, sort of major concerns with some of these untrustworthy entities. I mean, one, like are they just giving us accurate results either about whether this involves sort of covered equipment or like is this emitting harmful frequency? Like can we trust the results we're getting?

There are also issues it, it's not, it's not a secret, but you, you know, China has engaged in sort of decades long campaigns of IP theft around sensitive technology. Is it, is it a good idea to be having these labs, many of which are owned directly by the Chinese government, doing a sort of deep dive into all the latest technology products that are being sold in the U.S.? Can we trust that, you know, sort of IP will be protected that, you know, malware won't be inserted, that you, you know, e even just having sort of these sort of bad guy entities learn so much about the U.S. market and, and the sort of products that are sold raise major concerns and, and these were concerns that some of our, you know, national security partners raised.

And so some concerns I think we see as, as, as pretty obvious. And, and so, so sort of thinking through that, I, I think was very much the impetus behind sort of the rule we adopted in May, which I mean, sort of kind of brief overview and can go into more details if you want. But we adopted it in May. It was unanimously approved by all five commissioners. Again, sort of a sign of bipartisanship at the FCC on national security issues that has continued since, you know, the first Trump administration and Chairman Paai through the Biden administration, and Chairwoman Rosen, Rosenworcel, and now Trump two and, and, and Chairman Carr. But the, the basic idea is to prohibit the use of test labs and telecommunication certification bodies if they are, you know, owned by, controlled by, or, or, or, you know, subject to the direction of any, what we describe as prohibited entities.

And we define prohibited entities. Again, we reference to both basically entities on any of the government bad guy lists that I mentioned earlier, and that includes foreign adversary countries. So it would include something like a, a lab owned directly by the Russian government or owned directly by the Chinese government or, or something, something to that effect.

We, we also sort of adopted a kind of further notice of proposed rulemaking where we propose to go a, a step further and actually ban the reliance of any lab in any foreign adversary country. Obviously that raises pretty substantial supply chain disruption potential, and so we're also actually in that further notice, seeking comment on how we can sort of engage in a kind of reshoring, nearshoring friend shoring exercise where we actually can accelerate the build out of testing capacity in the U.S. and allied countries with whom we have, you know, mutual recognition agreements or other sort of agreements there that we can sort of, you know, obviously trust a, a lab in, you know, you know, the United Kingdom more than we can necessarily in Russia or, or something to that effect.

Scott R. Anderson: So let's talk about another proposed rulemaking that you guys have put forward, that's changing the way FCC has done something, and that's about foreign ownership notifications and disclosures. As I understand it, although, correct me if I'm getting some of the details wrong on this, you all are proposing a shift in how the FCC does a range of disclosures from a more general foreign ownership disclosure requirement that applies to a variety of kind of subsets of services, products, licensing conditions to something that focuses much more on requiring more disclosure for foreign adversary linked sort of services in companies.

Talk to us about that shift and what is intended to accomplish what is falling short of the current disclosure system and why do you think this is a better approach? And particularly where it's applying, why is it that you're focusing on the areas, on the questions, the information you want to gather that you are focusing on in this proposed rule?

Adam Chan: For, for those who sort of know anything about the FCC from the very beginning, some actually required by the Communications Act, some, some through rules. The FCC has had foreign ownership reporting or requirements or restrictions for a range of media. I mean, I think most people are probably tracking that you know, their limits on, on certain, you know, foreign government ownership of broadcasters or that kind of thing. And, and so the FCC does collect foreign ownership reporting in, in, in a range of contexts.

I, I, I think we, we, we see this as deficient in, in, in a number of respects. I think the sort of first and, and kind of most obvious one is it's usually this information is either like not public or like hidden on some FCC database in a PDF file, you know, at some point that, you know, it was very difficult for the public to access.

And so a lot of this is actually sort of informing the public of, of some of these risks. It's kind of in line, there's actually a bipartisan bill in Congress called the Fact Act, which passed almost unanimously out of the House recently. But our action is, is, is, is pretty in line with kind of where, where, where Congress is here.

But we adopted, again, a couple months ago, again, unanimously a, a, a notice of proposed rulemaking that would basically collect information from all licensees that get an FCC license, authorization permit, et cetera. So again, radio licenses, space licenses, TV licenses, submarine cable licenses, radio frequency, like equipment authorizations like we, we, we just discussed to sort of run the gamut of, of that so that we could sort of understand the landscape better.

What we're specifically looking for certifications of, of wi which of these entities are owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. That's a definition that we've adopted in, in sort of many of our actions recently. It's taken from the Commerce Department's ICTS office, which I, I I mentioned earlier. Again, trying to sort of harmonize these standards both within the FCC and then across the government. I, I think our our, our goal here again, to your point, how, how is this different from what we've been doing in the past? I think it's different in, in two primary ways.

First of all, it's, it's much more comprehensive and as like, like it's not just limited to certain licenses, whereas other licenses are, don't have to do the foreign reporting. It's also like, like a, a harmonized standard. So it's not like a different reporting requirement for a radio license than a TV license or something like that. And, and, and so I think some, some of that will, will also hopefully help kind of reduce some of the burden and regulatory burden, like, like there's a clear standard here.

But also the sort of second is rather than sort of foreign ownership generally it is specifically looking at foreign adversaries that I think we see you, you know, particular risks there that say don't arise if say, you know, again, a British person or a British company develops a, a, you know, you, you know, owns a telecom network in the United States that does not sort of pose the same kind of national security concerns as might be had if a Russian, if a Russian company did, or an Iranian company or any of the other sort of foreign adversaries.

And I should say, sort of brief aside here, the sort of far, when I say foreign adversaries, referring to again, the sort of list of six foreign adversaries that the last three administrations have determined to be foreign adversaries. That's China, Russia, Iran, North Korea, Cuba, and Venezuela. And so we've just sort of adopted that, relying on the executive branch determination there.

I, I think an another point. I'll make on the sort of foreign ownership point. I, I think it's sort of broadly in line also with something I talked about on the submarine cable podcast, the America First investment policy memo that the president came out with earlier this year which basically recommends for a lot of sort of inbound and outbound investment transactions, a sort of hard line on foreign adversaries, while a streamlined and welcoming approach for American investment for allied investment. And I think we see some of that here as well.

Like a, actually, if we could sort of potentially reduce the reporting burden for foreign ownership reporting in some areas, as long as we have this sort of rigorous reporting for foreign adversaries, I think that would, that, that's, that, that's definitely a sort of goal of, of the commission generally and, and, and something we're sort of moving towards and, and, and hoping to, you know, kind of finalize this rule soon.

Scott R. Anderson: So this move strikes me as particularly interesting 'cause in some ways it is actually could be framed as national security concerns replacing and eclipsing more traditional policy concerns motivating FCC actions as I have understood them, maybe I'm off base on that.

Because you can imagine a variety of policy reasons, unrelated national security, why you would care about foreign ownership for a much broader universe than foreign adversaries. Right? You could be concerned if our picking something random, our, our drone industry started to be dominated by Indian companies, not because India is, you know, India is a country with our relationship. We would not wanna make them a foreign adversary put on foreign.

It's very adversary, let's at least, most, most weeks. But they are a company where you can see a future where. Their overweighted influence in a particularly sensitive industry could be a point of concern. And that is my under has always been my understanding of how the FCC approaches this foreign ownership question, which is that really any sort of foreign ownership could be a concern. We have to map it and get the landscape.

Now I understand you're not replacing foreign ownership requirement. You're not saying there these don't exist more generally, but it really seems to be so focused on this universe of foreign adversaries in a way that is, like you said, kind of de burdening a variety of other sort of rivals. I'm, I'm just curious how much of this is really saying the national security concerns are the dominant concerns of the space and the broader competition concerns or foreign influence for reasons that aren't tied up with those foreign adversaries are kind of secondary to that primary national security objective.

Adam Chan: Right. I mean, and it's not like those don't matter and in some spaces, you know, Congress has mandated certain reporting and, and certainly we're not looking to adjust that. I, I mean, in certain traditional areas, I think, I think it is certainly important to be concerned about other sorts of foreign influence, but I think there's at least a particular and and acute concern now just given what we've seen on the national security threats.

And so therefore, having a sort of publicly available list of the licenses that we have given out that are owned by, controlled by subject to the jurisdiction or direction of foreign adversaries can hopefully both inform us as well as inform industry as it makes investment decisions, inform members of the public and in consumers as they're making decisions and so I think that transparency will be helpful.

I'll also note, I, I mean, I think of relevance to our discussion earlier I, I think this really is a good example of sort of the role that the Council on National Security can play very well. Like this was an action that was sort of you, you know, the wireline bureau sort of took the lead and kind of drafting this. But it was really a sort of whole of commission effort because again, there, there, there sort of licenses given out by a whole range of different entities.

And so again, sort of having a harmonized approach where, you know, if, if you read the notice of proposed rulemaking, it, it's sort of fun if you wanna learn about the FCC because we have a long list of, you know, licenses and authorizations and permits that we give out and, and sort of proposing to collect reporting information on all of these. Once again can also sort of help kind of harmonize what, what the commission is doing in, in all of these sort of different contexts.

Brandon Van Grack: So let's talk about another area where you all are taking actions in a space that people might not fully appreciate but impacts many of us, which is automated vehicles. So can you talk to us a little bit about the FCCs role with respect to automated vehicles and what's in fact happening?

Adam Chan: So first of all, on the kind of FCC's role, so o once again, and, and here's where the sort of FCC authorities are often kind of niche. We're not the main automobile regulator. We, we defer to sort of Department of Transportation to set road safety standards and, you know, the EPA to set, you know, fuel economy standards and Department of Energy to, right. So there are a whole range of actors here.

Where the FCC comes in is if a part in a car has connectivity features, uses Bluetooth, like your Bluetooth or Wi-Fi in the car that's using some part, it's using wireless spectrum that the FCC regulates. And so that's where the FCC comes in and, and has authority over this space There's a rule making the FCC did a few years ago to sort of help you, you know, we allocated a specific band of spectrum for connected vehicle technology to help enable this growth industry.

As you say, the sort of kind of mo most recent thing, the FCC has been looking at the Commerce Department's ICTS office issued rules ear earlier this year in, in the winter on connected vehicles, specifically connected vehicles as well as certain hardware and software within connected vehicles. If they are designed, developed, manufactured, or supplied by any person, owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary, basically poses sort of very sweeping sort of prohibitions on any transactions involving these technologies, this equipment this software. They delayed those rules a couple years to 2027 or 2029, depending on the sort of specifics within the rule.

But as part of this action, they made like a, a determination that the sort of what they called vehicle connectivity systems hardware and automated driving systems, again, basically anything within a vehicle that's connected that these, when, when you, you know, has the foreign adversary control pose unacceptable risks to the national security of the United States and that sort of determination in that language triggers our covered list under the statute Congress set up.

And so we put out a kind of public notice a couple months ago asking for public input on our, our assessment that this means we have to add that sort of technology, the sort of connected vehicle technology to our covered list. Usually we don't actually put out a public notice getting public input at all when we add something to the covered list 'cause oftentimes the determinations are very straightforward.

This Commerce identified a sort of broader array of technologies, and also for the first time, the specific determination did not name specific entities, but took this much broader approach. And so sort of figuring out exactly how to tailor our action so that it's consistent with the statute is something we're got public input on, we're sort of considering now.

Brandon Van Grack: And I, I assume part of that as well is trying to, appreciate how much of this technology is in fact relied on by manufacturers to figure out the impact of placement on the covered list because some of the rules with respect to some of the implementation with respect to automated connected vehicles anticipates a, a delay because there's, it will lead to disruption and I would assume, anticipate that part of the input from from the public is trying to figure out how to right-size that.

Adam Chan: Yeah, well, so it's actually, it's actually interesting. So, so Commerce and, and ICTS was, was very conscious and in, in, in their rule they say, okay, we find unacceptable risk to national security, but we need to balance that against you, you know, concerns to industry disruption, et cetera.

The FCC is actually not allowed to engage in that balancing exercise. So we actually can't consider the sort of supply chain disruption, right? So it could be that, you know, the entire economy would collapse and like that's 'cause we're statutorily obligated to add to the covered list any equipment that's found to pose unacceptable risks to the national security of the United States.

That said, I, I don't believe, you know, if, if we do end up doing this action, I don't believe it would, you know, disrupt the entire auto industry or, or, or cause any, any sort of really substantial harm beyond what sort of the Commerce rule already has because in, in, in many ways, I actually think the FCC action could work in tandem with, with, with Commerce.

The FCC action's much narrower in scope. I mean, it, it would not sort of include the vehicles themselves. Just sort of these cer certain connectivity features. It also, there, there's not this sort of broad enforcement against any transaction. It relies on sort of self attestation at the enforcement stage. It also sort of, perhaps most importantly, comes with a kind of built in glide path for industry because I mean, something sort of to note about the covered list, if for, for example, Huawei phones are on the covered list, so Huawei cannot get its phones authorized to be sold in the, in the U.S. that said, Huawei has a lot of equipment that's already authorized, that was authorized before Huawei equipment was added to the covered list, and our rules took effect in February of 2023. And so a 2022 model Huawei phone can still be imported or sold in the U.S. with no restrictions at all.

Again, query whether that's a good idea or, or whether consumers should buy those phones. But in, in the connected vehicle space, let's say we were to add, add that to the covered list tomorrow, that means, you know, a Chinese company would not be able to get its 2026 model connected widget in a car authorized for sale in the U.S. but its 2025 model that it got authorized this summer can be sold indefinitely even after, at least from our perspective, the Commerce Department timelines take effect.

Our rules are also narrower because they don't look at, like, say, component parts. So say if you have a, you know, telematics control unit that controls the sort of connectivity in a car, that also happens to have a, you know, Chinese chip set in it, like that wouldn't be prohibited under our action whereas my understanding is Commerce, that there might be some, some similar prohibitions.

But it's definitely something we have been working closely with Commerce, the Bureau of Industry and Security, ICTS, that, that, that handles this and sort of un understand their rules, make sure we're sort of harmonizing and kind of doing. Any action we take would necessarily be in accordance with their specific determination. We have had, you know, a lot of engagement with industry and sort of welcome that to understand an industry that, again, you know, the FCC knows telecom very, very well. We, we, we talk a lot with, you know, our partners there, but we know the auto industry less well. And, and sort of getting informed on that has been helpful.

Scott R. Anderson: So let's talk about one last area where I know the FCC has been anticipating some action. I part driven by a statute Congress passed last year, and that's the area of drones, A growing market, a market that has a lot of different industries interested in it, where FCC plays a unique role, talks about what the FCC is considering in the space of drones, particularly in response to the NDAA last year, and actions that may come directly from that and may be kind of moving in the same direction that Congress enacted.

Adam Chan: Yeah, I, I mean, drones is sort of an increasing area of focus. I, I mean, both for us, but I, I think also the broader administration and, and the public and international partners. I think anyone who's sort of been following the news, well, seeing the role drones have played in Ukraine. I mean the recent sort of that, that sort of spectacular kind of attack that Ukraine launched inside Russia against Russian military bases involving just cheap commercial drones was I, I, I think sort of a wake up call.

We've seen instances of unidentified drones like in, in the U.S. itself. And so the FCC has been involved in a kind of range of actions around sort of counter UAS and counter drone measures. As well as sort of looking how to kind of promote and, and sort of accelerate the deployment of drones, particularly U.S. made drones because, you know lsteners are probably aware, we have major sort of supply chain dependence here on China to sup that supplies the vast majority of commercial drones in the U.S. market.

In fact, DJI is a Chinese military company controls I I, I saw something like 70 80% of the U.S. drone market, whi, which again, seeing what happened in Ukraine, like is, is it a good idea to have a Chinese military company have millions of drones flying around the U.S.? Certainly a lot of national security professionals have have said otherwise. I think Congress recognizing the concern with DJI, drones, also AltAir drones and another Chinese company in the, in, in the drone space. In last year's NDAA in section 1709, a act actually passed a a provision, which requires some national security agency to issue a specific determination for the FCCs covered list on whether you, you, you know, basically any drone or other connected equipment produced by DJI, AltAir or any of its subsidiaries, affiliates, JV partners, et cetera pose unacceptable risks to the national security of the United States.

And so if, if they were to determine yes, some or all of them do, then we would have to add that to the covered list and, and prohibit authorizations from the, you know, for equipment produced by those entities. However, Congress also included a sort of fallback provision default that says if within one year none of these agencies have made it a determination, the FCC shall automatically add this equipment to the covered list and so that I, I think a deadline ends on like December 23rd.

And so at, at some point in the next few months, I, I mean there'll either be a determination or there will be no determination and likely the FCC will then add DGI and AltAir drones to the covered list, which would be significant 'cause that would prohibit the authorization for import or sale of any new model DGI or auto drones. Now again, there, there is a glide path for industry because A DGI model that was approved, you know, last month can still be sold. But, but again, that, that will be a sort of, there, there, there will need to be a lot of, you know, sort of crowding in of investment to support the U.S. drone industry or allied drone makers to sort of cover a lot of that slack. But that is something sort of significant that the FCC has been looking at there.

Scott R. Anderson: Well, Adam, this has been a phenomenally useful survey of a lot of things the FC is up to in the national security space. Some interesting, some in the weeds. Talk to us about what you're looking forward to for the rest of the year, in the year to come. What do you see the big areas being that are brewing on the horizon for the FCC in your capacity in your lane? And for folks who wanna stay abreast of what the FCC is up to in this space, what are the hot areas they should have their eyes on?

Adam Chan: Yeah. No, no, I appreciate that. I mean, some will be kind of, you know, finalizing the rules that I already mentioned. I mean, I mean, so look, look, look for that in, in, in the coming, you know, weeks, months. I know, you know, our bad labs rule, for example, goes into effect September 8th. You know, at least soon after that there should be a sort of tranche of labs that are kicked out of our process. We'll, we'll sort of have final rules on NPRMs.

I mean, something will happen with, with, with regard to connected vehicles and drones. As, as I mentioned, I think we'll have new regulations coming out. I think some, some of the enforcement investigations we've launched, I, I think will, will, will come to fruition. Also, looking at potential other areas take, taking a look at, you know, threats to space, for example, that, that we've done less on, but, but you know, sort of how can we sort of have greater security on that front.

Look, looking at sort of team telecom issues more generally. We just did the big submarine cable rule as we discussed, but also sort of more, more general team telecom ideas and then, and, and then sort of continuing to drill down on, on certain supply chain components that, that, that, that I think a range of you, you know, national security agencies are looking at as well.

Scott R. Anderson: Excellent. Well, we have gotten a lot to think about, but thank you Adam, so much for joining us here today on the Lawfare Podcast.

Adam Chan: Yeah, thank you so much for having me.

Scott R. Anderson: The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get an ad-free versions of this and other Lawfare podcast by becoming a Lawfare material supporter at our website, lawfaremedia.org/support. You'll also get access to special events and other content available only to our supporters.

Please rate and review us wherever you get your podcasts and look out for other podcasts including Rational Security, Allies, the Aftermath, Escalation, our latest Lawfare Presents podcast series about the war in Ukraine. In addition, check out our written work at lawfaremedia.org. The podcast is edited by Jen Patja and our audio engineer this episode was Cara Shillenn of Goat Rodeo. Our theme song is from Alibi Music. As always, thank you for listening.