Published by The Lawfare Institute
in Cooperation With
The Biden administration inherited policies from the Trump administration that make it harder for U.S. businesses to operate in China and harder for Chinese businesses to operate in the United States. Many of those policies will lead to a wholesale decoupling between the United States and China with steep economic and strategic costs to the United States. As the Biden administration evaluates whether to continue those policies, it must grapple with how to distinguish low-risk business activities from those that threaten U.S. national security.
Three months ago, we wrote that President Biden should use a little-known Commerce Department rule to embark on a new path that would separate activity that poses a risk to U.S. national security from activity that benefits U.S. tech users and U.S. strategic interests. The Biden administration has taken steps that suggest it is doing precisely that. Just this week, Biden issued a new executive order that rescinds the August 2020 executive orders banning TikTok and WeChat. It replaces the bans with a framework for evaluating foreign data threats based on “rigorous, evidence-based analysis.”
Today, we propose an additional recommendation that would serve the same overarching objective. The Biden administration should implement a fair and transparent licensing regime for the Securing the Information and Communications Technology and Services Supply Chain (ICTS) rule. Such a regime would enable companies to apply to the Commerce Department for a license that would grant them permission to engage in beneficial economic activity that would otherwise be prohibited by Trump-era policies. The administration is currently considering this type of framework and has solicited public comments on what a licensing regime would look like.
Some observers might argue that a licensing regime is problematic because it allows a problematic rule to stay in place. They argue that the preferable course is to repeal the rule entirely and instead rely on other existing legal tools—such as export controls and the Committee on Foreign Investment in the United States—to separate problematic transactions from beneficial ones.
But a licensing regime is necessary precisely because full repeal is politically fraught. Republicans have been hawkish on China relations and have been quick to portray the Biden administration as “soft” on China. China policy seems likely to be a focus of the Republican narrative in the 2022 midterm and 2024 presidential elections. Wanting to avoid the “soft” label, Senate Democrats have pushed through their own legislation to try to signal their strength on China, and Biden’s executive order from earlier this week made clear that he is building on, rather than repealing, the ICTS rule.
In the absence of repeals, the Biden administration should implement a voluntary preclearance licensing process that will enable it to grant approvals for business activity that is good for consumers, U.S. companies and U.S. strategic interests. The government should grant a license if a company can demonstrate that a proposed transaction would serve a legitimate business objective and that it would not create undue national security risks.
The first step is to avoid repeating the mistakes of the Huawei licensing system from the previous administration. It was an open secret in Washington that despite Huawei’s designation on the Entity List, a handful of companies were able to secure approvals to continue doing business with Huawei. Intel and Qualcomm supposedly received licenses, but the process to receive these approvals was opaque, ad hoc and not public—undermining the credibility of the Entity List itself. As is typical with processes of this sort, it favors big companies with large compliance teams and a significant government relations presence in Washington.
To avoid the pitfalls of the murky, nonpublic licensing regimes of the past, the government should establish clear criteria for granting a license. The government should consider the business value of granting a license, as well as the strategic value of promoting U.S. tech leadership in a particular product. There should also be carve-outs in cases where companies already have licenses under other regimes, such as through other export control processes.
The government should also consider the potential risk of granting a license but should avoid rejecting a licence based on the vague criteria in the existing rule like “undue or unacceptable national security risk.” Unfounded allegations about a company’s “ties” to a foreign adversary should not be sufficient to reject a license; the review should analyze the specific nature of a business relationship.
The recent Xiaomi case provides a cautionary example of the pitfalls of vague allegations of national security risk, unsupported by clear evidence. Xiaomi is a Chinese smartphone manufacturer that was designated as a “Communist Chinese military company” by the Pentagon. It challenged the designation in court, and the judge ruled in Xiaomi’s favor, calling the designation “arbitrary and capricious.” The judge pointed out that the same award that the Pentagon cited as evidence of Xiaomi’s military affiliation was also given to “the leaders of a Chinese powdered milk and infant formula company, the maker of a well-known chili sauce brand, and a barley wine producer.”
To avoid replicating the mistakes of the Xiaomi case, risk assessments should be grounded in existing standards, such as the principles laid out in the National Institute of Standards and Technology’s Special Publication 800-30. More specific standards might also give companies a road map for how they might mitigate risk in order to secure the license.
To make licenses broadly available to any U.S. company, the government should make the process clear and transparent. It should be easy for companies to submit requests for a license, ideally through a public website. The government should grant approvals within a specified period of time, such as 30 days. It should provide public reports on the number of licenses it grants and the number that are rejected. Reports should also name companies that receive licenses and the scope of the licenses they received. To receive a license, companies should be required to demonstrate that they have an audit process in place to ensure that if national security risks arise, they will be able to detect them. The government should provide a secure reporting mechanism to enable whistleblowers to report license violations.
Licenses are imperfect policy instruments. They are easy to abuse and difficult to monitor. No matter how open and transparent the process is, they favor companies with sizable compliance operations and extensive political connections. They also reduce pressure on policymakers to change problematic law: If companies can get exemptions, they’re less likely to advocate aggressively for full repeal.
But as imperfect as they are, they are preferable to the alternative. Protectionist policies destroy value for users and industry. Blanket bans make it impossible to engage in economic activity that would benefit the United States, and they impose security costs when businesses that would be subject to U.S. law enforcement requests are no longer able to do business with Chinese firms. With no end in sight to a political environment that is hostile to China, the Biden administration should pursue the best alternative course: a fair, open, transparent, efficient licensing regime.