US Biz Groups Rail Against China-Focused 'Cybersecurity' Law
A provision slipped into a funding bill recently signed into law has raised the hackles of business groups who contend it discriminates against suppliers of IT products having any connections with China. Compliance with the provision will be a nightmare, and it will do nothing to actually improve cybersecurity, they maintain. The White House has also criticized the measure and promised to work with Congress to revise it -- next year.
04/09/13 3:25 PM PT
The head of the U.S.-China Business Council has criticized a new law aimed at stopping cyberattacks.
John Frisbie, the group's president, objected to the law in a letter sent Monday to the leaders of the U.S. Senate and House of Representatives. Section 516 of the Consolidated and Further Continuing Appropriations Act, 2013, requires multiple government agencies -- including the Justice Department, the Commerce Department and NASA -- to get approval from law enforcement officials before purchasing IT systems sourced from companies having connections with China.
Although President Obama signed the appropriations bill containing the provision, White House spokesperson Caitlin Hayden last week told The Hill that the administration intended to work with Congress to revise it, as it could be highly disruptive in its present form.
Rep. Frank Wolf, R-Va., who chairs the House Commerce, Justice and Science subcommittee, expressed concern last October that Chinese telecommunications companies, including Huawei and ZTE, had close relationships with the Chinese Peoples' Liberation Army.
He included language in the fiscal year 2013 appropriations bill prohibiting the purchase of telecom equipment produced by Chinese state-owned or state-directed companies.
Wolf declined to comment for this story.
While noting that national security remains critical, the U.S.-China Business Council's Frisbie stressed that it should not be used as a means of protectionism and called upon leaders of both parties to block similar measures in the future.
The move has also created concern that Chinese officials might respond in kind and could harm U.S. interests.
"The U.S.-China Business Council (USCBC) is working to ensure that government decisions, both in Beijing and Washington, are not politicized," said Marc A. Ross, spokesperson for the group.
"Government reviews from both countries and subsequent decision making in areas such as investment security reviews, government procurement decisions, and trade remedies such as anti-dumping and countervailing duties cases must be fact-based," he noted, as well as "shielded from political pressures, and non-retaliatory."
The U.S.-China business Council is not the first to argue for reconsideration of the new law. A number of organizations -- including the Information Technology Industry Association, the Business Software Alliance and Tech America -- aired their concerns in a letter to Congress last week.
The ostensible purpose of the law was to provide greater security for U.S. interests following Chinese cyberattacks, and this included a new review process for U.S. government technology purchases. Section 516 of the Consolidated and Further Continuing Appropriations Act was added to the funding bill signed into law last month by President Barack Obama.
The measure in essence requires certain government agencies to get approval from law enforcement officials when buying new information technology systems produced, manufactured, assembled or containing parts from China, or made by a firm owned, directed or subsidized by China.
"Any product that is touched by the Chinese in anyway has to undergo an assessment by the FBI," said Trey Hodgkins, senior vice president for global public sector government affairs at TechAmerica.
This would likely create a slowdown in the approval process, as it could be difficult to track many products -- which likely have components from multiple factories -- in order to ensure compliance.
"Most companies don't know which factory produced an individual semiconductor or microchip," Hodgkins told the E-Commerce Times. "That information isn't generally made available. To even try to comply is very challenging and this simply doesn't fit with most current business models."
Effects on Competition
Critics of the law contend not only that it is unnecessary and actually discriminates against Chinese firms, but also that it could lull the U.S. into a false sense of security. Moreover, it could seriously impact competition in the IT sector.
"This law does not help American security or competitiveness," said Jon Lindsay of the University of California Institute on Global Conflict and Cooperation. "This will be perceived as protectionism by China, which will likely retaliate with their own security provisions on U.S. technology, which will harm market access."
"China already has instituted technical barriers to trade in the name of security, which are more likely motivated by their policy of indigenous innovation," Lindsay told the E-Commerce Times.
Winners and Losers
While this law came about due to concerns over security threats posed by China, it isn't clear that this measure could actually stop any threats -- or that it would not have a negative impact on technological advancement.
"Given the incredible complexity of the IT supply chain and the cybersecurity environment in which it operates, the reliability of IT components has far less to do with where they are manufactured than how they are actually designed and integrated into the system an organization uses," said Lindsay. "This ill-considered and poorly debated measure could even have the consequence of making it harder for U.S. government organizations to acquire the most cutting-edge security tools."
The question is exactly who wins and who loses with this law in place?
"There are no winners," said Hodgkins.
"There are losers on the industry side because they can't sell their products to the government, and the government loses because this is causing a considerable review process," he pointed out.
"The compliance system is unique in the government sector, and they can't get the products as fast as they need them," Hodgkins added. "Some products may no longer even be available for government acquisition."