Proposed Rule2023-04608
Protecting Against National Security Threats to the Communications Supply Chain Through the Equipment Authorization Program and the Competitive Bidding Program
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
March 8, 2023
Issuing agencies
Federal Communications Commission
Abstract
In this document, the Commission seeks further comment on potential additional revisions to the rules and procedures associated with prohibiting the authorization of "covered" equipment in the Commission's equipment authorization program. The Commission also invites additional comment on proposed rule revisions to the Commission's competitive bidding program.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 45 (Wednesday, March 8, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 45 (Wednesday, March 8, 2023)]
[Proposed Rules]
[Pages 14312-14322]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-04608]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Part 2
[ET Docket No. 21-232, EA Docket No. 21-233; FCC 22-84; FR ID 129145]
Protecting Against National Security Threats to the
Communications Supply Chain Through the Equipment Authorization Program
and the Competitive Bidding Program
AGENCY: Federal Communications Commission.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: In this document, the Commission seeks further comment on
potential additional revisions to the rules and procedures associated
with prohibiting the authorization of ``covered'' equipment in the
Commission's equipment authorization program. The Commission also
invites additional comment on proposed rule revisions to the
Commission's competitive bidding program.
DATES: Comments are due April 7, 2023. Reply comments are due May 8,
2023. All filings must refer to ET Docket No. 21-232 or EA Docket No.
21-233.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's
Further Notice of Proposed Rulemaking (Further Notice or FNPRM), ET
Docket No. 21-232, EA Docket No. 21-233, FCC 22-84, adopted November
11, 2022, and released November 25, 2022. The full text of the Further
Notice is available by downloading the text from the Commission's
website at: <a href="https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat">https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat</a>. When the FCC Headquarters
reopens to the public, the full text of this document will also be
available for public inspection and copying during regular business
hours in the FCC Reference Center, 45 L Street NE, Washington, DC
20554. Alternative formats are available for people with disabilities
(braille, large print, electronic files, audio format), by sending an
email to <a href="/cdn-cgi/l/email-protection#74121717414440341217175a131b02"><span class="__cf_email__" data-cfemail="274144441217136741444409404851">[email protected]</span></a> or calling the Consumer and Governmental
Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (TTY).
Paperwork Reduction Act. This document does not contain proposed
information collection(s) subject to the Paperwork Reduction Act of
1995 (PRA), Public Law 104-13. In addition, therefore, it does not
contain any new or modified information collection burden for small
business concerns with fewer than 25 employees, pursuant to the Small
Business Paperwork Relief Act of 2002, Public Law 107-198, see 44
U.S.C. 3506(c)(4).
Initial Regulatory Flexibility Analysis. As required by the RFA,
the Commission has prepared an Initial Regulatory Flexibility Analysis
(IRFA) of the possible significant economic impact on a substantial
number of small entities of the proposals addressed in this FNPRM. The
full IRFA is found in Appendix C at <a href="https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat">https://www.fcc.gov/document/fcc-bans-authorizations-devices-pose-national-security-threat</a>.. Written
public comments are requested on the IRFA. These comments must be filed
in accordance with the same filing deadlines for comments on the FNPRM,
and they should have a separate and distinct heading designating them
as responses to the IRFA. The Commission's Consumer and Governmental
Affairs Bureau, Reference Information Center, will send a copy of
[[Page 14313]]
this FNPRM, including the IRFA, to the Chief Counsel for Advocacy of
the Small Business Administration, in accordance with the RFA.
Filing Requirements.
<bullet> Electronic Filers: Comments may be filed electronically
using the internet by accessing the Commission's Electronic Comment
Filing System (ECFS), <a href="http://apps.fcc.gov/ecfs/">http://apps.fcc.gov/ecfs/</a>. See Electronic Filing
of Documents in Rulemaking Proceedings, 63 FR 24121 (1998).
<bullet> Paper Filers: Parties who choose to file by paper must
file an original and one copy of each filing.
[cir] Filings can be sent by commercial overnight courier, or by
first-class or overnight U.S. Postal Service mail. All filings must be
addressed to the Commission's Secretary, Office of the Secretary,
Federal Communications Commission.
[cir] Commercial overnight mail (other than U.S. Postal Service
Express Mail and Priority Mail) must be sent to 9050 Junction Drive,
Annapolis Junction, MD 20701.
[cir] U.S. Postal Service first-class, Express, and Priority mail
must be addressed to 45 L Street NE, Washington, DC 20554.
<bullet> Effective March 19, 2020, and until further notice, the
Commission no longer accepts any hand or messenger delivered filings.
This is a temporary measure taken to help protect the health and safety
of individuals, and to mitigate the transmission of COVID-19. See FCC
Announces Closure of FCC Headquarters Open Window and Change in Hand-
Delivery Policy, Public Notice, DA 20-304 (March 19, 2020). <a href="https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy">https://www.fcc.gov/document/fcc-closes-headquarters-open-window-and-changes-hand-delivery-policy</a>.
Ex Parte Rules--Permit but Disclose. Pursuant to section 1.1200(a)
of the Commission's rules, this Further Notice of Proposed Rulemaking
shall be treated as a ``permit-but-disclose'' proceeding in accordance
with the Commission's ex parte rules. Persons making ex parte
presentations must file a copy of any written presentation or a
memorandum summarizing any oral presentation within two business days
after the presentation (unless a different deadline applicable to the
Sunshine period applies). Persons making oral ex parte presentations
are reminded that memoranda summarizing the presentation must (1) list
all persons attending or otherwise participating in the meeting at
which the ex parte presentation was made, and (2) summarize all data
presented and arguments made during the presentation. If the
presentation consisted in whole or in part of the presentation of data
or arguments already reflected in the presenter's written comments,
memoranda, or other filings in the proceeding, the presenter may
provide citations to such data or arguments in his or her prior
comments, memoranda, or other filings (specifying the relevant page
and/or paragraph numbers where such data or arguments can be found) in
lieu of summarizing them in the memorandum. Documents shown or given to
Commission staff during ex parte meetings are deemed to be written ex
parte presentations and must be filed consistent with rule 1.1206(b).
In proceedings governed by rule 1.49(f) or for which the Commission has
made available a method of electronic filing, written ex parte
presentations and memoranda summarizing oral ex parte presentations,
and all attachments thereto, must be filed through the electronic
comment filing system available for that proceeding, and must be filed
in their native format (e.g., .doc, .xml, .ppt, searchable .pdf).
Participants in this proceeding should familiarize themselves with the
Commission's ex parte rules.
FOR FURTHER INFORMATION CONTACT: Jamie Coleman, Office of Engineering
and Technology, 202-418-2705, <a href="/cdn-cgi/l/email-protection#155f74787c703b567a797078747b557376763b727a63"><span class="__cf_email__" data-cfemail="e7ad868a8e82c9a4888b828a8689a7818484c9808891">[email protected]</span></a>.
Synopsis
Further Notice on Part 2 Equipment Authorization
In this Further Notice of Proposed Rulemaking (Further Notice or
FNPRM), the Commission seeks further comment on some of the issues the
Commission raised in the Notice of Proposed Rulemaking of ET Docket No.
21-232 and EA Docket No. 21-233 (NPRM) (86 FR 4664) regarding revisions
to the part 2 equipment authorization rules to prohibit authorization
of equipment that has been determined to pose an unacceptable risk to
national security. The Commission also invites comment on additional
issues that have been raised with the establishment of the Commission's
revised rules and approach in the Report and Order of this proceeding
88 FR 7592. The Commission encourages commenters and other interested
parties to submit further comments on these or other issues related to
revisions to the equipment authorization process to address the
prohibition on authorization of equipment on the Covered List.
Component Parts
In the Report and Order, the Commission adopted requirements for
applicants for equipment certification and responsible parties
authorizing equipment via the Supplier's Declaration of Conformity
(SDoC) process to make attestations that the equipment for which
authorization is sought is not ``covered'' equipment. The Commission is
not, however, requiring at this time that these attestations address
the individual component part(s) contained within the subject
equipment. As discussed in the Report and Order, several commenters
raised various concerns regarding potential practical complications and
difficulties that could result from inclusion of component parts within
the scope of the prohibition. In this Further Notice, the Commission
seeks to address these concerns as the Commission further considers
issues concerning component parts with regard to prohibitions on
authorization of ``covered'' equipment.
In seeking comment on component parts, the Commission notes at the
outset that it believes that certain component parts produced by
entities identified on the Covered List, if included in finished
products, could potentially pose an unacceptable national security
risk, similar to the security risk posed by the ``covered'' equipment
that the Commission is now prohibiting from authorization. Similarly,
Congress, in establishing the Reimbursement Program under the Secure
Networks Act, shared the same concerns. It required that Huawei
Technologies Company (Huawei) and ZTE Corporation (ZTE) equipment be
destroyed as part of the rip and replace process, indicating that even
components of untrusted and insecure equipment could pose a danger to
the United States. In the Reimbursement Program, consistent with
Congressional guidance, the Commission required that categories of
equipment that include components that process data be destroyed so
they do not get reused and continue to pose a risk. Given the challenge
to protect against component parts that pose the same risk as covered
equipment, the Commission endeavors to ensure that equipment that
includes component parts that pose an unacceptable risk to national
security also be prohibited from authorization. In this Further Notice,
the Commission seeks comment to help identify such component parts and
to consider how the Commission might best ensure prohibiting
authorization of equipment that includes such components. In
particular, the Commission seeks comment on whether and how individual
component parts may need to be factored into decisions regarding
authorizing equipment. This raises
[[Page 14314]]
several issues that need to be more carefully evaluated to determine
whether equipment with certain component parts should be considered
``covered'' equipment and thus prohibited from authorization. The
Commission also recognizes that one complication is that many part 2
equipment authorization rules and part 15 rules reference
``components,'' but they do so in a variety of different contexts, and
there is no single or consistent meaning of the term in the
Commission's rules.
The Commission seeks comment about the extent to which component
parts should be considered as the Commission implements its prohibition
on ``covered'' equipment in its equipment authorization program. As the
Commission considers how component parts should be treated in this
process, the Commission notes that establishing a prohibition that
includes considering component parts could require changes to the
Commission's existing equipment authorization application process,
which does not currently capture detailed information about the source
of components that make up such equipment. As this proceeding examines
the equipment authorization process, which is the gateway for equipment
entering the U.S. marketplace with potential to ultimately become part
of a telecommunication system or network, the Commission believes it is
within the purview of the statute and the Commission's duty to address
all equipment on the Covered List, including component parts of devices
where the inclusion of such component parts would render the equipment
``covered.'' The Commission seeks comment on this view.
In seeking comment on how the Commission should address component
parts with respect to the prohibition on authorization of ``covered''
equipment, the Commission also invites comment on how best to address
the concerns previously raised by commenters regarding component parts.
These concerns include what the Commission would consider to be
component parts for purposes of implementing any potential prohibition
on equipment authorizations that include such parts, including the
extent to which only some types of component parts, or all such parts,
should be considered. The Commission also seeks comment on practical
considerations that would be involved with extending the prohibition to
include component parts, including the requirements placed on
applicants for equipment authorizations to identify any particular
components.
As discussed above, in implementing the Secure Networks Act with
regard to the Reimbursement Program, the Commission determined that
categories of equipment that include components that process and retain
data, or that process data, be destroyed so they do not get reused and
continue to pose a risk. As the Commission considers how to address
components in this proceeding, the Commission seeks comment on whether
the Commission should attempt to identify ranges of components based on
their risk assessment. For example, similar to the Reimbursement
Program, does equipment that includes components that process and
retain data, or that even process data, produced by entities identified
on the Covered List, pose too much of a risk to the United States and
its people to be authorized?
In proposing to include component parts within the scope of
``covered'' equipment in the NPRM, the Commission did not define the
term and referred to both ``components'' and ``component parts.'' To
ensure that equipment manufacturers, importers, assemblers, FCC-
recognized Telecommunications Certification Bodies (TCBs), and other
parties associated with the Commission's equipment authorization
program are clear as to what equipment may be impacted by a prohibition
on component parts from entities on the Covered List, the Commission
would need to first develop and provide guidance on what component
parts would need to be considered.
At a high level, the Commission notes that it permits modules as
well as composite systems (or devices) to obtain equipment
certification. A module generally consists of a completely self-
contained transmitter that is missing only an input signal and power
source to make it functional. Modules are designed to be incorporated
into another device such as a personal computer. The advantage of using
modules is that a transmitter with a modular grant can be installed in
different end-user products (or hosts) by the grantee or other
equipment manufacturer without the need for additional testing or a new
equipment authorization for the transmitter. A composite system
incorporates different devices contained within a single enclosure or
in separate enclosures connected by wire or cable. A single equipment
authorization application may be filed for a composite system that
incorporates devices (including modules) subject to certification under
multiple rule parts. Commission rules are flexible regarding the types
of equipment that can be certified as modules and then incorporated
into another device with no further action from the Commission and
composite systems that could contain components (in this case a
device). Telecommunications equipment or video surveillance equipment
could contain one or more modules or could be assembled as a composite
system and contain equipment produced by any of the entities (or their
respective subsidiaries or affiliates) specified on the Covered List.
To ensure compliance with the prohibition on authorization of
equipment identified on the Covered List, the Commission seeks comment
on whether it should require that applicants or responsible parties, as
applicable, obtain a separate equipment certification for any device
that contains a module produced by any of the entities (or their
respective subsidiaries or affiliates) specified on the Covered List.
If the Commission were to adopt such a requirement, the Commission
seeks comment as to how it should be applied. Should the Commission
require that devices that incorporate previously-certified modules
produced by any of the entities (or their subsidiaries or affiliates)
on the Covered List would need to obtain a separate equipment
authorization and certify that the device is not ``covered'' equipment?
The Commission seeks comment on this view. Would such actions be
sufficient to ensure against the availability of equipment containing
modules that could present a security risk? Would a policy of requiring
certain devices containing modules to go through the certification
process and the associated attestation requirement adopted in the
Report and Order, strike the right balance between providing the same
flexibility for delivering products to the American public as is
available today for most devices containing modules, while adding
additional oversight on devices that could potentially be a security
risk? What additional costs in terms of time or money would such a
policy impose on device developers? What other approaches could be used
to ensure devices containing modules do not cause a security risk to
the United States and its citizens?
Similarly, because a composite system could be assembled by a third
party and incorporate multiple devices including devices produced by
any of the entities (or their respective subsidiaries or affiliates)
specified on the Covered List, the Commission seeks comment on how to
treat composite systems. First, recognizing that a composite system
could contain only already-certified
[[Page 14315]]
modules, the Commission seeks comment on treating them in the same
manner described above for modules. That is, if any module in such a
device is produced by any of the entities (or their respective
subsidiaries or affiliates) specified on the Covered List, that device
would be required to obtain a separate certification (including the
attestation requirement adopted in the Report and Order stating that
the composite system does not contain any ``covered'' equipment). The
Commission seeks comment on this approach. Second, in cases where a
composite system contains only devices that on their own would require
certification or a mix of such devices and already approved modules,
the Commission notes that the rules already required such devices to
obtain a separate certification. Because such devices can be assembled
by parties other than the original device manufacturer, the Commission
seeks comment on requiring the attestation the Commission adopted in
the Report and Order to affirmatively state that none of the devices
that comprise the composite system are on the Covered List. The
Commission does not believe such a requirement would impose any cost or
undue burden on equipment certification applicants as such a
requirement would be consistent with the requirements adopted in the
Report and Order. The Commission seeks comment on this approach. The
Commission also seeks comment on other approaches to dealing with
composite systems in the certification process to ensure that such
devices do not pose a security risk to the United States and its
citizens.
The Commission also seeks comment on other broad approaches that
could appropriately address concerns about component parts in the
Commission's equipment authorization program. For instance, if
equipment includes any component parts that could be authorized on a
standalone basis, and such a component on its own would be considered
``covered'' equipment prohibited from authorization, then the equipment
would be deemed ``covered'' equipment and thus prohibited from
obtaining an equipment authorization. In addition, the Commission notes
that if any determinations about ``covered'' equipment made by any
enumerated source pursuant to the Secure Networks Act includes
component parts, then this too would mean that equipment that includes
such component parts would be ``covered'' equipment for purposes of the
Commission's prohibition. The Commission seeks comment on this as well.
The Commission believes that dealing with component parts as
described above is relatively straightforward. However, focusing on
component parts at a more granular level, i.e., looking at all of the
individual component parts that might be used to assemble a final
device, would be more complicated. In the record of the NPRM, several
commenters contend that, for purposes of prohibiting authorization of
``covered'' equipment, many component parts would not raise security
concerns. The Commission invites comment, including specific comment on
whether certain types of component parts potentially raise such a
concern, while others do not. For example, do passive electronic
components such as resistors, diodes, inductors, etc., pose a security
risk by themselves? Do random access memory (RAM) chips, whose stored
data is lost once power is disconnected or turned off, or components
that comprise the bus, whose function is solely to link input and
output ports, pose any security risk? Should the Commission focus
instead on those components that have the ability to examine data
traffic and route such traffic or provide the instructions to do so, or
might otherwise pose an unacceptable risk to national security? The
Commission includes here read only memory (ROM), flash memory, the
central processing unit (CPU) or any other processor within the device,
and the input and output ports (as they may be able to carry out
routing functions). Should the Commission be concerned about
semiconductors? Do commenters think that the Commission should consider
rules regarding other component parts and if so, what rules would be
appropriate? Should the Commission here be guided by the Reimbursement
Program and, rather than try to identify every type of component,
simply prohibit authorization of components that process and/or retain
data? Notwithstanding any specific method of addressing these component
parts within the equipment authorization process as described below,
the Commission seeks comment on any overall approach to separating out
component parts of interest that could pose a security risk versus
component parts that do not. Does equipment need to be examined down to
this level to ensure compliance with the prohibition on authorization
of communications equipment that poses an unacceptable risk to national
security under the Secure Networks Act? Should equipment that contains
certain component parts produced by any of the entities listed on the
Covered List be considered ``covered''? If the Commission were to adopt
rules to address component parts, what types of components may need to
be considered as posing an unacceptable security risk? Commenters also
should explain the reasons that particular component(s) would create an
unacceptable risk. For example, should such components be limited to
only those able to examine and route data or execute certain functions
on an incoming or outgoing data stream? Would the Commission need to
specifically define the components of interest in its rules or would a
descriptive statement suffice? For example, would it be sufficient to
specify that any component part within a device that is capable of
examining an incoming or outgoing data stream and performing routing
functions would fall under the umbrella of component parts of interest
within the equipment?
In addition to categorizing the component parts that may be of
interest when determining whether certain equipment should be
considered covered equipment, the Commission seeks comment on how any
identified component parts would be addressed in the equipment
authorization process, both for certified devices and devices
authorized through the SDoC process. Because parties seeking an
equipment authorization must attest that the equipment in question is
not ``covered'' equipment, how would a manufacturer, assembler, or
other entity ascertain whether the components in question could result
in their intended end product being ``covered'' equipment? Could an
end-product produced or assembled by an entity not identified on the
Covered List become ``covered'' equipment if it includes certain
components produced by any entity identified on the Covered List?
Should entities producing or assembling end products themselves obtain
statements from their suppliers that certain components within any
products obtained for inclusion in a Commission-regulated end product
for the U.S. market do not contain components that are covered
equipment or that could result in a device being classified as
``covered'' equipment? If so, should such statements be required to be
provided in the authorization process, and/or available to the
Commission upon request? What criteria could be used to decide when
such equipment should be considered ``covered'' equipment? Are there
objective standards for determining when a final
[[Page 14316]]
product produced by an entity not identified on the Covered List that
contains at least one component part produced by an entity named on the
Covered List (or any of its affiliates or subsidiaries) is considered
to be ``covered'' equipment? To what extent must the applicant for
equipment certification be responsible for knowing whether any
component part of its equipment was produced by any entity identified
on the Covered List?
Elsewhere within the federal government, pursuant to E.O. 13873,
efforts are underway to address the national security risks stemming
from vulnerabilities in information and communications technology (ICT)
hardware, software, and services. Among these efforts, the
Cybersecurity & Infrastructure Security Agency (CISA) established the
ICT supply chain risk management (SCRM) Task Force, which is working on
developing a taxonomy of a ``hardware bill of materials'' that can be
used when procuring ICT products (e.g., an inventory of elements that
makes up a particular piece of equipment) as well as a ``software bill
of materials.'' The Task Force's efforts potentially could provide
guidance and certainty in the equipment authorization process as to
whether a piece of equipment complies with the Commission's rules.
Should the Commission work with this Task Force to identify potential
solutions to the lack of awareness of equipment components? How should
this Task Force inform the Commission's potential treatment of
component parts in its equipment authorization process? Should the
Commission consider an applicant's exercise of reasonable diligence in
seeking to determine whether the equipment includes a component part
that potentially raises national security concerns be sufficient for
purposes of its attestation about whether the equipment is ``covered''?
What other steps could an applicant take to ensure that all component
parts comply with the Commission's rules? What specific attestation
should the Commission require? Would an attestation that the device is
not ``covered'' equipment be sufficient, and should the attestation
include more specific information about component parts? What
additional information should an entity provide to a TCB along with the
application for certification or retain with records for SDoC
authorizations? How can the Commission ensure that any action on
components that it takes falls within the whole-of-government approach
toward network and United States security?
The Commission seeks comment on each of these questions, and also
on the overarching questions of the impact on both equipment security
and the economy of considering component parts in the Commission's
analysis of ``covered'' equipment. Specifically, the Commission seeks
comment and data on the quantity and market share of entities on the
Covered List in supplying modules or other devices for products
intended for sale in the U.S. market, including composite devices as
well as component parts as described above. The Commission further
seeks comment, and encourages commenters to provide data, on the
availability and costs of substitute modules, devices, and component
parts from suppliers that are not identified on the Covered List, as
well as the average lifespan/product cycle of affected final products.
In the case that a component part may be identified as ``covered''
equipment, the Commission seeks comment on the feasibility and costs of
replacing such component part. Would taking account of component parts
broadly to include modules, devices, and the building block parts that
make up a device produce an overall net positive benefit, taking into
account both equipment security and economic impact? Is there a
particular approach to identifying component parts that would maximize
net benefits, such as focusing only on those component parts or type of
parts that have been determined as posing an unacceptable risk to
national security or the security and safety of U.S. persons?
Revocation of Existing Equipment Authorizations Involving ``Covered''
Equipment
In the NPRM, the Commission sought comment on the extent to which
the Commission should revoke any existing equipment authorization if it
adopted rules to prohibit future authorization of ``covered''
equipment. In the Report and Order, the Commission concluded that it
has the existing authority to revoke such authorizations, including
those granted prior to adoption of the Report and Order. With regard to
revocation of any existing authorizations of ``covered'' equipment, in
the NPRM the Commission did not propose to revoke any existing
authorizations (and does not do so in this Report and Order), but
instead sought comment on whether there are particular circumstances
that would merit revocation of specific equipment, and if so, the
procedures that should apply (including possible revisions to those
procedures).
In the NPRM, the Commission sought comment on what particular
circumstances would merit Commission action to revoke any existing
authorization of ``covered'' equipment. To the extent revocation of any
``covered'' equipment might be appropriate, the Commission inquired
about whether there was some process in which the Commission should
engage to help identify particular equipment that should be considered
for revocation. The Commission recognized that, in many situations, the
revocation of any particular equipment might benefit from an
appropriate and reasonable transition period for removing the
equipment, but also sought comment on whether any situations might
merit immediate compliance with a revocation. Further, the Commission
sought comment on appropriate enforcement policies that should be
associated with any revocation, including whether any monetary
penalties should be considered. The Commission also inquired whether
any educational or outreach efforts should be undertaken in the event
of any equipment revocation. In addition, the Commission also asked
about the specific procedures that the Commission should use if it were
to seek to revoke any existing authorization of ``covered'' equipment.
In particular, it noted that the existing procedures for revocation of
equipment authorizations, as set forth in section 2.939(b), are the
same procedures as for revocation of radio station licenses, which
include several involved steps and procedures (e.g., Commission order
to show cause, and opportunity for a hearing). The Commission sought
comment on whether these extensive procedures would be appropriate
considering that ``covered'' equipment has been determined to pose an
unacceptable risk to national security.
As the Commission noted in the Report and Order, commenters raised
a range of concerns about whether the Commission should revoke any
existing authorizations of ``covered'' equipment, and the Commission
seeks further comment here on the issues the Commission raised in the
NPRM on this topic. The Commission's further consideration here also
complies with the Secure Equipment Act, in which Congress recognized
the Commission's authority to examine the necessity for review and
possible revocation of previously existing equipment authorizations
and/or to consider the Commission's rules providing for possible
revocation of previously granted equipment authorizations. The
Commission uses this Further Notice to further explore the issues
concerning equipment authorization revocation
[[Page 14317]]
with respect to ``covered'' equipment authorized prior to the
Commission's adoption of a prohibition on authorization of such
equipment, and to expand the record on this topic, particularly in
light of the actions taken and guidance provided in the Report and
Order.
Scope of revocation. In the NPRM, the Commission sought comment on
whether, following adoption of the rules in the Report and Order, it
should consider revoking any existing authorizations involving
``covered'' equipment. Many commenters generally oppose action by the
Commission to revoke existing authorizations of ``covered'' equipment,
however worthy the security goal, expressing various concerns such as
the potential for adverse impact to consumers and the supply chain.
Others advocated that the Commission should revoke authorizations if
the equipment would now be considered ``covered'' equipment. The
Commission seeks comment on the scope of possible revocation of
existing authorizations that it should consider, and whether there
might be situations that would warrant revocation in certain
circumstances.
Identification of devices that possibly should be revoked. In
considering whether any existing equipment authorizations of
``covered'' equipment should be revoked, the Commission in the NPRM
sought comment on whether there should be some process in which the
Commission should engage to identify particular equipment
authorizations that should be considered for revocation. It invited
commenters to suggest such a process. The Commission also asked whether
it should rely on outside parties' reports in its considerations. The
Commission recognized the need to avoid taking any actions that would
be overbroad in terms of affecting users of the previously-authorized
equipment or would require removal of this equipment faster than it
reasonably can be replaced.
The Commission now seeks further comment on whether there should be
some process for identifying particular ``covered'' equipment whose
authorization should be revoked because its continued authorization
poses an unacceptable risk to national security. The Commission notes
that it previously has authorized equipment produced by the companies
producing equipment on the current Covered List, and the Commission
anticipates that additional equipment produced by other companies may
be determined to pose an unacceptable risk to national security and
added to the Covered List as that list is updated in the future. How
might the Commission or others identify existing authorizations among
these if considering whether some of this equipment might merit
revocation? Are there any specific cases of equipment that might merit
immediate revocation? To what extent should the risk of such equipment
to national security be considered, and how could such risk be
evaluated? What are the benefits of eliminating this risk and the
associated costs of revoking equipment necessary to eliminate this
risk? The Commission concludes that it has the authority, as affirmed
by Congress in the Secure Equipment Act, to consider the necessity to
review or revoke an existing authorization of ``covered'' equipment
approved prior to adoption of the Report and Order, and that it has
such authority to consider such action without considering additional
rules providing for any such review or revocation of existing
authorizations. Considering the potential risk to national security
concern, should the Commission consider revoking all authorizations of
``covered'' equipment, and if so how would such a potential revocation
be implemented given the wide variety of existing authorizations? Also,
to what extent should revocation of any particular equipment depend on
establishment of a reimbursement program?
Considerations related to revocation of existing authorizations. In
the event the Commission conclude that revocation of an equipment
authorization may be appropriate, the Commission notes that such
revocation might take different shapes. For instance, the revocation
potentially could go so far as to involve not only prohibiting the
future manufacture, importation, marketing, and sale of specified
devices, but also requiring that the equipment no longer be used. On
the other hand, the revocation of an existing authorization could
conceivably be partial and limited, such as a revocation of an existing
authorization that could, at some time in the future, preclude further
importation, marketing, or sale of the affected equipment.
The Commission sought comment in the NPRM on the appropriate and
reasonable transition period that may be necessary if the Commission
decides to revoke an existing authorization. The Commission now
requests additional comment on determining an appropriate transition
period and whether and how that might depend on the scope of the
revocation and the particular equipment involved. Should the Commission
provide a suitable amortization period for equipment already in the
hands of users? To what extent might the expected life-cycle of the
equipment be taken into account? Pursuant to section 2.939(c), which
provides for the revocation of any equipment authorization in the event
of changes in its technical standards, the Commission previously sought
comment on the provision of a suitable amortization period for
equipment already in the hands of users or in the manufacturing
process, and invites further comment here.
The Commission also seeks comment on the extent to which issues
related to the supply chain and consumer-related concerns might figure
in the Commission's considerations. How might the Commission evaluate
supply chain issues in its consideration of whether to revoke an
existing authorization, and what information and data (e.g., number of
devices, market share, substitutes, and prices) might be useful to such
a consideration?
How should consumer-related concerns be factored in? In its
comments on the NPRM, CTIA raises concerns relating to consumers. CTIA
states that revoking existing authorizations for consumer products
without a mechanism for removing them from the market would create
significant confusion for consumers and could pass significant costs on
to consumers who would presumably be placed in the difficult position
of needing to replace newly-unauthorized devices. CTIA further argues
that building a mechanism to remove retroactively de-authorized devices
from the market would be complex and would need to consider how
consumers would be made aware of the need to replace devices.
As noted above, there could be more than one type of revocation of
existing equipment authorizations. Many commenters express concerns in
the event the Commission revoked an existing authorization and required
users to stop using that equipment. The Commission also might consider
a kind of partial revocation of an existing authorization, such as in
the case in which, at some specified date in the future, the
importation, sale, or marketing of equipment that had previously been
authorized could be prohibited. Such an action could eliminate any
costs on users that would be associated with a requirement that
existing equipment be replaced, while also promoting national security
by preventing further purchasing and use of ``covered'' equipment that
has been determined to pose an unacceptable risk
[[Page 14318]]
to national security. The Commission seeks comment on the market impact
of various types of revocation mentioned above, including estimates of
the impact on costs and availability of equipment. The Commission also
seeks comment on how the transition period for any such revocation
affect the costs of revocation and availability of equipment.
To what extent should the time at which the equipment authorization
was initially granted be a factor? For instance, in its comments on the
NPRM, IPVM contends that, to the extent that some equipment that could
no longer be authorized under the rules and procedures adopted in the
Report and Order may only recently have been authorized (such as in the
months immediately before adoption of the new rules), it would be
reasonable for the Commission to revoke such authorizations; IPVM notes
that in these cases revocation of the equipment would have minimal
impact on American end-users because most of these products have not
yet been widely sold or installed. The Commission seeks comment,
including on the extent to which ``covered'' equipment has been
authorized recently (e.g., after issuance of the NPRM, or at any time
before the effective date of the rules adopted in the Report and Order.
Alternatively, to the extent that the equipment was authorized many
years ago and has surpassed its expected life-cycle, might that be more
reasonable grounds for the Commission to revoke the authorization?
Also, the Commission notes that there might be other alternatives
to that of requiring complete revocation of an authorization. For
instance, might there be measures, such as requiring the particular
components of equipment be replaced or certain security patches be
implemented, that might avoid the need to replace equipment that had
been previously authorized? If so, how would such an approach be
implemented? Should the estimated costs associated with these
alternative measures be taken into account? If so, the Commission seeks
comment and quantitative data associated with the costs of the
alternative measures. Finally, the Commission requests any additional
thoughts on other considerations that the Commission should take into
account with regard to potential revocation of particular existing
authorizations.
Procedures for revocation. In the NPRM, the Commission asked
whether the Commission should revise or clarify the existing processes
for revocation set forth in section 2.939(b) with regard to existing
authorizations of ``covered'' equipment, given that the equipment has
been determined to pose an unacceptable risk to national security.
Under section 2.939(b), the procedures for revoking an equipment
authorization are the same procedures as revoking a radio station
license under section 312 of the Communications Act. Section 2.939(b)
requires that revocation of an equipment authorization must be made in
the ``same manner as revocation of radio station licenses,'' and thus
generally would include the requirement that the Commission serves the
grantee/responsible party with an order to show cause why revocation
should not be issued and must provide that party with an opportunity
for a hearing. As discussed in the Report and Order, however, applying
section 312's procedures to revocation of equipment authorizations is
not statutorily required.
In its comments on the NPRM, Hytera recommends that, if the
Commission pursues revocation of existing authorizations, it should
provide full and complete due process protections for the holders of
the authorizations as spelled out in section 2.939(b). The Commission
notes that Huawei, Dahua, and Hikvision also object to any revocation
of existing equipment authorizations premised on potential
constitutional claims related to due process. In considering the
serious concerns surrounding equipment on the Covered List, the
Commission seeks additional comment on the potential for expedited or
otherwise different procedures for revocation of ``covered'' equipment.
The Commission seeks comment on the necessity for section 312
procedures, which apply to the revocation of a ``station license or
construction permit'' as defined in the Act, to apply with respect to
revocation of any existing ``covered'' equipment. Should the process
the Commission adopts in new rule 2.939(d) apply more broadly to
existing equipment authorization revocations? The Commission also seeks
comment on the scope of any due process or other constitutional
requirements for such revocation procedures.
Enforcement. In the NPRM, the Commission sought comment on
enforcement issues that could arise if the Commission revoked equipment
authorizations. It noted that, pursuant to section 503(b)(5) of the
Act, the Commission must first issue citations against non-regulatees
for violations of FCC rules before proposing any monetary penalties.
Such citations ``provide notice to parties that one or more actions
violate the Act and/or the FCC's rules--and that they could face a
monetary forfeiture if the conduct continues.'' In contrast, pursuant
to section 503(b)(1)(A) of the Act, the Commission may assess a
monetary forfeiture against grantees for violations of the Commission's
rules without first issuing a citation. Therefore, the Commission may
take enforcement action against a grantee who continues to market
equipment after the authorization for that equipment has been revoked.
The Commission also notes that third party suppliers, importers,
retailers, and end users (i.e., non-regulatees), who are not Commission
regulatees, may not be aware that they are subject to Commission rules.
Similarly, such non-regulatees may not be aware when equipment they
market or use has been revoked by the Commission.
The Commission seeks comment on the best enforcement mechanisms the
Commission should employ to swiftly curb the potential for post-
revocation equipment marketing or use by such parties. Are there
obligations that could be imposed on grantees or responsible parties
that would help alleviate these concerns? The Commission also seeks
comment on how it might revise its rules or work with federal partners
and the communications industry to address existing ``covered''
equipment that may be in the marketplace post-revocation without
adversely affecting consumers and others downstream in the supply
chain. The Commission seeks further comment on these issues, as well as
any comment that could help the Commission enforce the requirements
imposed following revocation, such as an appropriate enforcement policy
for the continued marketing, sale, or operation of equipment if the
revocation involves a transition period.
Other revisions. The Commission again requests comment on whether
it should make any other revisions to section 2.939 that would address
revocation of ``covered'' equipment. Should specific provisions be
included that focus on revocation of equipment that involve the types
of equipment prohibited based on an unacceptable risk to national
security? Do these concerns merit particular procedures commensurate
with the risk to national security? If so, the Commission asks that
commenters provide details and explain the rationale with the
suggestions.
Outreach. In the NPRM, the Commission asked about whether it should
undertake any educational and outreach efforts to inform the public
regarding any revocations of ``covered'' equipment that may be made,
such as regarding the legal effect of revocations. The Commission did
not receive any
[[Page 14319]]
comments on this particular question and again invites comment on this
issue.
Supply Chain Considerations
In commenting on the proposals in the NPRM, some commenters ask
whether, in the event that there are additions of ``covered'' equipment
to the Covered List, the Commission should consider the potential
impact of certain prohibitions where immediate implementation of a
prohibition could result in supply chain problems. For instance, Drone
Deploy expresses concerns that certain equipment used by U.S.
businesses may be produced by only a few suppliers, and that in the
event that equipment from such suppliers is placed on the Covered List,
urges the Commission to consider providing clear market signaling and
adequate notice before such a prohibition on authorization takes
effect, so as not to harm US businesses. Drone Deploy further asks that
the Commission work with other federal agencies in promoting the
development of alternatives to equipment that may ultimately be added
to the Covered List and to consider the market realities and ensure
that adequate alternatives exist before restrictions on authorizations
take effect. The Commission seeks comment on whether it should, in
certain instances, take into account how the prohibition of particular
``covered'' equipment, and if such a prohibition could, if implemented
immediately without sufficient advance notice or opportunity for the
development of alternative sources of equipment, have a deleterious
effect on the public interest.
United States Point of Presence Concerning Certified Equipment
In seeking comment in the NPRM on actions that the Commission
should take that would better ensure compliance with, and enforcement
of, Commission rules, the Commission proposed requiring that the party
responsible for compliance with the Commission's certified equipment
rules have a party located within the United States that would be
responsible for compliance, akin to the current requirement applicable
for equipment authorized through the SDoC process. The Commission
observed that if there were a responsible party for certified equipment
that has a physical presence in the United States, this would allow the
Commission to conduct timely investigations and readily take effective
enforcement action in instances of noncompliance, including
noncompliance with the requirements promulgated in this proceeding.
Only one commenter provided directly addressed comment in response to
the Commission's proposal, supporting the identification of a U.S.-
based responsible party.
The Commission continues to believe that it is important to
facilitate enforcement of the Commission's rules and that requiring a
U.S.-based responsible party for certified equipment would represent a
significant step in achieving this goal. The Commission's actions in
this proceeding to prohibit future authorization of ``covered''
equipment that poses an unacceptable risk to national security
underscore the need for effective enforcement of applicable rules
associated with certified equipment. Many certified devices that are
imported to and marketed in the United States are manufactured in
foreign countries and grantees of equipment authorizations with those
devices are located outside of the United States. It can be difficult
to effectively communicate with grantees, particularly foreign-based
grantees, to engage in relevant inquiries, determine compliance, or
enforce the Commission's rules when appropriate. Accordingly, it is
important to have a reliable and effective means by which the
Commission can readily identify and directly engage the grantee of an
FCC equipment certification, which would be facilitated by requiring a
U.S.-based presence for associated with certified equipment.
Under the current equipment certification rules set forth in
section 2.909(a), the grantee obtaining the certification is the
responsible party, and the only party responsible for compliance with
applicable Commission requirements concerning that equipment. Requiring
that, for certified equipment, there be a responsible party in the
United States, would require revisions to the Commission's rules. In
the NPRM, the Commission proposed adopting a general requirement that
all applicants for equipment certification have a responsible party
located in the United States, which could help ensure compliance with
appliable Commission rules regarding the authorized equipment. At a
minimum, such a requirement would require that any grantee that resides
outside the United States to designate a party located within the
United States that would have legal responsibility concerning
compliance with such rules.
The Commission requests comment on the appropriate approach to
implementing a U.S.-based responsible party requirement, as well as the
details of implementing the approach in the Commission's rules. The
Commission believes that it remains important that the grantee of the
equipment authorization always be a responsible party for ensuring
compliance under the Commission's rules, as this helps ensure that
there are a wide range of tools available to the Commission that can be
leveraged with respect to the grantee to help promote compliance. If
the grantee continues to be a responsible party, but is not located in
the United States and therefore names a separate entity located in the
United States as a responsible party, how would this affect the
Commission's goal of promoting compliance? Would this result in there
being two responsible parties? Under this approach, what would be the
relationship between the U.S.-based responsible party and the grantee,
and should the Commission impose certain minimal requirements on that
relationship? Would the grantee and the U.S.-located responsible party
act as a co-equal in responsibility for compliance? Would both the
applicant (if foreign-based) and designated U.S.-based responsible
party have to attest and sign the FCC Form 731 application for
equipment certification or would a single attestation be sufficient?
Should the Commission revise section 2.909(a) concerning the
responsible party for certified equipment to more closely align with
the approach concerning responsible parties set forth in section
2.909(b), i.e., the rule already in place for equipment authorized
under the SDoC process? Are there important differences between
certified equipment and SDoC-authorized equipment that should be taken
into consideration as the Commission considers requiring a U.S. point
of presence for certified equipment? Under the SDoC approach, the
responsible party must be located in the United States, and could be,
depending on the situation, the manufacturer, the assembler, the
importer, or the retailer. Specifically, the Commission notes that
under 2.909(b), if the manufacturer or assembler of the equipment is
not located in the United States, and the equipment is imported, the
importer of the equipment would be the responsible party unless the
retailer(s) in the U.S. enter into agreement(s) with the importer or
manufacturer (or assembler) to become the new responsible party. The
Commission seeks comment on the extent to which a similar approach
should be adopted for certified equipment. Should the Commission
consider requiring that the importer, the retailer, the distributor, or
some other entity be the U.S.-located responsible
[[Page 14320]]
party? Should there only be one U.S.-located responsible party
permitted? The Commission seeks comment on these issues and the rules
and implementation details that commenters request that the Commission
consider.
If the Commission requires a U.S.-located responsible party, how
does the Commission ensure that any designated U.S.-based responsible
party has the requisite qualifications, necessary organizational or
corporate authority, capabilities, abilities and connection to the
grantee to enable it to appropriately and fully respond to Commission
inquiries and remedy violations of the Act and the Commission's rules?
Should the Commission, for instance, require there be a formal
agreement between the responsible party and the grantee? Should the
Commission specify a particular status for the U.S.-based responsible
party (i.e., a citizen, a lawful resident, etc.)? What minimum criteria
should the Commission consider for a U.S.-based responsible party's
physical presence in the United States? Should the Commission require
some form of financial security to ensure the Commission's ability to
enforce its rules? How should the Commission collect and maintain
information on any designated responsible party, through the TCB or
directly with the Commission? What requirements are needed to ensure
the grantee and/or the U.S.-based responsible party keeps its contact
information up-to-date with the Commission? The Commission notes that
these possible procedures could require updating FCC Form 731 and the
Commission-maintained equipment authorization system (EAS) database
procedures to address this additional entry and require necessary
updating if there are any subsequent changes.
If the Commission adopts a requirement to have a U.S.-based
responsible, is there any reason for the U.S.-based responsible party
to be the same designee as the U.S.-based entity for service of process
required by section 2.911(d)(7), or should they be different designees?
In order to effectuate enforcement over time, should the grantee be
required to maintain a U.S.-based responsible party for a certain
period of time after the grantee ceases marketing the device? Finally,
as the Commission considers which approach to take, the Commission
seeks comment on the burdens placed on applicants and the TCBs in
implementing the appropriate approach.
Other Issues
Now that the Commission's revised rules and approach have been
established in the Report and Order, commenters and other interested
parties may wish to submit further comments on these issues or other
issues. The Commission seeks further comment on some of the issues the
Commission raised in the NPRM. The Commission also invites comment on
additional issues.
Additional information under section 2.1033. In the NPRM, the
Commission asked whether to require the applicant to provide, under
section 2.1033, additional information (possibly including a parts
list) that could help establish that the equipment is not ``covered''
in order to assist TCBs and the Commission in the effort to prohibit
authorization of ``covered'' equipment. If so, what additional
information might be helpful or appropriate, and how should the
requirement be crafted to mitigate any undue burden on applicants?
Review of the equipment authorization post-grant. Following a TCB's
grant of certification, the Commission will post information on that
grant ``in a timely manner'' on the Commission-maintained public EAS
database, and that the TCB or Commission may set aside a grant of
certification within 30 days of the grant date if it is determined that
such authorization does not comply with applicable requirements or is
not in the public interest. In the NPRM, the Commission invited comment
on whether it should consider adopting any new procedures for gathering
and considering information on potentially relevant concerns that the
initial grant is not in the public interest and should be set aside. In
particular, the Commission asked about the extent to which interested
parties, whether the public or government entities (e.g., other expert
agencies) should be invited to help inform the Commission as to whether
particular equipment inadvertently received a grant by the TCB and is
in fact ``covered'' equipment such that the grant should be set aside.
The Commission notes that commenters on the NPRM generally opposed
establishing any new procedures. The Commission, however, invites
further comment about whether procedures for a post-grant review
process should be established now that the specific new rules and
procedures are effective.
Post-market surveillance. In the NPRM, the Commission also sought
comment on whether the Commission should consider any revisions or
clarifications to the section 2.962(g) rules concerning ``post-market
surveillance'' activities with respect to products that have been
certified. Those rules currently require TCBs to perform appropriate
post-market surveillance activities with respect to testing samples of
certified equipment for compliance with technical regulations. The
Commission noted that OET has delegated authority to develop procedures
that TCBs will use for performing such post-market surveillance, and
sought comment on whether any revisions or clarifications should be
adopted with respect to post-market surveillance. In its comments on
the NPRM, CTIA expresses concern that increasing the scope of TCBs'
post-market surveillance responsibilities could result in delays in
authorizing equipment and higher TCB costs. Now that rules and
procedures for prohibiting authorization of ``covered'' equipment are
effective, the Commission invites additional comment on this issue.
Beyond the existing requirements under section 2.962(g), are there
particular additional activities that TCBs should conduct in light of
the goals of this proceeding?
Certification process for equipment that is prohibited from using
SDoC. In the Report and Order of this proceeding, the Commission
adopted a rule prohibiting any of the entities named on the Covered
List as producing ``covered'' equipment, and their respective
subsidiaries or affiliates, from using the SDoC process to authorize
any equipment--not just ``covered'' equipment identified on the Covered
List. Thus, any equipment eligible for equipment authorization that is
produced by any entities so identified on the Covered List, or their
respective subsidiaries or affiliates, must be processed pursuant to
the Commission's certification process, regardless of any Commission
rule that would otherwise permit use of the SDoC process. While the
Commission maintains its belief that the implementation of this rule is
not unnecessarily burdensome, the Commission did note in adopting it
that as the Commission, industry, and manufacturers gain more
experience over time on the effectiveness of its procedures concerning
``covered'' equipment, the Commission may wish to revisit this process.
As such, the Commission takes this opportunity to seek comment on
alternative procedures that the Commission could consider to maintain
oversight over equipment identified on the Covered List, while ensuring
consistent application of the Commission's equipment authorization
procedures. What procedures should the Commission consider to
specifically address the authorization of equipment produced by
entities named on the
[[Page 14321]]
Covered List as producing ``covered'' equipment? What specific aspects
of the standard SDoC process and the Certification process should the
Commission combine to ensure the necessary oversight for the Commission
to readily identify and address equipment of concern?
Enforcement. In light of the rules and approach that the Commission
adopted in the Report and Order, the Commission invites comment on
other actions it should consider to promote enforcement of the
prohibitions in the Commission's equipment authorization program
relating to ``covered'' equipment.
Other issues. Finally, the Commission invites comment on other
rules or procedures that the Commission should consider as it moves
forward with implementation of the prohibition on authorization of
``covered'' equipment.
Further Notice on Competitive Bidding
In addition to considering revisions to the Commission's equipment
authorization program, the Commission sought comment in the NPRM on
whether to ``require an applicant to participate in competitive bidding
[for Commission spectrum licenses] to certify that its bids do not and
will not rely on financial support from any entity that the Commission
has designated under section 54.9 of its rules as a national security
threat to the integrity of communications networks or the
communications supply chain.''
If adopted, such a requirement could prevent the entities
designated pursuant to section 54.9 from influencing the bidding in an
auction for Commission spectrum licenses. The Commission has designated
Huawei and ZTE, and their subsidiaries, parents, or affiliates,
pursuant to section 54.9. In doing so, the Commission noted Huawei's
and ZTE's ties to the Chinese government and military apparatus, along
with Chinese laws obligating those companies to cooperate with any
Chinese government requests to use or access their systems. It also is
well-established that the Chinese government helped fuel Huawei's
growth by deploying powerful industrial policies to make Huawei
equipment cheaper to deploy than the alternatives. These policies
include both direct subsidies to Huawei and state-funded export
financing. The Chinese government support for Huawei has been
repeatedly documented.
In the NPRM, the Commission stated that indirect subsidies may
include ``[d]istortionary financing intended to support participation
in spectrum auctions of network operators who then deploy covered
equipment and services [and thereby] may raise concerns about risks to
the national security of the United States and the security and safety
of United States persons.'' The Commission noted concerns that such
financing had enabled a party to outbid others for spectrum licenses at
auction, effectively blocking other equipment providers. It sought
comment on whether a potential certification might address the risk of
such distortionary financing in Commission auctions.
Only a handful of commenters responding to the NPRM address the
potential auction certification. None dispute the potential risk,
though each raises different concerns with a certification requirement
and each offers different suggestions to address those concerns.
Addressing the potential difficulty of identifying the ultimate sources
of financing, one commenter suggests that the Commission accept a
certification based on reasonable belief ``after sufficient due
diligence.'' Another commenter alternatively proposes that the
certification only apply to applicants receiving ``financial support''
of greater than 10%, though it does not detail how this is to be
measured. That commenter also notes some risk that the potential
certification may interfere with allowing market forces to determine
the use of spectrum by artificially limiting the number of applicants
seeking the licenses. Echoing another commenter's concern with the
breadth of the potential certification, an additional commenter
suggests that the certification concern only those funds ``specifically
for the purpose of auction participation.'' They further recommend
limiting the certification to those entities specifically designated,
and proposes clarifications that subsequent changes in the list of
those designated would have no effect on earlier certifications. A
different commenter, on the other hand, proposes expanding the entities
covered by the certification to include relevant Chinese financial
institutions. Finally, rather than focus on financing, another
commenter would refocus the certification and make it into a bar on
specific entities participating in Commission spectrum license auctions
or the use by auction winners of equipment provided by those entities.
Concerns about Huawei and ZTE and the risks posed by their equipment
have continued since adoption of the NPRM and submission of the record
in response, both in connection with spectrum license auctions and more
generally. Concerns about the security of Huawei equipment were a
significant topic in connection with Brazil's 2021 auction of spectrum
licenses for use with 5G wireless technology. More recently, separate
from any license auction, Canada issued a ban on equipment from Huawei
and ZTE with respect to all licenses.
In light of the record in response to the NPRM, continuing concerns
regarding Huawei and ZTE, and the Commission's action in the Report and
Order with respect to equipment certification, the Commission seeks
further comment on the risk of distortionary auction financing and
potentially addressing that risk with a required auction application
certification. Given developments since the NPRM, including the steps
taken with respect to equipment approvals, has the risk of
distortionary auction financing to benefit section 54.9 companies
lessened or increased? As additional actions are taken with respect to
untrusted equipment and vendors, is a potential auction certification
more or less likely to be effective in addressing the underlying
concern? As noted in response to the NPRM, such an inquiry can be
difficult to tailor to address the underlying concern without imposing
a burden on or creating uncertainty for auction participants. Would any
of the alternatives suggested in the record address the underlying risk
more effectively? Are there alternative ways to narrow or otherwise
target the certification that would address the national security
concerns, while limiting any negative impacts on competitive bidding?
Ordering Clauses
Accordingly, it is ordered, pursuant to the authority found in
sections 4(i), 301, 302, 303, 309(j), 312, 403, and 503 of the
Communications Act of 1934, as amended, 47 U.S.C. 154(i), 301, 302a,
303, 309(j), 312, 403, 503, and the Secure Equipment Act of 2021,
Public Law 117-55, 135 Stat. 423, that the Further Notice of Proposed
Rulemaking is hereby adopted.
It is further ordered that the Commission's Consumer and
Governmental Affairs Bureau, Reference Information Center, shall send a
copy of this Further Notice of Proposed Rulemaking, including the
Initial Regulatory Flexibility Analysis, to the Chief Counsel for
Advocacy of the Small Business Administration.
It is further ordered that the Commission's Consumer and
Governmental Affairs Bureau, Reference Information Center, shall send a
copy of this Further Notice of Proposed Rulemaking, including the
Initial Regulatory Flexibility Analysis, to Congress and the Government
[[Page 14322]]
Accountability Office pursuant to the Congressional Review Act, see 5
U.S.C. 801(a)(1)(A).
Federal Communications Commission.
Marlene Dortch,
Secretary.
[FR Doc. 2023-04608 Filed 3-7-23; 8:45 am]
BILLING CODE 6712-01-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on March 8, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.