Updated (5/3/2018)

On April 17, the Federal Communications Commission (“FCC”) broke new ground in the agency’s role in national security policy by voting unanimously to approve a Notice of Proposed Rulemaking captioned “Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs” (the “NPRM”).  The deadline for filing comments is June 1, 2018, and reply comments are due July 2, 2018.

As the title indicates, the NPRM seeks comment on a framework to reduce supply chain risks for telecommunications equipment and services deployed throughout the country. The item acknowledges a specific role for the FCC in this arena: to ban use of Universal Service Fund (“USF”) subsidies in ways that undermine or pose a threat to national security. In short, the FCC proposes to use the power of the purse—in the case of USF, about $9 billion in subsidies per year—to dissuade companies from using equipment sourced from companies or countries that pose a national security concern.

Although the approach is narrow in scope, in practice the NPRM could produce a final rule that would significantly affect the selections of equipment and services by some USF recipients, particularly rural and smaller providers who reportedly are more likely to have purchased equipment from targeted suppliers. Additionally, as explained below, this proposed rule could affect USF recipients that do not use prohibited equipment and service providers, depending on whether some of their subcontractors use them.

The rule proposed by the FCC would state that “no universal service support may be used to purchase or obtain any equipment or services produced or provided by any company posing a national security threat to the integrity of communications networks or the communications supply chain.” The NPRM therefore focuses on two critical questions: first, how should the FCC decide which companies pose a national security threat, and second, what equipment and services from those companies should the FCC prohibit USF recipients from purchasing or using in their networks.

Identifying Companies that Pose Threats

The FCC proposes a few methods for determining which companies to bar as suppliers of equipment and services for USF purposes.

For example, the FCC suggests establishing criteria based on the Spectrum Act of 2012, the National Defense Authorization Act for Fiscal Year 2018 (“NDAA”), and pending legislation. Another option is to rely on existing statutes that ban, for national security reasons, companies from providing certain equipment and services to federal agencies. A third option asks whether a different federal agency could be tasked with maintaining a list of communications equipment or service providers that raise national security concerns.

In addition to identifying companies to prohibit, the FCC also is interested in the scope of the prohibition, and whether a covered company’s subsidiaries, parents, or affiliates should also be subject to the proposed rule. Regarding the scope of the rule, the FCC asks “[s]hould we consider actions targeted not only at the USF-funded equipment or services of those companies, but also non USF-funded equipment or services produced or provided by those companies that might pose the same or similar national security threats to the nation’s communications networks?” The resolution of these issues could expand the rule’s reach.

Use of Funds for Specific Equipment and Services

The FCC seeks comment on the scope of the equipment and services that should be included in the ban on use of USF funds. For example, should the FCC ban all purchases from companies that have been identified as raising national security risks, or should the scope be limited to those elements that “relate to the management of a network, data about the management of a network, or any system the compromise or failure of which could disrupt the confidentiality, availability, or integrity of a network?”

The NPRM explains that USF funds should not be used for the prohibited items by either the recipient or the recipient’s subcontractor, but asks how far down the chain of subcontractors the restrictions should apply. Depending on the answer to this question, the reach of the FCC’s proposed rule could expand, affecting USF recipients who do not directly use any of the prohibited equipment or services.

Also, given the fungible nature of money, the FCC asks whether the rule should “prohibit the use of any USF funds on any project where equipment or services produced or provided by a company posing a national security threat … is being purchased or obtained.” This question can turn out to be critical because many USF projects involve both USF and non-USF funds. However, the FCC does ask whether there are any specific categories of services that should not be subject to the proposals—a question that could reduce the impact of the rule.

Enforcement and Penalties

The NPRM makes clear that the FCC intends to enforce the proposed USF limitation, even asking whether penalties in addition to loss of funding and forfeitures should be implemented. For example, the FCC asks whether rule violators should be suspended or even permanently barred from receiving USF support—a result that could amount to a fatal blow for some service providers (and a potential corresponding loss of service to customers). Also, the FCC asks whether a different, perhaps more stringent, waiver standard should be used in lieu of the typical waiver for “good cause.” The penalties and the waiver processes emphasize the important function the FCC sees for itself in this specific area of protecting the communications supply chain.

While the FCC’s NPRM will be of greatest interest to telecommunications providers that receive funds from the Universal Service Fund, it could set a precedent for broader FCC involvement in national security matters generally in the years ahead. We will continue to monitor this proceeding as the FCC seeks comments, develops a record, and eventually moves to a final Order.  Actions also continue across the Administration on limiting government use of devices and network services from countries deemed to pose a national security risk.