Pages

11 September 2021

The Biden Administration’s Emerging Approach on Technology Controls

Sourabh Gupta

Key Takeaways
During its last eight months in office, the Trump administration issued a blizzard of U.S.-China decoupling-related Executive Orders and Rulemaking with a focus on the digital economy and advanced manufacturing sectors. Some were shoddily drafted in haste, leaving the Biden administration to sort through these orders and regulations.

A common feature of the Biden administration’s emerging approach on technology controls has been its refusal to be rushed into a hasty rollout of revised policies and rules without broad internal vetting or external stakeholder input. As a result, a few admittedly unsatisfactory Trump-era rules continue to survive on the books during this interim. Thus far, there has been no knee-jerk revocation of a Trump-era rule.

In cases where the Biden administration has reached an internal consensus on a Trump-era technology controls rule, it has implemented a variety of responses. These range from the outright voiding of a deeply compromised Trump-era Executive Order to the methodical stripping-out and revision of deficient provisions within a Trump-era Rule to the amplification – not narrowing-down – of scope and coverage of a Trump-era Executive Order.

By-and-large, the overarching purpose of the Biden administration’s emerging approach to technology controls bears similarities with the Trump team’s approach: It seeks not so much to encourage China to cooperate and abide by rules-based, pro-market standards as much as it seeks to constrain China’s technological rise.

Introduction

The first eight months of the Biden administration has witnessed a great deal more of continuity than discontinuity with the last eight months of the Trump administration’s policies on U.S.-China relations. This is true of trade, investment and technology exchanges – including technology controls – too. This having been said, there has also been a slow and imperceptible process of walking back some of the excesses of the Trump years. During its last eight months in office in particular, the Trump administration had issued a blizzard of U.S.-China decoupling-related Executive Orders and rulemaking, with a focus on the digital economy and advanced manufacturing sectors. How the Biden administration has approached the re-writing of these orders, rules and regulations provides an early insight into its emerging approach on U.S.-China decoupling-related technology controls. While stressing broad continuity with the Trump administration’s actions, the trendline contains a series of nuanced shifts too.

Biden Admin. and Key China Trade and Investment Policy-linked Orders and Actions
January – July 2021

On July 30, 2021, the Department of Defense, the General Services Administration, and the National Aeronautics and Space Administration jointly issued a Proposed Rule, billed as “the most robust changes to the implementation of the Buy American Act in almost 70 years.” The proposed rule would make three major changes to existing procurement-related regulations: 1) raise the domestic content threshold; 2) allow for enhanced price preference for critical items and components; and 3) impose additional transparency related reporting requirements. The proposed rule is meant to implement President Biden’s January 25, 2021 ‘Made in America’ Executive Order.

On July 16, 2021, the U.S. Department of Commerce, along with the Departments of State, the Treasury, and Homeland Security, jointly issued a Hong Kong Business Advisory. This advisory warned businesses about “the new legal landscape” in Hong Kong and four categories of potential risks associated with Hong Kong operations of these businesses: 1) risks for businesses following the imposition of the National Security Law; 2) data privacy risks; 3) risks regarding transparency and access to critical business information; and 4) risks for businesses with exposure to sanctioned Hong Kong or PRC entities or individuals.

On July 9, 2021, President Biden issued a sweeping competitiveness-related Executive Order which directs several federal agencies to advance pro-market competition principles as well as vigorously enforce anti-trust laws across a range of economic sectors. The order also established a White House Competition Council within the Executive Office of the President.

On July 9, 2021, the Department of Commerce added 34 entities to the Entity List. According to this Department, 14 of these entities are based in China and have “enabled Beijing’s campaign of repression, mass detention, and high-technology surveillance” in Xinjiang while five entities are “directly supporting PRC’s military modernization programs related to lasers and C4IS.”

On June 24, 2021, the Department of Commerce added five Chinese entities to the Entity List for their alleged acceptance or utilization of forced labor “in the implementation of the People’s Republic of China’s campaign of repression against Muslim minority groups in the Xinjiang Uyghur Autonomous Region (XUAR).” The sanction targets the ability of the Chinese entities to access commodities, software, and technology. As announced by the State Department, this action is part of the joint efforts by the Departments of Homeland Security, Commerce, and Labor to address “China’s ongoing human rights abuses and use of forced labor in Xinjiang.”

On June 24, 2021, U.S. Customs and Border Protection issued a Withhold Release Order (WRO) targeting a Chinese entity, Hoshine Silicon Industry Co. Ltd, thereby prohibiting the importation of silica-based products made by Hoshine. Silica is a raw material used to make components for solar panels and electronics.

On June 17, 2021, the Federal Communications Commission issued a Proposed Rule to change the FCC’s equipment authorization rules and competitive bidding processes in order to block “insecure” devices from the U.S. market that might pose a national security threat.

On June 9, 2021, President Biden issued an Executive Order on Protecting Americans’ Sensitive Data from Foreign Adversaries, which revoked former President Trump’s E.O.’s 13942, 13943 and 13971 pertaining to the threat posed by TikTok, WeChat, and Applications and Other Software Developed or Controlled by Chinese Companies, respectively.

On June 8, 2021, the White House released its four 100-Day Supply Chain Review-related reports, pursuant to President Biden’s February 2021 Executive Order. The reports identify risks in the supply chains for semiconductor manufacturing and advanced packaging supply chains, for high-capacity batteries including electric vehicle batteries, for strategic minerals including rare earth elements, as well as for pharmaceuticals and active pharmaceutical ingredients.

On June 3, 2021, Biden signed E.O. 14032: Addressing the Threat from Securities Investments that Finance Certain Companies of the People’s Republic of China. This E.O. not only clarified Trump’s E.O. 13959, signed on November 12, 2020, but also updated the number of Chinese military-linked and surveillance technology sector-linked private companies barred from U.S. investment.

On May 28, 2021, U.S. Customs and Border Protection issued a Withhold Release Order (WRO) on Dalian Ocean Fishing, a Chinese distant-water fishing company for forced labor-related violations. Unusually, the entire fleet of fishing vessels owned by the company is subject to the WRO. Typically, WROs are issued for individual vessels found to be using forced labor.

On April 8, 2021, the Department of Commerce added seven Chinese supercomputing centers to the Entity List, restricting trade with these entities. In her accompanying statement, Secretary Gina Raimondo noted that “supercomputing capabilities are vital for the development of many—perhaps almost all—modern weapons and national security systems…[and that the] the Department of Commerce would use the full extent of its authorities to prevent China from leveraging U.S. technologies to support these destabilizing military modernization efforts.”

On February 24, 2021, President Biden issued an Executive Order on America’s Supply Chains, aiming to “strengthen the resilience of America’s supply chains.”

On January 25, 2021, President Biden issued an Executive Order on Ensuring the Future Is Made in All of America by All of America’s Workers, ordering the United States government to, when possible and consistent with applicable law, procure goods and services “from sources that will help American businesses compete in strategic industries and help America’s workers thrive.”

On January 21, 2021, President Biden issued an Executive Order on a Sustainable Public Health Supply Chain, directing immediate actions to secure supplies necessary for combating the COVID-19 pandemic.

Going with the Flow: On Trump’s ICTS Supply Chain EO

Key Takeaway: When undecided regarding key policy principles as well as on policy details related to technology-related export and/or investment controls, the Biden White House will not be rushed in its decision-making processes. There will be no knee-jerk revocation of an admittedly unsatisfactory Trump-era rule, which continues to survive as the functioning regulation governing cross-border technology exchange. The plan though is to methodically devise a successor policy—and regulation—by way of a parallel process which incrementally strips out and supersedes the shortcomings of the Trump-era rule.

Two weeks after the early-May 2019 collapse of the U.S.-China 100-Day talks that were initiated by President Trump and Chinese President Xi Jinping at the G20 summit in Buenos Aires, the Trump administration issued its Securing the Information and Communications Technology and Services (ICTS) Supply Chain Executive Order (EO). This order declared a national emergency on the basis that:

…foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services…[and] that the unrestricted acquisition or use in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects [to U.S. national security].

In light of this finding, the President tasked his Secretary of Commerce to issue:

…rules and regulations [that would,] among other things, determine that particular countries or persons are foreign adversaries for the purposes of this order; identify persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries for the purposes of this order; identify particular technologies or countries with respect to which transactions involving information and communications technology or services warrant particular scrutiny under the provisions of this order; establish procedures to license transactions otherwise prohibited pursuant to this order; [and] establish criteria…by which particular technologies or particular participants in the market for information and communications technology or services may be recognized as categorically included in or as categorically excluded from the prohibitions established by this order.

The ICTS Supply Chain EO, along with its initial rulemaking, was roundly criticized by the business and policy community at the time as being excessively opaque and alarmingly broad. The U.S. Chamber of Commerce noted that the rulemaking “would provide the [Commerce] Department with nearly unlimited authority to interfere in virtually any commercial transaction that covers a substantial portion of the U.S. economy.” IBM called the rule “massively overbroad,” adding that key terms and definitions are so vague they appear “to subject hundreds of billions of dollars of legitimate U.S. commerce to vague and arbitrary government regulation.” And other industry bodies asked the Secretary of Commerce to more narrowly define the meaning of the words “transactions,” “acquisition,” “importation,” “transfer” and “installation” to provide the needed clarity.

On the strength of this Executive Order (and a related one also in May 2019), the Commerce Department nevertheless proceeded to impose its draconian export control denials on Huawei (supplement by orders in August 2019, May 2020, and August 2020). At the time, the Financial Times characterized the actions as a “serious miscalculation” and called on the U.S. and the West “not to block China’s rise but encourage it to cooperate in a rules-based system.” Disregarding industry, specialists and media opinion, the Trump administration on its second-to-last day in office (January 19, 2021) proceeded to hurriedly rush through an ‘Interim Final Rule’ to implement the May 2019 Securing the Information and Communications Technology and Service (ICTS) Supply Chain Executive Order. The Interim Final Rule defines and identifies six “foreign adversaries” (China, Russia, North Korea, Iran, Cuba, Venezuela’s Maduro regime) and an unusually broad range of ICTS supply chain-related categories in the case of which the Secretary of Commerce would extensively enjoy discretion to evaluate and deny any ICTS supply chain-related transaction.

Supply Chain Rule and Broad Range of Information and Commercial Technology and Services (ICTS) Categories

Certain ICTS categories used by a party to a transaction in a sector designated as “critical infrastructure” by Presidential Policy Directive 21 (PPD-21). Notably, there are 16 such sectors, including energy, emergency services, the defense industrial base, critical manufacturing, and many sub-sectors within those categories.

Software, hardware, or any other product or service integral to:

Wireless local area networks;

Mobile networks;

Satellite payloads;

Satellite operations and control;

Cable access points;

Wireline access points;

Core networking systems; and

Long- and short-haul networks;

Software, hardware, or any other product or service integral to data hosting or computing services that uses, processes, or retains, or is expected to use, process, or retain, sensitive personal data on greater than one million U.S. persons at any point over the twelve months preceding an ICTS Transaction, including:

Internet hosting services;

Cloud-based or distributed computing and data storage;

Managed services; and

Content delivery services;

Internet-enabled sensors, webcams, end-point surveillance or monitoring devices, modems and home networking devices, or drones or any other unmanned aerial system, if greater than one million units have been sold to U.S. persons at any point over the twelve months prior to an ICTS Transaction;

Software designed primarily for connecting with and communicating via the Internet that is in use by greater than one million U.S. persons at any point over the twelve months preceding an ICTS Transaction, including desktop applications; mobile applications; gaming applications; and web-based applications; OR

ICTS integral to: artificial intelligence and machine learning, quantum key distribution, quantum computing, drones, autonomous systems or advanced robotics.

The Interim Final Rule was met with immediate alarm on the part of American business. The following day, on January 20, 2021, the incoming Biden White House issued an overarching memo authorizing relevant executive branch departments to “consider” postponing the effective date of rules that had been proposed by the Trump administration but had yet to take effect. In spite of this authority to potentially suspend the ICTS order-related Interim Final Rule, on March 22, 2021 (60 days after its issuance), the Biden administration’s Commerce Department stayed its hand and allowed the Rule to take effect.

On a parallel track, the Biden White House and Commerce Department are conducting a bottom-up and ongoing policy review of the security of supply chain vulnerabilities. Four separate reports on semiconductor manufacturing, high-capacity batteries, strategic materials, and pharmaceutical supply chains have already been submitted for internal review. Procurement preferences and patent incentives are being eyed among a raft of options to implement supply chain resilience. Furthermore, National Security Advisor Jake Sullivan is on record stating that fresh export control and investment screening initiatives are being readied for introduction over the coming months. In summary, until the Biden White House gets to the decision-point on steps forward regarding emerging technologies and ICTS supply chains, the unusually broad Trump-era Interim Final Rule will continue to stand as the functioning regulation guiding cross-border technology exchanges—and controls. And while the Trump-era ICTS Interim Final Rule will almost certainly not survive in its original form, the means of its supersedure by the Biden White House will be incremental and methodical.

Modified with a Scalpel: On Trump’s Chinese Military-Civil Fusion-related EO

Key Takeaway: The Biden White House has shown that, while it will not hesitate to methodically update or revoke the offending provisions of an existing Trump-era rule, it is willing to maintain the overall policy kernel of that Trump-era rule. This is particularly true when addressing key policy principles or particulars related to technology-related export and/or investment controls. Amendments to Trump-era rules could cut either way, depending on the merits of each situation; its scope could be expanded or, contrarily, its application limited.

Pursuant to Section 1237 of the National Defense Authorization Act (“NDAA”) for Fiscal Year 1999, each U.S. president has had the authority to create a list of foreign companies that are linked to or “owned or controlled by the People’s Liberation Army” with which Americans are prohibited from transacting in their publicly traded securities. However, until June 2020, no such list had been furnished by any administration.

On November 12, 2020, notably after his loss in the presidential election, President Trump signed an Executive Order (EO) titled Addressing the Threat from Securities Investments that Finance Communist Chinese Military Companies. This EO stipulated that, starting on January 11, 2021, American citizens would be prohibited from transacting in the publicly traded securities of 31 companies that the Department of Defense had identified as “Communist Chinese Military Companies.” (The November 2020 Executive Order should not be confused with the Final Rule expanding the China-related “military end user” list, which was issued by the Commerce Department’s Bureau of Industry and Security in April 2020.) The EO was poorly drafted, leaving important terms such as “transaction,” “publicly traded,” “purchase for value,” etc., vaguely defined. Worse, the Chinese smartphone giant Xiaomi Corporation was dragged into the list of designated “Communist Chinese Military Companies” on the basis of a mere news article that wrongly accused it of alleged links to the Chinese military.

The first domestically-made aircraft carrier of the Chinese Navy under construction, 17 June 2019. (Source: Wikipedia Commons, CC-BY-SA-4.0, Tyg728)

On June 3, 2021, following an internal review, the Biden administration issued its own Executive Order titled Addressing the Threat from Securities Investments that Finance Certain Companies of the People’s Republic of China. While this order preserved the broad outlines of the Trump-era order, it is notable for its revisions on four main counts:

First, it replaces and supersedes the operative provisions of the Trump-era order with much greater specificity. While retaining the key securities law concepts from the Trump-era order, the Biden EO provides enhanced definitional clarity of these securities law concepts as well as an expanded scope of applicability.

Second, the Biden administration EO scales up—not down—the number of Chinese entities, and sectors, to which the prohibition of the purchase or sale of publicly traded securities applies. The Biden list now includes 59 entities determined to currently operate or previously have operated in either the defense and defense-related material sector or the surveillance technology sector of the Chinese economy. Of the 59 entities, 26 are new entrants that were not featured in the Trump-era list. The “surveillance technology sector” itself is an entirely new addition and includes a number of Chinese entities that develop or use surveillance technology “to facilitate repression or serious human rights abuse.”

Third, the Biden administration EO did not only add entities to the list; it dropped entities from the list as well. For instance, the inclusion of two Chinese companies—Xiaomi and Luokung—was reversed due to a lack of evidence. As previously noted, Xiaomi had been dumped into the list on the basis of a mere news article alleging a (non-existent but) supposed link to the People’s Liberation Army.

Finally, the Biden administration EO does away with the gratuitously insulting language in describing the prohibited entities. In order to tar these Chinese entities within the American political discourse, the Trump administration EO had disparagingly referred to the listed entities subject to the prohibitions as “Communist China Military Companies”—with the emphasis being on ‘Communist China.’ The Biden EO drops this label in favor of the more neutral “Chinese Military-Industrial Complex Companies.”

Revoked with a Sledgehammer: On Trump’s Data Security and Personal Information Protection-related EOs

Key Takeaway: When decided on broad policy principles but undecided on the policy details related to technology-related export and/or investment controls, the Biden White House, if need be, will not hesitate to summarily tear down and revoke a deeply compromised Trump-era rule in its entirety. But equally, it will not be in haste to rush out a successor policy rule until a more considered review of the issues at hand is completed and an inter-agency wide consensus has been achieved.

The Trump administration’s August 6, 2020, Executive Order (EO) on Addressing the Threat Posed by TikTok (and a similar order regarding Wechat) is considered to be one of the most haphazard and poorly thought through technology policy directives released during its stint in office. This order deemed TikTok to be a threat to “the national security, foreign policy and economy” of the U.S. and, by way of a related order issued a week later, TikTok’s owner and developer, ByteDance, was ordered to forcibly divest the video-sharing app’s American operations within a stipulated time-period. The order led to court challenges as well as an unseemly scramble featuring Oracle and Walmart attempting to purchase TikTok’s U.S. operations with Trump’s blessing – an attempt that failed to consummate. Undeterred, the Trump administration went ahead and issued yet another EO titled Addressing the Threat Posed by Applications and Other Software Developed or Controlled by Chinese Companies. Issued just two weeks prior to demitting office, this EO widened the prohibitions on transactions related to Chinese connected software applications to include: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. In the EO, a “connected software application” was defined as software, a software program, or group of software programs designed to be used by an end user on an end-point computing device as well as designed to collect, process, or transmit data via the Internet as an integral part of its functionality.

On June 9, 2021, with one sledgehammer blow, the Biden Administration eviscerated the Trump-era orders on data security and personal information protection. Section 1 of its EO on Protecting Americans’ Sensitive Data from Foreign Adversaries starts with a wholescale revocation of the key 2020-21 Trump-era data protection orders. It notes:

The following orders are revoked: - Executive Order 13942 of August 6, 2020 (Addressing the Threat Posed by TikTok, and Taking Additional Steps To Address the National Emergency With Respect to the Information and Communications Technology and Services Supply Chain); - Executive Order 13943 of August 6, 2020 (Addressing the Threat Posed by WeChat, and Taking Additional Steps To Address the National Emergency With Respect to the Information and Communications Technology and Services Supply Chain); - and Executive Order 13971 of January 5, 2021 (Addressing the Threat Posed by Applications and Other Software Developed or Controlled by Chinese Companies).

However, the revocation is not the end of the matter. In fact, it is the beginning of a new and more deliberate review and revision phase of cross-border data and privacy protection policy, with a focus on potential adversaries. For instance, this Biden EO tasks the Secretary of Commerce to provide both a report and a set of accompanying recommendations for future executive and legislative branch actions to address the risk associated with software applications that are owned, developed, manufactured or controlled by a foreign adversary. Potential indicators of risk related to such connected software applications are to include:

ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities;

use of the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data;

ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary; ownership, control, or management of connected software applications by persons involved in malicious cyber activities;

a lack of thorough and reliable third-party auditing of connected software applications;

scope and sensitivity of the data collected;

the number and sensitivity of the users of the connected software application;

and the extent to which identified risks have been or can be addressed by independently verifiable measures.

The old Trump-era policy may be consigned to the dustbin. However, a more considered policy and rulemaking on cross-border data security and personal information protection that is applicable to China is still many months in the making. The aim is to avoid the pitfalls of the rushed Trump-era Executive Order as well as generate wider consensus across relevant government agencies and external stakeholders.

Concluding Thoughts

Overall, the Biden administration has tended to move out cautiously with regard to revising the various U.S.-China technology controls-related orders and actions issued by the Trump administration. A running thread throughout has been its reticence to be drawn into a rushed revocation or revision of a Trump-era order or action. Rather, the emphasis so far has been on conducting a broad internal vetting, paired with external stakeholder input. That said, the overarching trendline suggests an emerging Biden administration approach on technology controls that is not too dissimilar to the Trump team’s approach: one that seeks not so much to encourage China to cooperate and abide by rules-based, pro-market standards as much as it seeks to constrain China’s technological rise. However, the jury is still out on this subject.

No comments:

Post a Comment