The company’s operations pose a national security risk and potentially allow China to access data of Americans, the agency said.
An appeals court has upheld a decision made by the Federal Communications Commission (FCC) to prevent market access to China Unicom (Americas) Operations Ltd. (CUA) from the U.S. telecom sector.
CUA is a California corporation owned by the Chinese communist regime.
In 2022, the FCC voted to block CUA from the American market. FCC Chairwoman Jessica Rosenworcel said at the time that there was “mounting evidence—and with it, a growing concern—that Chinese state-owned carriers pose a real threat to the security of our telecommunications networks.”
The agency issued a revocation order in February 2022, blocking CUA’s operational authority under Section 214 of the Communications Act of 1934.
The company subsequently filed a petition, arguing that the FCC lacked “statutory authority” to revoke CUA’s Section 214 certificates, that the revocation decision was “arbitrary and capricious,” and that the department revoked the certificates “without following proper procedures.”
On Tuesday, a panel of judges at the U.S. Court of Appeals for the Ninth Circuit dismissed CUA’s challenge.
“We reject CUA’s arguments on each of these points and, accordingly, deny its petition,” the court opinion reads.
“The FCC properly concluded that there are ‘significant concerns’ that recently enacted Chinese cybersecurity and intelligence laws could require Chinese companies, including CUA’s indirect parents, to assist the Chinese government’s intelligence-collection efforts.”
The agency said CUA’s infrastructure and capabilities grant the company, and ultimately the Chinese regime, “numerous opportunities to access, monitor, store, disrupt, and/or misroute U.S. communications in ways that are not authorized and that can facilitate espionage and other activities harmful to U.S. national security and law enforcement interests,” according to the court opinion.
CUA insisted that the U.S. subsidiary was not subject to Beijing’s cybersecurity and intelligence laws. However, the FCC concluded that since the company was essentially owned by entities “indisputably” subject to such laws, CUA did pose a national security risk to the United States.
The agency also found that the company’s U.S. customer records are held overseas in Hong Kong, which is directly accessible by its parent company, China Unicom Global Ltd.
In addition, another affiliated company, China Unicom (Hong Kong) Ltd (CUHK), also had access to the U.S. records. When the FAA questioned why CUHK had access to these records, CUA failed to give an explanation, according to the court opinion.
The panel ruled that the FCC’s decision to revoke CUA’s certificates on national security concerns was “reasonable and supported by substantial evidence” and that such a course of action was “not arbitrary and capricious.”The FCC’s revocation order for China Unicom followed the release of several reports on security threats posed by the company.
A 2020 report by Washington-based Exigent Media found that the Chinese regime, through China Unicom, was the biggest source of cyber attacks against U.S. mobile users over 3G and 4G networks in 2018.
By exploiting vulnerabilities in the global mobile telecommunications network, Beijing was able to monitor, track, intercept, and disrupt communications made by U.S. subscribers when they traveled in foreign nations, the report said.
Prior to the FCC’s revocation order for China Unicom, Sens. Chuck Schumer (D-N.Y.) and Tom Cotton (R-Ark.) asked the agency to review operational approvals granted to Chinese state-owned telecom companies like China Unicom.
These companies “continue to have access to our telephone lines, fiber optic cables, cellular networks, and satellites in ways that could give [the Chinese regime] the ability to target the content of communications of Americans or their businesses and the U.S. government, including through the ‘hijacking’ of telecommunications traffic by redirecting it through China,” the senators wrote at the time.
Meanwhile, the FCC is taking steps to improve U.S. communications networks, citing ongoing threats from China. In June, Rosenworcel said the agency started rulemaking to make internet routing “more secure.”
The proposal requires broadband providers to file reports detailing their plans to address vulnerabilities in the Border Gateway Protocol (BGP), a global system that routes internet traffic worldwide.
The departments of Justice and Defense disclosed that BGP vulnerabilities were exploited by China Telecom “to misroute United States internet traffic on at least six occasions,” Rosenworcel said.
“These ‘BGP hijacks’ can expose personal information, enable theft, extortion, and state-level espionage,“ she said. ”They can also disrupt sensitive transactions that require security, like those in the financial sector.”