Congress called Huawei a national security risk — it’s still in US networks

Illustration by Hugo Herrera for The VergeBefore TikTok and semiconductors, the US was fighting a war against Chinese telecom. What happened? Continue reading…

Congress called Huawei a national security risk — it’s still in US networks

Three years ago, Congress declared Chinese hardware a threat to America’s internet. Spurred by fears of spying and cyberattacks, lawmakers demanded networks purge equipment from telecommunications companies Huawei and ZTE, a program dubbed “rip and replace.” The move was part of an ongoing war for technological dominance — one that President Joe Biden’s administration is keen to win.

But rip and replace has proven far more costly and less effective than Congress intended. A recent report indicated that only 2 percent of all approved projects have been completed, and 15 percent haven’t started at all. As Biden’s first term draws to a close, the program has become a frustrating slog for lawmakers, regulators, and internet service providers alike. 

The roots of rip and replace go back to at least 2012. In a congressional report, intelligence officials warned that Chinese tech infrastructure could open a backdoor to American networks. They singled out leading equipment makers Huawei and ZTE, which provided telecom gear that could outfit nearly every part of networks. The gear, officials said, could let the Chinese government shut down networks or spy on US citizens. These fears have only escalated following years of technological investment from China that could threaten US primacy.

Fears over Chinese tech mounted over the following years, reaching a fever pitch under the Trump administration

Fears over Chinese tech mounted over the following years, reaching a fever pitch under the Trump administration. In 2019, the Federal Communications Commission banned carriers from using federal funds to purchase gear from Huawei and ZTE, a first step in preventing new equipment from entering networks. Then, months later, President Trump signed the Secure and Trusted Communications Act, forcing carriers of all sizes to remove any Chinese equipment from their networks. Removal would be costly, especially for smaller carriers who invested in cheap Huawei and ZTE gear. Trump tasked the Federal Communications Commission with creating a rip and replace reimbursement program, using $1.9 billion in funds granted by Congress for the effort. 

Huawei and ZTE did not respond to requests for comment from The Verge but have previously denied that their gear and services pose a risk to US national security.

But the real costs have proven far higher than lawmakers estimated. By July of last year, the FCC had approved more than 200 applications from 85 different carriers, each with fewer than 2 million subscribers. The requests totaled over $4.6 billion, more than double the funding Congress approved two years prior. The agency began distributing the money in smaller payments over time to meet demand, and by January of this year, an FCC report estimated it had covered less than 40 percent of service providers’ costs.

That’s left a huge shortfall for the companies. Windstream, a carrier covering much of the midwest and southern US, was approved for nearly $47 million to take Huawei gear out of its networks. In a statement to The Verge, the company said it complied with its end of the bargain, removing all Chinese equipment by January of 2020 despite filing for bankruptcy in 2019. But so far, it’s only received “a portion” of its funds, according to Windstream spokesperson Brandi Stafford. It continues to send in applications for additional funds. 

The FCC acknowledged to Congress that money was its primary problem. But other issues have plagued the program as well. Ravi Rishy-Maharaj, the founder and CEO of international data service provider GigSky, tells The Verge that the FCC’s reimbursement web portal makes submitting invoices slow and confusing. If the agency finds an error, like accidentally using the wrong tax ID for a replacement equipment vendor, Rishy-Maharaj complains the agency could take a week or more to respond — only to make him resubmit the invoice and restart the process. The confusion, he says, has forced him to hire consultants, tacking on extra costs. 

A pandemic-induced supply chain crisis, exacerbated by the abrupt push to replace equipment across the US, has also slowed down network replacement projects. According to FCC polling, nearly half of the responding carriers reported long shipment delays and price increases while attempting to replace their gear. The sudden mass demand for replacement gear made it harder for some carriers to even place orders, according to the report. 

The end result is a program that, for myriad reasons, is over budget and far behind schedule. And while Congress already set aside nearly $2 billion to start the program, it has yet to provide the money to get it done. “Some recipients may not begin actually removing this equipment until additional funding is appropriated,” warned FCC Chairwoman Jessica Rosenworcel in a letter to the Senate Commerce Committee earlier this month.

Margaret McCarthy, vice president of government affairs for telecom industry group ITI, tells The Verge it’s been “a challenge” to find a vehicle for passing more rip and replace funding through Congress. “From the industry’s perspective, we’re just in favor of whatever can most expeditiously get the resources out to the carriers that need it.” But carriers can’t wait. On July 15th, they’re expected to have at least started to replace their gear. 

Once carriers’ applications have been approved, the FCC sets individual one-year deadlines to finish pulling out all of their Chinese gear. Some of the first ones will be reached by this fall, Rosenworcel said in her May letter. Without an extension, many carriers might fail to meet their deadlines — once again prolonging a program the White House, FCC, and Congress have all deemed an urgent security issue. 

“We have an obligation to help ensure the safety of our nation’s communications networks,” Anne Veigle, FCC spokesperson, said in a statement Friday. “This responsibility never ends because the threats to network security are always evolving, and why we must do all we can to fully fund the replacement of insecure equipment throughout the country.”

In April, Sen. Deb Fischer (R-NE) introduced a bipartisan bill to reallocate 3 percent of leftover covid-relief money to fund the effort. But as Congress prepares for a budget showdown, it’s unclear whether its leadership plans to put the bill up for a vote anytime soon. Both House and Senate are focused on tackling the looming debt crisis, which could send the US economy into freefall if it isn’t resolved by the end of the month. Even if lawmakers took up rip and replace funding immediately afterward, they’d only have slightly over a month to send a bill to President Biden before carriers’ July deadline.

In the years since those early warnings, Chinese telecom providers have repeatedly been caught misrouting internet traffic from the US and other nations through China. In 2018, Oracle reported that China Telecom misrouted US internet traffic through China. While it’s still unclear whether the redirection was intentional, data intended to flow through a Verizon subsidiary was sent through China Telecom for more than 30 months. Only a few months later, millions of Google IP addresses went offline following a similar mishap in which the Chinese carrier improperly accepted traffic out of Africa. 

“This is a very complex problem, and by not dealing with it, we’re still leaving many encrypted pathways for data to exit the United States”

It’s hard to say for sure whether these events and others like them were carried out under the malicious instruction of the Chinese government, but experts fear Huawei’s insertion into US networks could be leveraged to steal trade secrets and other sensitive information from competitors and adversaries. “This is a very complex problem, and by not dealing with it, we’re still leaving many encrypted pathways for data to exit the United States,” says Dan Gonzales, a senior scientist at the RAND Corporation.

Last year, an FBI investigation found that Huawei installed equipment in cell towers near military bases across rural America, sparking fears that the Chinese government could gain access to sensitive US defense information. The Commerce Department has also launched a similar probe, investigating whether Huawei gear could intercept communications coming from nearby missile silos. And in 2020, the Justice Department indicted Huawei and its chief financial officer, Meng Wanzhou, for racketeering and conspiracy, alleging that the company attempted to steal intellectual property belonging to US businesses, including “source code and user manuals for internet routers, antenna technology and robot testing technology.” 

Cutting off access to US networks would shut down this threat, but “we can’t just cut off all of the network traffic going from Huawei base stations in Montana because there might be legitimate traffic from people using their cellphones,” says Gonzales. “It’s much easier actually to just rip and replace to reduce the national security risk and the economic and technology theft risk.”

It’s a situation that contrasts sharply with both parties’ rhetoric on China — which has only grown more heated. Unlike TikTok or the Biden administration race for chipmaking supremacy, Chinese telecom gear is spun into the networks most every American connects to every day. But carriers’ odds of removing it seem less certain than ever.