Background
In June 2021, the FCC published a Notice of Proposed Rulemaking (NPRM) regarding a proposed rule to preclude equipment on the Covered List from obtaining future equipment authorizations.
This proposal impacts Dahua, as some of our company’s equipment is on the FCC Covered List and, therefore, the FCC rulemaking could restrict our ability to secure needed authorizations for future products. It also would make it slower and more difficult for us to obtain authorizations for future products that are not on the Covered List. More importantly, this proposal could have wide-ranging impacts on the entire video security and Internet of Things ecosystem and supply chain, including potentially imposing significant costs on the US economy.
Public Comments and Industry Reaction
Upon publication of the NPRM, the Commission opened up a public comment period. Businesses, individuals, trade associations and other stakeholders took the time to submit more than 300 comments for the record.
The vast majority of these submissions urged the FCC to proceed with caution, with many joining Dahua in calling for the Commission to abandon the proposal outright.
Dahua’s Continued Engagement with the FCC
For its part, Dahua submitted two comment letters as part of the initial comment period, and followed that up with 19 further filings in response to questions posed by FCC Commissioners and staff during multiple meetings that were held with company representatives and counsel.
Our core arguments to the FCC include the following (to learn more about the substance of these arguments, please click the link):
- The equipment Dahua sells in the U.S. does not and in many cases cannot pose a national security risk.
- Dahua does not manufacture “Covered Equipment” under the Secure Networks Act.
- The proposed rule would impose enormous costs on US businesses, customers and the FCC itself that vastly outweigh any speculative benefit.
- The proposed rules must be based on technical standards relevant to the equipment authorization process.
Dahua commends all those who took the time and effort to submit comments to the public docket and is grateful to the FCC for the opportunity to express our perspective..
What to Expect Next
It is widely expected that the FCC will announce its rulemaking in the next few weeks. As the Commission wraps up its work, we want to take this opportunity to briefly summarize the arguments we have made and why we so strongly believe that the FCC should not adopt this rule as proposed—and if it does adopt the rule, it should do so with clear recognition that many Dahua products should not be subject to its restrictions. Finally, Dahua has made it clear that none of our equipment is intended for use in public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes; and we are willing to accept reasonable and cost-effective measures to satisfy the FCC that it will not be used in these sectors.
Before getting to those substantive arguments, it is worth noting up front that irrespective of the outcome of this proceeding, Dahua is committed to the US market. Our US-based employees are working with customers and business partners every day to help them meet the needs of a fast-changing security landscape. We believe that advanced security cameras and IoT solutions hold the promise of creating a safer, fairer and more secure future, while adding enormous value for businesses and organizations seeking to operate more securely, smartly and efficiently. We intend to continue that mission in the US in whatever capacity the regulatory environment will permit—and it is our sincere hope that we will preserve the ability to deliver the full array of our company’s innovations for all of our US customers.
Also, it is important to stress that we do not expect the FCC’s ruling to have any effect on Dahua products that have already received equipment authorizations. Customers should be able to continue using their existing products, and to purchase products that are already in the marketplace, without interruption.
Against that backdrop, we have worked hard to present a substantive, fact-based argument to the FCC.
These arguments were presented over the course of our filings, which included hundreds of pages of content. For the purposes of this summary we have omitted some of the more detailed legal and technical arguments and focus on the major points we have sought to make. If you want to read in more detail, please click here for all filings Dahua has submitted.
Key Arguments
1. The equipment Dahua sells in the U.S. does not and in many cases cannot pose a national security risk
The entire rationale for the proposed rulemaking is to protect against national security threats to the US telecommunications system—that is the FCC’s fundamental mission as an agency.
However, the equipment Dahua sells in the US market does not and generally cannot pose a risk to that system.
As our customers and other stakeholders know, the equipment we sell is video security and related products and accessories. None of those products meet the legal definition of being essential to the provision of advanced communications services. All Dahua products can be deployed and operated with or without internet connectivity and the majority of all our end-users can operate their devices while remaining physically or logically isolated from the internet.
Put simply, the equipment Dahua sells in the US is generally used within the physical and network perimeters of the end-user’s property—be that a household or business. Our devices are not nodes in the broader US telecommunications system and are frequently not connected to the open internet at all. Even where they are connected to the internet, they are connected at the edge (the user’s premises), not in a network node, and the connections can be further secured by adopting VPN, end-to-end encryption, and port-forwarding, among other security best practices.
As such, Dahua’s equipment does not and in most cases literally cannot pose a risk to the telecommunications system for the simple reason that these products are generally not connected to that system.
Not only can our equipment pose no direct risk to the telecommunications system, our company also works hard to ensure that bad actor third parties cannot leverage our equipment to threaten the security of our customers. Dahua follows stringent policies and procedures to protect against and remedy vulnerabilities related to cybersecurity in our products.
Dahua conducts rigorous pre-deployment testing of its software, regularly monitors deployed software, and delivers patches to thwart potential cybersecurity threats. Moreover, Dahua engages and cooperates with others in the industry, the public and appropriate authorities to enhance security.
Dahua’s commitment to security is demonstrated in the real world. For example, earlier this year researchers identified vulnerabilities affecting a limited number of Dahua products. The company responded swiftly to gather necessary information about these issues, developed a patch and began distributing it to its customers. This entire process was completed expeditiously and on a timeline well within industry standards.
2. Dahua does not manufacture “covered equipment” under the Secure Networks Act and has proposed safeguards to ensure its equipment is not used for national security purposes
The Secure Equipment Act is the legislation passed by Congress which directs the FCC to promulgate the rules being proposed in this NPRM. That Act directs the FCC to no longer review or approve applications for equipment authorization for equipment that is on the “list of covered communications equipment or services” under the Secure Networks Act. In the Secure Network Act, Congress is very precise in defining ”communications equipment or services” to mean, “any equipment or service that is essential to the provision of advanced communications service” — that is to say, only network equipment used by broadband service providers can be covered.
The equipment Dahua manufactures simply does not meet that definition. As our customers know, the equipment we deliver consists solely of peripheral devices, including security cameras, video recorders and video signal switches, along with related accessories. Our equipment is no different than any Internet of Things equipment that operates outside of the broadband or telecommunication network. None of our products are intended for providing communications services of any kind.
Had the Congress meant to cover non-telecommunications equipment in the restriction list, it would have clearly said so in the Secure Networks Act and Secure Equipment Act.
Notwithstanding our conclusion that the Secure Equipment Act does not apply to Dahua products, Dahua has made extensive proposals to satisfy the FCC that its equipment will not be used in sensitive sectors affecting national security. Indeed, Dahua is the only party that has submitted comprehensive labeling and packaging, record keeping, certification and representation rules, modeled after regulations covering the sales of pesticides, firearms, tobacco products, and alcohol, as well as government contracts. Our company is ready to take these steps, even though we think we should not legally be required to, in order to satisfy both the Government and the public that our products pose no threat to the United States.
3. The proposed rule would impose enormous costs on US businesses, customers and the FCC itself that vastly outweigh any speculative benefit.
Under US law, federal agencies are required to consider not only the theoretical benefits of a proposed regulation, but also its costs.
In this case, the speculative benefit is negligible to non-existent—as detailed above, there is no national security interest served by preventing Dahua from securing authorizations for equipment that is generally not connected to the internet and does not meet the definition of providing “advanced communications services.”
But the cost could be significant.
Several commenters to the FCC noted that the proposed rules would exacerbate already challenging supply chain issues facing the US electronics industry and impose additional administrative burdens on the Commission and market participants, including non-Covered List manufacturers. Some emphasized the important point that enacting evaluation criteria for devices based on device origin—the country in which a device is manufactured—rather than technical characteristics would expand authorizations to a far larger scope of equipment, likely resulting in a very large number of additional devices that would be subject to a much more extensive and expensive evaluation in the authorization process.
Importantly, the proposed rules could also mean a much less competitive market for security equipment, which would ultimately translate to increased costs for customers. In addition, if customers lose the ability to purchase new models of Dahua products, it could ultimately require them to update their entire security systems, meaning substantial additional costs they would not otherwise have had to incur and for which they are not likely to be reimbursed.
4. The proposed rules must be based on technical standards relevant to the equipment authorization process.
Finally, Dahua understands that the Commission is obligated to promulgate rules to achieve its statutory mandate to secure the communications equipment supply chain. However, the Commission should not go beyond what the statute requires to impose new requirements, not based on technical criteria, for Dahua equipment that does not meet the specific requirements of the Covered List.
The Commission traditionally has only examined technical characteristics when evaluating devices under the equipment authorization process. This is because the Communications Act explicitly defines the FCC’s authority in regard to equipment authorizations in terms of protecting against signal interference. In other words, the FCC’s equipment review should be limited to the technical work of ensuring that the nation’s airwaves are not compromised due to equipment that improperly interferes with other signals.
Obviously, no such issue is at stake in this rulemaking. Dahua’s equipment does not interfere with the airwaves, as our FCC authorizations up to the present have affirmed. Rather, the rules as proposed would have the FCC take on an entirely new function, which would be to deny authorizations based solely on the identity of the applicant rather than the technical characteristics of the device. Nowhere in the Communications Act did Congress give the FCC that authority, nor are we aware of any precedent for the FCC using its equipment authorization authority in that manner.
In addition, the passage of the Secure Equipment Act does not expand FCC’s statutory authority. The Commission’s authority is limited to the scope of the Secure Networks Act. As elaborated above, the Secure Equipment Act does not change the type of equipment and services on the Covered List, that is, only network equipment used by broadband service providers can be covered — Dahua manufacturers none of them.
Conclusion
As Dahua has maintained throughout this process, we respect the authority of the US Government to protect what it deems to be its national security interests and the FCC’s statutory mandate to safeguard the nation’s airwaves and telecommunications systems.
However, the fact is that Dahua as a company poses no threat to US national security and the equipment Dahua markets in the US—video cameras and related products that are generally not connected to the open internet—certainly poses no such risk. The proposed rulemaking as directed by Congress under the Secure Networks Act and Secure Equipment Act should not apply to our products. Further, the FCC should not deny equipment authorizations based simply on the identity of the manufacturer and some other non-technical considerations. Should the FCC ignore those issues and proceed with the rules as currently drafted, it would impose enormous costs on the entire ecosystem, including on itself and all those who rely on the FCC to speedily review and authorize applications.
The proposed rules simply do not serve anyone’s best interests. Rather than proceeding down this road, we urge the FCC and the US Government to take a more targeted approach to address whatever specific concerns they have about national security in relation to our company.
And we stand ready to act as a constructive and collaborative partner in such a process.
Preserving a competitive and innovative marketplace for video security products is what serves American consumers, businesses and the entire economy. Dahua remains proud to be a participant in this market and hopes to continue to do so for years to come.
We appreciate everyone who has taken the time to read our submissions and this summary and look forward to continuing this important dialogue in the months and years to come.