Testimony of Larry R. Parkinson, General Counsel, FBI
Before the U.S. House of
Representatives, Committee on Commerce
Subcommittee on Telecommunications, Trade, and Consumer
Protection
September 7, 2000
"Foreign Government Ownership of American Telecommunications
Companies"
Summary:
The increasing globalization
of the telecommunications marketplace, while promoting competition
and stimulating innovative service offerings, increases the
risk that our national security and law enforcement interests
will be hampered by control of U.S. communications networks
by foreign entities. In anticipation of these risks, the Department
of Justice (DOJ) and the Federal Bureau of Investigation (FBI)
have used the existing statutory/regulatory review processes
to negotiate arrangements with foreign owned companies which
preserve the government's ability to protect the safety and
privacy of the American public.
When control of U.S. communications
and data is located outside the jurisdiction of the United
States, it becomes increasingly difficult to assert U.S. legal
authority. In some cases, there may be no practical way to
conduct lawful surveillance effectively and securely if the
facilities that process U.S. communications are located outside
of the United States. It is ultimately the safety of the American
public that suffers the consequences of an inability to conduct
national security investigations and prevent and detect criminal
activity through effective investigative tools such as court
authorized electronic surveillance and obtaining transactional
information pursuant to lawful process. If these means are
rendered useless, either due to the assertion of foreign jurisdiction,
or because there is no assurance that confidential U.S. information
will be secured, the safety and privacy of the American people
become more vulnerable to exploitation. These concerns exist
regardless of whether the controlling entity is foreign government
owned. Even when the foreign entity controlling a U.S. communications
network is privately held, there is cause for concern that
the foreign-affiliated carrier may be subject to the influence
and directives of the foreign government or others to compromise
U.S. investigations and carry out or assist in carrying out
intelligence efforts against the U.S. Government or U.S. companies.
On a continuum of risk, however, a service provider that is
directly or indirectly owned or controlled by a foreign government
or its representatives falls on the higher risk end of the
spectrum.
Many foreign nations dedicate
significant resources to gathering intelligence about other
governments or elements thereof and to gathering counterintelligence
information to protect against other nation's intelligence
activities. Ownership and control of U.S. communications networks
gives a foreign government the capacity to gain relatively
easy access to confidential information about the targets
of U.S. national security and law enforcement investigations,
the nature of those investigations, and the sources and methods
used, as well as information about the extent to which the
U.S. Government is aware of a foreign government's intelligence
activities. Ownership and control of U.S. communications networks
could also provide a foreign government with the ability to
direct key employees to utilize routine monitoring capability
to access confidential private communications and data of
U.S. corporations and citizens communicating over the network.
Although U.S. law prohibits unauthorized monitoring and disclosure
of data, such monitoring by the service provider is difficult
to detect. While the risks and likelihood of such problems
depend on the particular situation involved, if a foreign
government were to have unrestricted control of U.S. communications
networks, the risk increases that it could exploit such access
for its own gain to the detriment of U.S. security.
To address these concerns, the
DOJ/FBI have, over the past few years, engaged in a series
of discussions with various companies seeking to deploy global
telecommunication systems or to consolidate existing domestic
and foreign telecommunication systems. We have carried out
these discussions within the existing statutory and regulatory
processes for protecting law enforcement and national security.
Please refer to Kevin Di Gregory's testimony for a further
description of these processes. In each instance, the leverage
provided by these processes has allowed us to reach an agreement
that preserves law enforcement's ability to protect privacy
through enforcing the laws and to protect the national security
of the United States, while facilitating approval of the transaction
by the appropriate reviewing body.
Given the wide variety of business
plans, technology, and infrastructure that these various ventures
involve, the agreements have, of necessity, been company-specific.
Nonetheless, the interests of the United States in these matters
remain constant. These constants have served to help guide
DOJ/FBI decision making, as well as to serve as a platform
for guidance to the telecommunications industry and other
interested parties.
__________
I appreciate the opportunity to appear before your subcommittee
to discuss H.R. 4903. My comments today will focus on our
vital national security and law enforcement interests that
can be adversely impacted by foreign ownership of U.S. telecommunication
carriers. These vital interests range from protecting the
privacy of personal communications to preserving public safety.
I also note that existing processes are utilized so that foreign
ownership can occur without jeopardizing our security and
privacy interests.
Telecommunications networks
are a critical part of the Nation's information infrastructure.
They provide the central means for transacting, through voice,
data, and video, a vast amount of personal communications,
private commerce, and government business. Changes in telecommunications
technology, infrastructure, and business alignment have transformed
the nature of the industry at an ever-accelerating pace. The
traditional telecommunications model in which domestic companies
provide domestic services to domestic customers has increasingly
been replaced by systems and organizations intended to provide
services on an international, if not global, scale. These
systems attempt to serve the largest possible number of customers
from centralized communication and data facilities without
regard to where the customer being served is located or to
national boundaries. Business ventures in this industry often
involve technological and contractual arrangement with, or
control or ownership by, foreign entities, or both.
The transnational nature of
these ventures poses substantial legal, technical, and practical
challenges to U.S. agencies charged with enforcing the law
or protecting the national security. These challenges range
from protecting U.S. communications and data from unauthorized
access to preserving the Government's ability to intercept
lawfully communications routed by satellite to gateways outside
the United States, without significantly impeding the introduction
of new technologies, features, or services. Notwithstanding
the wide variety of business plans, technology, and infrastructure
that these various ventures involve, certain common characteristics
exist and more importantly, the interests of the United States
in these matters remain constant.
II. RISKS
A primary FBI interest and the
most technologically challenging issue is the preservation
of our ability to intercept communications and obtain communications
transaction data pursuant to existing legal authorities despite
infrastructure and technological changes. To enforce the law,
protect public safety, and preserve the national security,
law enforcement and national security agencies must be able
to intercept communications and obtain the associated identifying
data in a secure, unobtrusive, and timely fashion pursuant
to and in accordance with the relevant constitutional and
statutory safeguards. The Government must also be able to
obtain basic subscriber information and other transactional
records relevant to the target communications. Actions taken
to preserve this interest do not expand existing authorities;
rather, they are designed to ensure that existing lawful investigative
tools are not rendered inoperative by the transnational nature
and technological complexity of a new venture. This will become
increasingly important as the highly regulated telecommunication
sector converges with the largely unregulated Internet communications
industry.
Traditionally, the FBI as well
as other Federal, State, and local law enforcement agencies
have principally conducted electronic surveillance efforts
(and obtained interception access and access to stored communications
and subscriber records) through those U.S. carriers which
offer local exchange-type service, and provide service connections,
directly to the public. It is vital therefore that a foreign
owned and controlled company (through its carrier subsidiaries)
maintain within the United States interception access, access
to the stored wire and electronic communications of their
U.S. customers and subscribers, and any records and subscriber
information relating to such U.S. customers or subscribers.
If such information is unavailable because it is stored beyond
the United States border, subject to restrictive disclosure
laws of foreign countries, or technologically inaccessible,
the national security, law enforcement, and public safety
interests of the United States are degraded proportionally.
These requirements are essential to ensure effective, efficient,
and secure service of lawful U.S. process; effective, efficient,
and secure execution of such process; and to protect against
any unauthorized disclosure of classified national security
and sensitive law enforcement information related to such
process, to foreign powers and companies licensed and regulated
by foreign powers. For this reason, the agreements the DOJ/FBI
have negotiated with foreign owned companies contain provisions
which address these requirements.
Another area of significant
concern is the security of U.S. intercept and data acquisition
activity. The implementation of lawfully authorized national
security and law enforcement interception and data acquisitions
increasingly requires the cooperation of the communications
service provider. In these cases, the U.S. Government is required
to disclose sensitive target information and investigative
techniques to the service provider in order for it to provide
the assistance required under the order. Such targets could
be foreign intelligence officers or agents, or could be associated
with criminal enterprises (e.g., international drug-trafficking).
Without adequate safeguards, the damage to an investigation
would be done the moment the U.S. serves process on the foreign-affiliated
carrier. The foreign-affiliated carrier would also immediately
become knowledgeable about the current technological intercept
capabilities and limitations of U.S. law enforcement and national
security agencies. The disclosure of such information to a
foreign government and its operatives could serve as a guide
to how to evade lawful U.S. surveillance.
Risks associated with the potential
for compromise of the interception, unauthorized identification
of interception targets, and disclosure of interception sources
and methods, correspond with the level of foreign involvement
in or control of the entity through which the intercept is
to be executed. Also, law enforcement's ability to prevent,
detect and respond to breaches of wire tap security are greatly
inhibited if the equipment and personnel responsible for the
intercept are located outside the United States.
If the U.S. Government cannot
satisfy itself that the confidentiality of its national security
and law enforcement interceptions will be maintained, then
it may be denied the use of these investigative tools, degrading
of our ability to protect national security and public safety,
even though the interception is clearly authorized by law.
Moreover, once a communications system is considered "intercept-free,"
it has the potential to become a haven for all sorts of unlawful
activity. Our agreements with the foreign owned companies
therefore require increased security of lawfully authorized
electronic surveillance activities in situations where information
about such activities could be accessible from outside the
United States, or otherwise readily acquired by a foreign
power.
The FBI together with the Department
of Justice is charged with preventing, investigating, and
prosecuting, when appropriate, instances in which U.S. communications
and data have been acquired or disclosed in violation of our
Nation's laws. Our ability to detect, investigate, and assert
jurisdiction, criminally or civilly, is impeded, if not eliminated,
when entire or significant components of communication systems
operating in the U.S. are located or accessible through means
located outside U.S. borders. Even within the United States,
unauthorized interceptions and disclosures by a service provider
are, as a practical matter, undetectable. But the risk that
a service provider might carry out, or assist in carrying
out, covert interceptions increases when the entity with ownership,
control and influence over company practices and employees
owes its allegiance to a foreign government.
Related to protecting the security
of private communications is our interest in preventing economic
espionage. The theft of trade secrets on behalf of foreign
governments, instrumentalities, or agents is prohibited by
18 U.S.C. § 1831; theft of trade secrets in other instances
is proscribed by 18 U.S.C. § 1832. Notwithstanding that
an owner may have taken all measures that a reasonably prudent
person in the same or similar circumstances may have taken
to safeguard his trade secrets, foreign control of or significant
involvement in U.S. communications systems over which those
trade secrets are sent increases their vulnerability to unobtrusive,
illegal exploitation.
The operation of or access to
telecommunications facilities and services which originate
and/or terminate in the U.S. creates the opportunity for foreign-owned
and controlled carriers and their personnel to engage in or
allow espionage and economic espionage. To the extent that
the operation of transnational or global communications systems
increase this risk by virtue of their infrastructure, technology,
or business plan, law enforcement's ability to prevent trade
secret theft is proportionately decreased. Perhaps more importantly,
if we cannot intercept lawfully the communications of foreign
government agents, then we will be at a disadvantage in learning
how and when economic espionage is committed. In other words,
to combat this form of espionage effectively, we need to preserve
our ability to learn who, when, and how it is being committed.
This is very difficult to do when the government whose agent
may be the subject of the intercept order owns or controls
the network.
Finally, the globalization of
the communications industry has the inherent potential for
threats to the stability of our National communications infrastructure.
We have a responsibility, under Presidential Decision Directive
63, to take reasonable measures to protect our national infrastructure.
To ensure that critical infrastructure protection is achieved
and maintained, the Directive provides that "[t]he full
authorities, capabilities and resources of the government,
including law enforcement, regulation, foreign intelligence
and defense preparedness shall be available, as appropriate."
(Presidential Decision Directive/NSC-63 on Critical Infrastructure
Protection (May 22, 1998)). Related to this effort, telecommunications
carriers are required to comply in an effective, efficient,
and unimpeded fashion with applicable provisions of (i) all
National Security and Emergency Preparedness rules, regulations,
and orders issued by the FCC under the Communications Act
of 1934, as amended (47 U.S.C. s 151 et seq.); (ii) the orders
of the President in the exercise of his or her authority under
section 706 of the Communications Act of 1934, as amended
(47 U.S.C. s 606), and under section 302(e) of the Aviation
Act of 1958 (49 U.S.C. s 40107(b)); and (iii) Executive Order
11161 (as amended by Executive Order 11382). These provisions
are designed to ensure an immediate response to U.S. Government
telecommunications requirements in the event of a national
emergency. If a carrier's facilities that process U.S. communications
are located outside of the United States or if the carrier
is foreign owned or controlled, there could be a risk that
it could not or would not immediately respond to the U.S.
Government's telecommunication needs in an emergency. The
agreements I have previously noted address such concerns by
requiring that carrier facilities that are part of, or are
used to direct, control, supervise or manage all or any part
of the transmission of domestic U.S. communications, as well
as that end of a call that originates or terminates in the
United States, be located at all times within the United States.
III. Addressing the Risks
Since the business plans, system
infrastructures, and involved technologies in proposed telecommunication
transactions vary significantly in innumerable ways, identifying
a precise and fixed set of criteria that each venture must
satisfy in order to protect adequately the interests identified
above is impractical. Instead, we must analyze a large number
of factors in each case to determine how the proposal will
impact the government's ability to satisfy its public responsibilities:
System size, technology and infrastructure; location of tangible
and intangible assets; business plan and proposed practices;
organizational structure; expected evolution of the communications
market and technology; degree and nature of foreign control;
national and international controls over the system's operations;
political risks/reciprocity; and relevant historical intercept
activity. Based on that evaluation, we begin to negotiate
with the involved companies to devise and evaluate possible
solutions.
In conducting this review, we
recognize that every transaction presents some risk and do
not aspire to eliminate every conceivable risk. Rather, we
view all transactions as falling somewhere on a spectrum of
risk. Some transactions, in short, present greater risks to
law enforcement and national security than do others. At one
end of this spectrum fall ventures involving small communications
service providers seeking authority only to resell international
service; at the other fall transactions involving the acquisition
of large domestic service providers by, or the merger of a
domestic service provider's network into, a global or transnational
network owned or controlled by a hostile foreign government.
Most transactions fall somewhere in between. We attempt to
husband our limited resources by addressing those ventures
that present a high level of risk to the American public.
To this end we are vigilant
in requiring only that which is necessary to protect national
security, privacy and public safety. While there are certain
common characteristics in the measures that are critical to
preserving national security, privacy and public safety, the
commitments needed to mitigate our concerns vary depending
on the company's network and structure. Nonetheless, we strive
for consistency in protecting our ability to enforce the laws
of the United States and to protect our national security.
This consistency has served to help guide DOJ/FBI decision
making, as well as to serve as a platform for guidance to
the telecommunications industry and other interested parties
in resolving national security concerns in foreign ownership
cases.
I wish to stress that we have
taken a number of positive steps to address the concerns discussed
in this testimony. As Mr. Di Gregory describes in detail in
his statement, in each case we use available legal tools to
seek a tailored solution to the specific concerns presented.
In that regard, the FBI and the Department of Justice have
relied on two existing fora in evaluating proposed transactions
in making our concerns about such transactions known: the
Federal Communications Commission and the Committee on Foreign
Investment in the United States. While I will not reiterate
Mr. Di Gregory's remarks in any detail, I would, however like
to echo his concern about changes to the current processes.
To date we have been able to
use the existing legal framework and process to reach agreements
which appropriately address our concerns. I believe we currently
have a good balance between the need to ensure basic security
and the virtues of supporting a vibrant communications sector.
We will continue to utilize existing processes to protect
our national security and law enforcement interests in a consistent
and systematic manner.
|