Summary:

The increasing globalization of the telecommunications marketplace, while promoting competition and stimulating innovative service offerings, increases the risk that our national security and law enforcement interests will be hampered by control of U.S. communications networks by foreign entities. In anticipation of these risks, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have used the existing statutory/regulatory review processes to negotiate arrangements with foreign owned companies which preserve the government's ability to protect the safety and privacy of the American public.

When control of U.S. communications and data is located outside the jurisdiction of the United States, it becomes increasingly difficult to assert U.S. legal authority. In some cases, there may be no practical way to conduct lawful surveillance effectively and securely if the facilities that process U.S. communications are located outside of the United States. It is ultimately the safety of the American public that suffers the consequences of an inability to conduct national security investigations and prevent and detect criminal activity through effective investigative tools such as court authorized electronic surveillance and obtaining transactional information pursuant to lawful process. If these means are rendered useless, either due to the assertion of foreign jurisdiction, or because there is no assurance that confidential U.S. information will be secured, the safety and privacy of the American people become more vulnerable to exploitation. These concerns exist regardless of whether the controlling entity is foreign government owned. Even when the foreign entity controlling a U.S. communications network is privately held, there is cause for concern that the foreign-affiliated carrier may be subject to the influence and directives of the foreign government or others to compromise U.S. investigations and carry out or assist in carrying out intelligence efforts against the U.S. Government or U.S. companies. On a continuum of risk, however, a service provider that is directly or indirectly owned or controlled by a foreign government or its representatives falls on the higher risk end of the spectrum.

Many foreign nations dedicate significant resources to gathering intelligence about other governments or elements thereof and to gathering counterintelligence information to protect against other nation's intelligence activities. Ownership and control of U.S. communications networks gives a foreign government the capacity to gain relatively easy access to confidential information about the targets of U.S. national security and law enforcement investigations, the nature of those investigations, and the sources and methods used, as well as information about the extent to which the U.S. Government is aware of a foreign government's intelligence activities. Ownership and control of U.S. communications networks could also provide a foreign government with the ability to direct key employees to utilize routine monitoring capability to access confidential private communications and data of U.S. corporations and citizens communicating over the network. Although U.S. law prohibits unauthorized monitoring and disclosure of data, such monitoring by the service provider is difficult to detect. While the risks and likelihood of such problems depend on the particular situation involved, if a foreign government were to have unrestricted control of U.S. communications networks, the risk increases that it could exploit such access for its own gain to the detriment of U.S. security.

To address these concerns, the DOJ/FBI have, over the past few years, engaged in a series of discussions with various companies seeking to deploy global telecommunication systems or to consolidate existing domestic and foreign telecommunication systems. We have carried out these discussions within the existing statutory and regulatory processes for protecting law enforcement and national security. Please refer to Kevin Di Gregory's testimony for a further description of these processes. In each instance, the leverage provided by these processes has allowed us to reach an agreement that preserves law enforcement's ability to protect privacy through enforcing the laws and to protect the national security of the United States, while facilitating approval of the transaction by the appropriate reviewing body.

Given the wide variety of business plans, technology, and infrastructure that these various ventures involve, the agreements have, of necessity, been company-specific. Nonetheless, the interests of the United States in these matters remain constant. These constants have served to help guide DOJ/FBI decision making, as well as to serve as a platform for guidance to the telecommunications industry and other interested parties.
__________
I appreciate the opportunity to appear before your subcommittee to discuss H.R. 4903. My comments today will focus on our vital national security and law enforcement interests that can be adversely impacted by foreign ownership of U.S. telecommunication carriers. These vital interests range from protecting the privacy of personal communications to preserving public safety. I also note that existing processes are utilized so that foreign ownership can occur without jeopardizing our security and privacy interests.

Telecommunications networks are a critical part of the Nation's information infrastructure. They provide the central means for transacting, through voice, data, and video, a vast amount of personal communications, private commerce, and government business. Changes in telecommunications technology, infrastructure, and business alignment have transformed the nature of the industry at an ever-accelerating pace. The traditional telecommunications model in which domestic companies provide domestic services to domestic customers has increasingly been replaced by systems and organizations intended to provide services on an international, if not global, scale. These systems attempt to serve the largest possible number of customers from centralized communication and data facilities without regard to where the customer being served is located or to national boundaries. Business ventures in this industry often involve technological and contractual arrangement with, or control or ownership by, foreign entities, or both.

The transnational nature of these ventures poses substantial legal, technical, and practical challenges to U.S. agencies charged with enforcing the law or protecting the national security. These challenges range from protecting U.S. communications and data from unauthorized access to preserving the Government's ability to intercept lawfully communications routed by satellite to gateways outside the United States, without significantly impeding the introduction of new technologies, features, or services. Notwithstanding the wide variety of business plans, technology, and infrastructure that these various ventures involve, certain common characteristics exist and more importantly, the interests of the United States in these matters remain constant.

II. RISKS

A primary FBI interest and the most technologically challenging issue is the preservation of our ability to intercept communications and obtain communications transaction data pursuant to existing legal authorities despite infrastructure and technological changes. To enforce the law, protect public safety, and preserve the national security, law enforcement and national security agencies must be able to intercept communications and obtain the associated identifying data in a secure, unobtrusive, and timely fashion pursuant to and in accordance with the relevant constitutional and statutory safeguards. The Government must also be able to obtain basic subscriber information and other transactional records relevant to the target communications. Actions taken to preserve this interest do not expand existing authorities; rather, they are designed to ensure that existing lawful investigative tools are not rendered inoperative by the transnational nature and technological complexity of a new venture. This will become increasingly important as the highly regulated telecommunication sector converges with the largely unregulated Internet communications industry.

Traditionally, the FBI as well as other Federal, State, and local law enforcement agencies have principally conducted electronic surveillance efforts (and obtained interception access and access to stored communications and subscriber records) through those U.S. carriers which offer local exchange-type service, and provide service connections, directly to the public. It is vital therefore that a foreign owned and controlled company (through its carrier subsidiaries) maintain within the United States interception access, access to the stored wire and electronic communications of their U.S. customers and subscribers, and any records and subscriber information relating to such U.S. customers or subscribers. If such information is unavailable because it is stored beyond the United States border, subject to restrictive disclosure laws of foreign countries, or technologically inaccessible, the national security, law enforcement, and public safety interests of the United States are degraded proportionally. These requirements are essential to ensure effective, efficient, and secure service of lawful U.S. process; effective, efficient, and secure execution of such process; and to protect against any unauthorized disclosure of classified national security and sensitive law enforcement information related to such process, to foreign powers and companies licensed and regulated by foreign powers. For this reason, the agreements the DOJ/FBI have negotiated with foreign owned companies contain provisions which address these requirements.

Another area of significant concern is the security of U.S. intercept and data acquisition activity. The implementation of lawfully authorized national security and law enforcement interception and data acquisitions increasingly requires the cooperation of the communications service provider. In these cases, the U.S. Government is required to disclose sensitive target information and investigative techniques to the service provider in order for it to provide the assistance required under the order. Such targets could be foreign intelligence officers or agents, or could be associated with criminal enterprises (e.g., international drug-trafficking). Without adequate safeguards, the damage to an investigation would be done the moment the U.S. serves process on the foreign-affiliated carrier. The foreign-affiliated carrier would also immediately become knowledgeable about the current technological intercept capabilities and limitations of U.S. law enforcement and national security agencies. The disclosure of such information to a foreign government and its operatives could serve as a guide to how to evade lawful U.S. surveillance.

Risks associated with the potential for compromise of the interception, unauthorized identification of interception targets, and disclosure of interception sources and methods, correspond with the level of foreign involvement in or control of the entity through which the intercept is to be executed. Also, law enforcement's ability to prevent, detect and respond to breaches of wire tap security are greatly inhibited if the equipment and personnel responsible for the intercept are located outside the United States.

If the U.S. Government cannot satisfy itself that the confidentiality of its national security and law enforcement interceptions will be maintained, then it may be denied the use of these investigative tools, degrading of our ability to protect national security and public safety, even though the interception is clearly authorized by law. Moreover, once a communications system is considered "intercept-free," it has the potential to become a haven for all sorts of unlawful activity. Our agreements with the foreign owned companies therefore require increased security of lawfully authorized electronic surveillance activities in situations where information about such activities could be accessible from outside the United States, or otherwise readily acquired by a foreign power.

The FBI together with the Department of Justice is charged with preventing, investigating, and prosecuting, when appropriate, instances in which U.S. communications and data have been acquired or disclosed in violation of our Nation's laws. Our ability to detect, investigate, and assert jurisdiction, criminally or civilly, is impeded, if not eliminated, when entire or significant components of communication systems operating in the U.S. are located or accessible through means located outside U.S. borders. Even within the United States, unauthorized interceptions and disclosures by a service provider are, as a practical matter, undetectable. But the risk that a service provider might carry out, or assist in carrying out, covert interceptions increases when the entity with ownership, control and influence over company practices and employees owes its allegiance to a foreign government.

Related to protecting the security of private communications is our interest in preventing economic espionage. The theft of trade secrets on behalf of foreign governments, instrumentalities, or agents is prohibited by 18 U.S.C. § 1831; theft of trade secrets in other instances is proscribed by 18 U.S.C. § 1832. Notwithstanding that an owner may have taken all measures that a reasonably prudent person in the same or similar circumstances may have taken to safeguard his trade secrets, foreign control of or significant involvement in U.S. communications systems over which those trade secrets are sent increases their vulnerability to unobtrusive, illegal exploitation.

The operation of or access to telecommunications facilities and services which originate and/or terminate in the U.S. creates the opportunity for foreign-owned and controlled carriers and their personnel to engage in or allow espionage and economic espionage. To the extent that the operation of transnational or global communications systems increase this risk by virtue of their infrastructure, technology, or business plan, law enforcement's ability to prevent trade secret theft is proportionately decreased. Perhaps more importantly, if we cannot intercept lawfully the communications of foreign government agents, then we will be at a disadvantage in learning how and when economic espionage is committed. In other words, to combat this form of espionage effectively, we need to preserve our ability to learn who, when, and how it is being committed. This is very difficult to do when the government whose agent may be the subject of the intercept order owns or controls the network.

Finally, the globalization of the communications industry has the inherent potential for threats to the stability of our National communications infrastructure. We have a responsibility, under Presidential Decision Directive 63, to take reasonable measures to protect our national infrastructure. To ensure that critical infrastructure protection is achieved and maintained, the Directive provides that "[t]he full authorities, capabilities and resources of the government, including law enforcement, regulation, foreign intelligence and defense preparedness shall be available, as appropriate." (Presidential Decision Directive/NSC-63 on Critical Infrastructure Protection (May 22, 1998)). Related to this effort, telecommunications carriers are required to comply in an effective, efficient, and unimpeded fashion with applicable provisions of (i) all National Security and Emergency Preparedness rules, regulations, and orders issued by the FCC under the Communications Act of 1934, as amended (47 U.S.C. s 151 et seq.); (ii) the orders of the President in the exercise of his or her authority under section 706 of the Communications Act of 1934, as amended (47 U.S.C. s 606), and under section 302(e) of the Aviation Act of 1958 (49 U.S.C. s 40107(b)); and (iii) Executive Order 11161 (as amended by Executive Order 11382). These provisions are designed to ensure an immediate response to U.S. Government telecommunications requirements in the event of a national emergency. If a carrier's facilities that process U.S. communications are located outside of the United States or if the carrier is foreign owned or controlled, there could be a risk that it could not or would not immediately respond to the U.S. Government's telecommunication needs in an emergency. The agreements I have previously noted address such concerns by requiring that carrier facilities that are part of, or are used to direct, control, supervise or manage all or any part of the transmission of domestic U.S. communications, as well as that end of a call that originates or terminates in the United States, be located at all times within the United States.

III. Addressing the Risks

Since the business plans, system infrastructures, and involved technologies in proposed telecommunication transactions vary significantly in innumerable ways, identifying a precise and fixed set of criteria that each venture must satisfy in order to protect adequately the interests identified above is impractical. Instead, we must analyze a large number of factors in each case to determine how the proposal will impact the government's ability to satisfy its public responsibilities: System size, technology and infrastructure; location of tangible and intangible assets; business plan and proposed practices; organizational structure; expected evolution of the communications market and technology; degree and nature of foreign control; national and international controls over the system's operations; political risks/reciprocity; and relevant historical intercept activity. Based on that evaluation, we begin to negotiate with the involved companies to devise and evaluate possible solutions.

In conducting this review, we recognize that every transaction presents some risk and do not aspire to eliminate every conceivable risk. Rather, we view all transactions as falling somewhere on a spectrum of risk. Some transactions, in short, present greater risks to law enforcement and national security than do others. At one end of this spectrum fall ventures involving small communications service providers seeking authority only to resell international service; at the other fall transactions involving the acquisition of large domestic service providers by, or the merger of a domestic service provider's network into, a global or transnational network owned or controlled by a hostile foreign government. Most transactions fall somewhere in between. We attempt to husband our limited resources by addressing those ventures that present a high level of risk to the American public.

To this end we are vigilant in requiring only that which is necessary to protect national security, privacy and public safety. While there are certain common characteristics in the measures that are critical to preserving national security, privacy and public safety, the commitments needed to mitigate our concerns vary depending on the company's network and structure. Nonetheless, we strive for consistency in protecting our ability to enforce the laws of the United States and to protect our national security. This consistency has served to help guide DOJ/FBI decision making, as well as to serve as a platform for guidance to the telecommunications industry and other interested parties in resolving national security concerns in foreign ownership cases.

I wish to stress that we have taken a number of positive steps to address the concerns discussed in this testimony. As Mr. Di Gregory describes in detail in his statement, in each case we use available legal tools to seek a tailored solution to the specific concerns presented. In that regard, the FBI and the Department of Justice have relied on two existing fora in evaluating proposed transactions in making our concerns about such transactions known: the Federal Communications Commission and the Committee on Foreign Investment in the United States. While I will not reiterate Mr. Di Gregory's remarks in any detail, I would, however like to echo his concern about changes to the current processes.

To date we have been able to use the existing legal framework and process to reach agreements which appropriately address our concerns. I believe we currently have a good balance between the need to ensure basic security and the virtues of supporting a vibrant communications sector. We will continue to utilize existing processes to protect our national security and law enforcement interests in a consistent and systematic manner.