[House Report 118-491] [From the U.S. Government Publishing Office] 118th Congress } { Report HOUSE OF REPRESENTATIVES 2d Session } { 118-491 ====================================================================== COUNTERING CCP DRONES ACT _______ May 7, 2024.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mrs. Rodgers of Washington, from the Committee on Energy and Commerce, submitted the following R E P O R T [To accompany H.R. 2864] The Committee on Energy and Commerce, to whom was referred the bill (H.R. 2864) to amend the Secure and Trusted Communications Networks Act of 2019 to provide for the addition of certain equipment and services produced or provided by DJI Technologies to the list of covered communications equipment or services published under such Act, and for other purposes, having considered the same, reports favorably thereon with an amendment and recommends that the bill as amended do pass. CONTENTS Page Purpose and Summary.............................................. 2 Background and Need for Legislation.............................. 2 Committee Action................................................. 3 Committee Votes.................................................. 4 Oversight Findings and Recommendations........................... 6 New Budget Authority, Entitlement Authority, and Tax Expenditures 6 Congressional Budget Office Estimate............................. 6 Federal Mandates Statement....................................... 6 Statement of General Performance Goals and Objectives............ 6 Duplication of Federal Programs.................................. 6 Related Committee and Subcommittee Hearings...................... 6 Committee Cost Estimate.......................................... 7 Earmark, Limited Tax Benefits, and Limited Tariff Benefits....... 7 Advisory Committee Statement..................................... 7 Applicability to Legislative Branch.............................. 7 Section-by-Section Analysis of the Legislation................... 7 Changes in Existing Law Made by the Bill, as Reported............ 8 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Countering CCP Drones Act''. SEC. 2. ADDITION OF CERTAIN EQUIPMENT AND SERVICES OF DJI TECHNOLOGIES TO COVERED LIST. (a) In General.--Section 2(c) of the Secure and Trusted Communications Networks Act of 2019 (47 U.S.C. 1601(c)) is amended by adding at the end the following: ``(5) The communications equipment or service being-- ``(A) telecommunications or video surveillance equipment produced by Shenzhen Da-Jiang Innovations Sciences and Technologies Company Limited (commonly known as `DJI Technologies') (or any subsidiary or affiliate thereof); or ``(B) telecommunications or video surveillance services, including software, provided by an entity described in subparagraph (A) or using equipment described in such subparagraph.''. (b) Conforming Amendments.--Section 2 of the Secure and Trusted Communications Networks Act of 2019 (47 U.S.C. 1601) is amended by striking ``paragraphs (1) through (4)'' each place it appears and inserting ``paragraphs (1) through (5)''. Purpose and Summary H.R. 2864, the ``Countering CCP Drones Act,'' amends the Secure and Trusted Communications Networks Act of 2019 to add telecommunications or video surveillance equipment and services produced or provided by Shenzhen Da-Jiang Innovations Sciences and Technologies Company Limited (commonly referred to as DJI Technologies, or DJI) or any subsidiary or affiliate of DJI, to the Federal Communications Commission's (FCC) covered list. Background and Need for Legislation The ``Countering CCP Drones Act'' brings into sharp focus a myriad of complex issues surrounding the utilization of Chinese-made drones, particularly those produced by DJI, the world's largest drone manufacturer. DJI's pivotal role in supplying drones to various sectors, including U.S. law enforcement agencies, has sparked heightened scrutiny about the company's ties to the Chinese government and its potential ramifications for national security and privacy. Central to these concerns are DJI's ties to the Chinese Communist Party (CCP) and the People's Republic of China (PRC). Collectively, these government entities have significant influence and control over China-based companies, which they could use to harm the national security of the United States. For instance, the PRC's National Intelligence Law of 2017 requires PRC individuals and entities to support PRC intelligence services, including by providing data without regard to where that data was collected and without any mechanism of due process.\1\ Other laws include the 2021 Data Security Law, which expands the PRC's access to and control of companies and data within China and imposes strict penalties on China-based businesses for non-compliance, and the 2021 Cyber Vulnerability Reporting Law, which requires Chinese-based companies to disclose cyber vulnerabilities found in their systems or software to PRC authorities prior to any public disclosure or sharing overseas.\2\ As the ruling political party in the PRC, the CCP could use these laws to force China- based companies to share information these companies collect on Americans or to sell unsecure equipment in the United States that the CCP could exploit for cyberattacks or espionage. --------------------------------------------------------------------------- \1\U.S. Department of Homeland Security, Office of Strategy, Policy & Plans, Data Security Business Advisory: Risks and Considerations for Businesses Using Data Services and Equipment From Firms Linked to the People's Republic of China at 6 (December 22, 2020), https:// www.dhs.gov/sites/default/files/publications/20_1222_data-security- business-advisory.pdf. \2\https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/ FINAL_NCSC_SOF_ Bulletin_PRC_Laws.pdf. --------------------------------------------------------------------------- DJI is subject to these laws because it is headquartered in Shenzhen, China.\3\ In addition, it has received investment from the Chinese government: four investment bodies owned or administered by the CCP ``have invested in [DJI] in recent years, including a state asset manager that has pledged to play a key role in promoting partnerships between private enterprises and the Chinese military.''\4\ --------------------------------------------------------------------------- \3\https://www.dji.com/company. \4\https://www.washingtonpost.com/national-security/2022/02/01/ china-funding-drones-dji-us-regulators/. --------------------------------------------------------------------------- Numerous federal agencies have highlighted the threat posed by DJI drones because of the company's ties to the CCP. For example:The Department of Homeland Security found that ``the use of Chinese-manufactured [Unmanned Aircraft Systems] in critical infrastructure operations risks exposing sensitive information to PRC authorities, jeopardizing U.S. national security, economic security, and public health and safety.'';\5\ --------------------------------------------------------------------------- \5\https://www.cisa.gov/sites/default/files/2024-01/ Cybersecurity%20Guidance%20Chinese-Manufactured%20UAS.pdf. --------------------------------------------------------------------------- The Department of Defense states that ``systems produced by Da Jiang Innovations (DJI) pose potential threats to national security.'';\6\ and --------------------------------------------------------------------------- \6\https://www.defense.gov/News/Releases/Release/Article/2706082/ department-statement-on-dji-systems/. --------------------------------------------------------------------------- The Department of Justice (DOJ) barred the use of DOJ funds for drones made by a ``Covered foreign entity . . . determined or designated, within the Department of Justice, to be subject to or vulnerable to extrajudicial direction from a foreign government,'' including DJI.\7\ --------------------------------------------------------------------------- \7\https://www.ojp.gov/sites/g/files/xyckuh241/files/media/ document/ojporderfundingdrones.pdf. --------------------------------------------------------------------------- The threat posed by DJI drones is widely known, highlighting the need to remove these drones from the U.S. communications ecosystem. Amending the Secure and Trusted Communications Networks Act to incorporate DJI's telecommunications and video surveillance equipment and services within the roster of covered communications equipment underscores a concerted endeavor to tackle these mounting apprehensions head-on. Committee Action On January 11, 2024, the Subcommittee on Communications and Technology held a hearing on cybersecurity matters. The title of the hearing was ``Safeguarding Americans' Communications: Strengthening Cybersecurity in a Digital Era.'' The Subcommittee received testimony from: Jim Richberg, Head of Cyber Policy, Fortinet; Tobin Richardson, President and CEO, Connectivity Standards Alliance; Clete Johnson, Senior Fellow, Center for Strategic and International Studies; and Alan Butler, Executive Director and President, Electronic Privacy Information Center. On February 15, 2024, the Subcommittee on Communications and Technology held a hearing on multiple bills, including H.R. 2864. The title of the hearing was ``Securing Communications Networks from Foreign Adversaries.'' The Subcommittee received testimony from: James Lewis, Senior Vice President, Center for Strategic and International Studies; Craig Singleton, China Program Senior Director and Senior Fellow, Foundation of Defense of Democracies; and Lindsay Gorman, Senior Fellow for Emerging Technologies, German Marshall Fund's Alliance for Securing Democracy. On March 12, 2024, the Subcommittee on Communications and Technology met in open markup session and forwarded H.R. 2864, as amended, to the full Committee by vote of 21 yeas and 0 nays. On March 20, 2024, the full Committee on Energy and Commerce met in open markup session and ordered H.R. 2864, as amended, favorably reported to the House by a record vote of 43 yeas and 0 nays. Committee Votes Clause 3(b) of rule XIII requires the Committee to list the record votes on the motion to report legislation and amendments thereto. The following reflects the record votes taken during the Committee consideration: [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Oversight Findings and Recommendations Pursuant to clause 2(b)(1) of rule X and clause 3(c)(1) of rule XIII, the Committee held hearings and made findings that are reflected in this report. New Budget Authority, Entitlement Authority, and Tax Expenditures Pursuant to clause 3(c)(2) of rule XIII, the Committee finds that H.R. 2864 would result in no new or increased budget authority, entitlement authority, or tax expenditures or revenues. Congressional Budget Office Estimate Pursuant to clause 3(c)(3) of rule XIII, at the time this report was filed, the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974 was not available. Federal Mandates Statement The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. Statement of General Performance Goals and Objectives Pursuant to clause 3(c)(4) of rule XIII, the general performance goal or objective of this legislation is to add communications equipment and services produced by DJI to the FCC's covered list, which would prohibit the FCC from authorizing the use of such equipment and services. Duplication of Federal Programs Pursuant to clause 3(c)(5) of rule XIII, no provision of H.R. 2864 is known to be duplicative of another Federal program, including any program that was included in a report to Congress pursuant to section 21 of Public Law 111-139 or the most recent Catalog of Federal Domestic Assistance. Related Committee and Subcommittee Hearings Pursuant to clause 3(c)(6) of rule XIII, the following related hearings were used to develop or consider H.R. 2864: On January 11, 2024, the Subcommittee on Communications and Technology held a hearing on cybersecurity matters. The title of the hearing was ``Safeguarding Americans' Communications: Strengthening Cybersecurity in a Digital Era.'' The Subcommittee received testimony from: Jim Richberg, Head of Cyber Policy, Fortinet; Tobin Richardson, President and CEO, Connectivity Standards Alliance; Clete Johnson, Senior Fellow, Center for Strategic and International Studies; and Alan Butler, Executive Director and President, Electronic Privacy Information Center. On February 15, 2024, the Subcommittee on Communications and Technology held a hearing on multiple bills, including H.R. 2864. The title of the hearing was ``Securing Communications Networks from Foreign Adversaries.'' The Subcommittee received testimony from: James Lewis, Senior Vice President, Center for Strategic and International Studies; Craig Singleton, China Program Senior Director and Senior Fellow, Foundation of Defense of Democracies; and Lindsay Gorman, Senior Fellow for Emerging Technologies, German Marshall Fund's Alliance for Securing Democracy. Committee Cost Estimate Pursuant to clause 3(d)(1) of rule XIII, at the time this report was filed, the estimate was not available. Earmark, Limited Tax Benefits, and Limited Tariff Benefits Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the Committee finds that H.R. 2864 contains no earmarks, limited tax benefits, or limited tariff benefits. Advisory Committee Statement No advisory committees within the meaning of Section 5(b) of the Federal Advisory Committee Act were created by this legislation. Applicability to Legislative Branch The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. Section-by-Section Analysis of the Legislation Section 1. Short title This section provides that the Act may be cited as the ``Countering CCP Drones Act.'' Section 2. Addition of certain equipment and services of DJI technologies to covered list Subsection (a) would amend the Secure and Trusted Communications Networks Act by adding a new paragraph (5), which would add telecommunications or video surveillance equipment produced by DJI (or any subsidiary or affiliate) to the FCC's covered list. It would also add telecommunications or video surveillance services, including software, provided by DJI (or any subsidiary or affiliate) or using equipment provided by DJI (or any subsidiary or affiliate). Subsection (b) would make conforming amendments to the Secure and Trusted Communications Networks Act by updating references from ``paragraphs (1) through (4)'' to ``paragraphs (1) through (5)''. Changes in Existing Law Made by the Bill, as Reported In compliance with clause 3(e) of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (existing law proposed to be omitted is enclosed in black brackets, new matter is printed in italics, and existing law in which no change is proposed is shown in roman): SECURE AND TRUSTED COMMUNICATIONS NETWORKS ACT OF 2019 * * * * * * * SEC. 2. DETERMINATION OF COMMUNICATIONS EQUIPMENT OR SERVICES POSING NATIONAL SECURITY RISKS. (a) Publication of Covered Communications Equipment or Services List.--Not later than 1 year after the date of the enactment of this Act, the Commission shall publish on its website a list of covered communications equipment or services. (b) Publication by Commission.--The Commission shall place on the list published under subsection (a) any communications equipment or service, if and only if such equipment or service-- (1) is produced or provided by any entity, if, based exclusively on the determinations described in [paragraphs (1) through (4)] paragraphs (1) through (5) of subsection (c), such equipment or service produced or provided by such entity poses an unacceptable risk to the national security of the United States or the security and safety of United States persons; and (2) is capable of-- (A) routing or redirecting user data traffic or permitting visibility into any user data or packets that such equipment or service transmits or otherwise handles; (B) causing the network of a provider of advanced communications service to be disrupted remotely; or (C) otherwise posing an unacceptable risk to the national security of the United States or the security and safety of United States persons. (c) Reliance on Certain Determinations.--In taking action under subsection (b)(1), the Commission shall place on the list any communications equipment or service that poses an unacceptable risk to the national security of the United States or the security and safety of United States persons based solely on one or more of the following determinations: (1) A specific determination made by any executive branch interagency body with appropriate national security expertise, including the Federal Acquisition Security Council established under section 1322(a) of title 41, United States Code. (2) A specific determination made by the Department of Commerce pursuant to Executive Order No. 13873 (84 Fed. Reg. 22689; relating to securing the information and communications technology and services supply chain). (3) The communications equipment or service being covered telecommunications equipment or services, as defined in section 889(f)(3) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232; 132 Stat. 1918). (4) A specific determination made by an appropriate national security agency. (5) The communications equipment or service being-- (A) telecommunications or video surveillance equipment produced by Shenzhen Da-Jiang Innovations Sciences and Technologies Company Limited (commonly known as ``DJI Technologies'') (or any subsidiary or affiliate thereof); or (B) telecommunications or video surveillance services, including software, provided by an entity described in subparagraph (A) or using equipment described in such subparagraph. (d) Updating of List.-- (1) In general.--The Commission shall periodically update the list published under subsection (a) to address changes in the determinations described in [paragraphs (1) through (4)] paragraphs (1) through (5) of subsection (c). (2) Monitoring of determinations.--The Commission shall monitor the making or reversing of the determinations described in [paragraphs (1) through (4)] paragraphs (1) through (5) of subsection (c) in order to place additional communications equipment or services on the list published under subsection (a) or to remove communications equipment or services from such list. If a determination described in any such paragraph that provided the basis for a determination by the Commission under subsection (b)(1) with respect to any communications equipment or service is reversed, the Commission shall remove such equipment or service from such list, except that the Commission may not remove such equipment or service from such list if any other determination described in any such paragraph provides a basis for inclusion on such list by the Commission under subsection (b)(1) with respect to such equipment or service. (3) Public notification.--For each 12-month period during which the list published under subsection (a) is not updated, the Commission shall notify the public that no updates were necessary during such period to protect national security or to address changes in the determinations described in [paragraphs (1) through (4)] paragraphs (1) through (5) of subsection (c). * * * * * * * [all]