[Federal Register Volume 85, Number 2 (Friday, January 3, 2020)] [Rules and Regulations] [Pages 230-250] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2019-27610] ======================================================================= ----------------------------------------------------------------------- FEDERAL COMMUNICATIONS COMMISSION 47 CFR Part 54 [WC Docket No. 18-89, PS Docket Nos. 19-351, 19-352; FCC 19-121; FRS 16315] Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs; Huawei Designation; ZTE Designation AGENCY: Federal Communications Commission. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: In this document, the Federal Communications Commission (Commission) adopts a rule that prospectively prohibits the use of Universal Service Fund (USF or the Fund) funds to purchase or obtain any equipment or services produced or provided by a covered company posing a national security threat to the integrity of communications networks or the communications supply chain. In doing so, the Report and Order initially designates Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE) as covered companies for purposes of the rule and establish a process for designating additional covered companies in the future. To support the Commission's future efforts to protect the communications supply chain, the Information Collection Order (Order) directs the Wireline Competition Bureau (WCB) and Office of Economics and Analytics (OEA), in coordination with USAC, to conduct an information collection to determine the extent to which potentially prohibited equipment exists in current networks and the costs associated with removing such equipment and replacing it with equivalent equipment. DATES: Effective January 3, 2020. FOR FURTHER INFORMATION CONTACT: For further information, please contact John Visclosky, Competition Policy Division, Wireline Competition Bureau, at [email protected]. SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Report and Order and Order in WC Docket No. 18-89 and PS Docket Nos. 19-351 and 19-352, adopted November 22, 2019 and released November 26, 2019. The full text of this document is available for public inspection during regular business hours in the FCC Reference Information Center, Portals II, 445 12th Street SW, Room CY-A257, Washington, DC 20554 or at the following internet address: https://docs.fcc.gov/public/attachments/FCC-19-121A1.pdf . The Further Notice of Proposed Rulemaking that was adopted concurrently with this Report and Order and Order is published elsewhere in the Federal Register. Comments on the initial designations of Huawei and ZTE as covered companies are due on or before February 3, 2020. Pursuant to sections 1.415 and 1.419 of the Commission's rules, 47 CFR 1.415, 1.419, interested parties may file comments on or before the dates indicated on the first page of this document. Comments may be filed using the Commission's Electronic Comment Filing System (ECFS). See Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998). Interested parties may file comments, identified by PS Docket No. 19-351 for the Huawei final designation proceeding or PS Docket No. 19-352 for the ZTE final designation proceeding, by any of the following methods: [ssquf] Electronic Filers: Comments may be filed electronically using the internet by accessing the ECFS: https://www.fcc.gov/ecfs/. [ssquf] Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing. If more than one docket or rulemaking number appears in the caption of this proceeding, filers must submit two additional copies for each additional docket or rulemaking number. Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.All hand-delivered or messenger-delivered paper filings for the Commission's Secretary must be delivered to FCC Headquarters at 445 12th St. SW, Room TW-A325, Washington, DC 20554. The filing hours are 8:00 a.m. to 7:00 p.m. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes and boxes must be disposed of before entering the building. Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701. U.S. Postal Service first-class, Express, and Priority mail must be addressed to 445 12th Street SW, Washington, DC 20554. People with Disabilities: To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to [email protected] or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202- 418-0432 (tty). Comments and reply comments must include a short and concise summary of the substantive arguments raised in the pleading. Comments and reply comments must also comply with section 1.49 and all other applicable sections of the Commission's rules. The Commission directs all interested parties to include the name of the filing party and the date of the filing on each page of their comments and reply comments. All parties are encouraged to use a table of contents, regardless of the length of their submission. I. Introduction 1. In today's increasingly connected world, safeguarding the security and integrity of America's communications infrastructure has never been more important. Broadband networks have transformed virtually every aspect of the U.S. economy, enabling the voice, data, and internet connectivity that fuels all other critical industry sectors--including our transportation systems, electrical grid, financial markets, and emergency services. And with the advent of 5G-- the next generation of wireless technologies, which is expected to deliver exponential increases in speed, responsiveness, and capacity-- the crucial and transformative role of communications networks in our economy and society will only increase. It is therefore vital that the Commission protects these networks from national security threats. 2. The Commission has taken a number of targeted steps to protect the nation's communications networks from potential security threats. In this document, the Commission builds on these efforts, consistent with concurrent Congressional and Executive Branch actions, and ensure that the public funds used in the Commission's USF funds are not used in a way that undermines or poses a threat to our national security. Specifically, in the Report and Order, the Commission adopts a rule that prospectively prohibits the use of USF funds to purchase or obtain any equipment or services produced or provided by a [[Page 231]] covered company posing a national security threat to the integrity of communications networks or the communications supply chain. In doing so, the Commission initially designates Huawei and ZTE as covered companies for purposes of this rule and establish a process for designating additional covered companies in the future. 3. Given the Commission's oversight of the USF programs that fund voice and broadband networks and services and the Commission's obligation to be responsible stewards of the public funds that subsidize those programs, the Commission has a specific, but important, role to play in securing the communications supply chain. The Commission believes that the steps the Commission takes in the document are consistent with this role, that the Commission must do all it can within the confines of its legal authority to address national security threats, and that its actions, along with those taken by other Executive Branch agencies, will go far in securing our nation's critical telecommunications infrastructure. II. Report and Order 4. Based on the Commission's review of the extensive record in the proceeding, it adopts a rule that no universal service support may be used to purchase or obtain any equipment or services produced or provided by a covered company posing a national security threat to the integrity of communications networks or the communications supply chain. Accordingly, USF recipients may not use USF funds to maintain, improve, modify, operate, manage, or otherwise support such equipment or services in any way, including upgrades to existing equipment and services. This prohibition applies to any subsidiaries and affiliates of USF recipients to the extent that such subsidiaries and affiliates use USF funds. 5. In addition to adopting the rule, the Commission initially designates Huawei and ZTE as covered companies for the purposes of this prohibition. Both companies' ties to the Chinese government and military apparatus--together with Chinese laws obligating them to cooperate with any request by the Chinese government to use or access their systems--pose a threat to the security of communications networks and the communications supply chain and necessitate taking this step. The Commission's actions in this document are informed by the evidence cited herein, including the actions of other agencies and branches of the government and similar assessments from other countries. 6. As the Commission stated in the Protecting Against National Security Threats Notice, the promotion of national security is consistent with the public interest, and USF funds should be used to deploy infrastructure and provide services that do not undermine our national security. The Commission has long accorded significant weight to the views of Executive Branch agencies on matters of national security, foreign policy, law enforcement, and trade policy, and the Commission finds it very significant that the U.S. Department of Justice (DoJ) has expressed its strong support for this conclusion. The Commission also agrees with the Telecommunications Industry Association (TIA) that the Commission ``may reasonably conclude that limiting the use of technology from certain vendors deemed to pose a heightened national security risk is an appropriate element of providing a quality communications service.'' The record persuades the Commission that the nature of today's communications networks is such that untrusted participants in the supply chain pose a serious risk to the integrity and, thus, the quality of those networks. 7. It is well established that the Commission has authority to place reasonable public-interest conditions on the use of USF funds. In the 2011 USF/ICC Transformation Order, 76 FR 73830, November 29, 2011, the Commission determined that supported services must be provided using broadband-capable networks and that ETCs must offer broadband services that meet certain basic performance requirements. As the Tenth Circuit held in upholding the Commission's imposition of these obligations, section 254(c)(1) does not limit the Commission's authority to place conditions on the use of USF funds, and section 254(e) is reasonably interpreted as allowing the Commission ``to specify what a USF recipient may or must do with the funds,'' consistent with the policy principles outlined in section 254(b). The Commission adopts the rule as just such a restriction, based on its conclusion that it is critical to the provision of ``quality service'' that USF funds be spent on secure networks and not be spent on equipment and services from companies that threaten national security. Or, to put it another way, providing a secure service is part of providing a quality service. 8. The Commission disagrees with commenters who suggest that adopting the rule violates the principle that ``[q]uality services should be available at just, reasonable, and affordable rates.'' As TIA points out, many companies have been able to provide quality services at reasonable and affordable rates using suppliers whose quality, and risk to our national security, is not being questioned here. Furthermore, the Commission is not persuaded by arguments that the proposed rule would violate this principle by eliminating low-cost suppliers. Again, the record clearly demonstrates that service can be provided at just, reasonable, and affordable rates without these suppliers. Additionally, there is evidence that those low costs are likely due to favorable subsidies and other benefits bestowed by governments that are in an adversarial position to the United States. To the extent that certain vendors are able to offer lower prices for their equipment or services due to subsidization from foreign governments that pose a national security threat, restricting federal funding to those vendors should unleash competition from more-trusted, higher-quality suppliers in the long run, resulting in significant public interest benefits. Furthermore, the Commission would be shirking its responsibility to the American public if it were to ignore threats to our security posed by certain equipment manufacturers simply because that equipment was cheaper. 9. Moreover, the Commission must ensure that universal service funds are being spent in a manner consistent with section 254 of the Act. Section 254(e) requires that USF recipients ``shall use that support only for the provision, maintenance, and upgrading of facilities and services for which the support is intended.'' This language authorizes the Commission to designate the services for which USF support will be provided and to ``encourage the deployment of the types of facilities that will best achieve the principles set forth in section 254(b).'' The Commission also must define the services supported by USF, which the statute explains is to be ``an evolving level of telecommunications services that the Commission shall establish periodically under this section.'' In so doing, the Commission ``shall consider . . . the extent to which such telecommunications services . . . are consistent with the public interest, convenience, and necessity.'' Again, the Commission concludes that the public interest requires that the USF support only services that are not dependent on equipment and services provided or produced by any company that poses a national security threat. The Commission's decision here to limit the services that will be supported by USF is especially consistent with public safety, under section 254(c)(1)(A), and [[Page 232]] with the public interest, convenience, and necessity, under section 254(c)(1)(D). 10. To the extent parties contend that the Commission may not change what it establishes as the ``evolving level of telecommunications services'' to be supported by USF without first seeking the recommendation of the Joint Board, the Commission disagrees. Section 254(c)(1) requires the Commission to establish the definition of universal service; it allows the Joint Board to issue a recommendation but does not require Commission action to be preceded by such a recommendation. The Commission has acted under this provision several times without following a recommendation of the Joint Board-- for example in the 2014 First E-Rate Order, 80 FR 167, January 5, 2015, and the 2016 Lifeline Order, 81 FR 33026, May 24, 2016. 11. The Commission also rejects arguments that it may not consider national security in assessing the public interest generally or under section 254. Indeed, the security of our nation is an important part of the public interest. That's why the Commission has consistently held, including in the Protecting Against National Security Threats Notice in the proceeding, that national security concerns are part of the public interest and that the Commission's exercise of specific statutory authorities should, when warranted, take those concerns into account. As discussed in the Protecting Against National Security Threats Notice, the Commission adopted rules implementing the 2012 Spectrum Act to prohibit participation in spectrum auctions by entities that have been barred by any federal agency from bidding on a contract, participating in an auction, or receiving a grant. The Commission also has a long history of considering national security equities where other agencies have specific expertise and are positioned to make recommendations, and adopting a similar process here cannot be characterized as ``promot[ing] other, unrelated objectives'' unrelated to the specific regulatory program at hand. 12. More generally, section 201(b) of the Act authorizes the Commission to promulgate ``such rules and regulations as may be necessary in the public interest to carry out the provisions of this Act.'' It is well-established that the promotion of national security is consistent with the public interest and part of the purpose for which the Commission was created. As section 1 of the Act states, the Commission was created ``for the purpose of the national defense [and] for the purpose of promoting safety of life and property through the use of wire and radio communication . . . .'' The Commission concludes based on the record of the proceeding that it is necessary in the public interest to prohibit USF recipients from spending universal service funds on covered equipment or services. 13. The action the Commission takes in this document also implements section 105 of the Communications Assistance for Law Enforcement Act (CALEA). That section requires every telecommunications carrier to ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only pursuant to a lawful authorization and with the affirmative intervention of an officer or employee of the carrier. The Commission has concluded that all facilities-based providers of broadband internet access services and all providers of interconnected VoIP services are telecommunications carriers under CALEA. The Commission has interpreted ``switching premises'' consistent with the purpose of CALEA as including ``routers, soft switches, and other equipment that may provide addressing and intelligence functions for packet-based communications to manage and direct the communications along to their intended destinations.'' One of the dangers of allowing equipment from untrusted suppliers to be part of a network is the possibility that those suppliers will maintain the ability to illegally activate interceptions or other forms of surveillance within the carrier's switching premises without its knowledge, whether through the insertion of malicious hardware or software implants, remote network access maintained by providers of managed services, or otherwise. Telecommunications carriers, including all ETCs, therefore appear to have a duty to avoid such risks. 14. The Commission disagrees with Huawei that its recognition of this duty is barred by section 103(b)(1) of CALEA, 47 U.S.C. 1002(b)(1). The rule the Commission adopts in this document addresses only the use of USF funds and does not prohibit the ``adoption of any equipment.'' Furthermore, the Commission is not a ``law enforcement agency'' within the meaning of section 103(b)(1); in the context of CALEA, that term refers to agencies that conduct interceptions and access to call-identifying information. 15. The Commission is authorized to ``prescribe such rules as are necessary to implement the requirements of'' CALEA and specifically to require carriers to establish policies and procedures to prevent unauthorized surveillance. Though the rule the Commission adopts in this document applies only to ETCs' use of USF funds, it disagrees with Huawei's argument that the link between this obligation and the prohibition the Commission adopts here is ``remote.'' The rule the Commission adopts in this document directly implements section 105 of CALEA by reducing the likelihood that ETCs use USF funds to facilitate unauthorized surveillance. Nor does the rule require, as Huawei suggests, that the Commission interprets section 105 ``as prohibiting carriers from using any equipment that has any possibility, no matter how remote, of being subject to unauthorized access for purposes of intercepting communications.'' But use of equipment or services from companies that pose national security threats is far more likely to be subject to such unauthorized access, and the Commission chooses here not to allow USF funds to support such use. 16. The Commission further disagrees with Huawei's contention that CALEA's security provision does not apply to attempts by actors other than U.S. law enforcement to intercept or access communications. The plain language of section 105 specifies not only the activation of the assistance capabilities required by section 103 but any interception or access effected within a carrier's switching premises. This understanding of the plain language is consistent with its legislative history. The bills reported by the House and Senate Judiciary Committees used different language limiting the security obligation only to ``any court ordered or lawfully authorized interception of communications or access to call-identifying information within its switching premises,'' but that language was revised in consultation with the House Energy and Commerce Committee in the version of the bill ultimately considered and adopted on the floor of both Houses. The Commission considers the change to be purposeful and to reflect Congress's understanding of CALEA as enacting protections against unauthorized surveillance, not only as ensuring the ability of law enforcement to conduct authorized surveillance. 17. Congress has also determined, in section 889 of the National Defense Authorization Act for Fiscal Year 2019 (2019 NDAA), that the expenditure of loan or grant funds by federal agencies to procure or obtain covered telecommunications equipment or services is contrary to the security interests of the United States. Although [[Page 233]] the USF is neither a loan program nor a grant program, it is a significant source of funds administered by the Commission and intended for the purchase of equipment, services, or systems with which section 889 is concerned. The Commission finds that the goals underlying section 889 of the 2019 NDAA also support its decision to take action here. Following enactment of the 2019 NDAA, the WCB sought comment on the relevance of section 889(b)(1) to the proceeding. The record now persuades the Commission that adoption of a rule that prohibits universal service funds from being used to obtain equipment or services produced or provided by companies that pose a threat to national security, and the Commission's initial designation of Huawei and ZTE as such companies, is consistent with section 889 of the 2019 NDAA. The Commission agrees with TIA that section 889 ``codifies a determination by Congress regarding five specific suppliers of concern,'' including Huawei and ZTE, and expresses a view that ``the role of the Commission and other executive agencies is to prevent the use of federal funds under their control on equipment and services from [those] suppliers of concern.'' 18. The Commission establishes a process for designating entities as national security threats for purposes of its rule. The Commission first defines ``covered company'' to include subsidiaries, parents and affiliates of covered companies for purposes of the rule it adopts in this document. In the Protecting Against National Security Threats Notice, the Commission sought comment on whether a covered company's subsidiaries, parents, and/or affiliates should be treated as a covered company as well and sought comment on how to define such entities. Because equipment from subsidiaries, parents, and affiliates pose the same risks to network integrity as equipment directly from the covered company, the Commission includes any subsidiary, parent, or affiliate of a covered company as a covered company subject to its prohibition. 19. When the Commission initially determines, either sua sponte or in response to a petition from an outside party, that a company poses a national security threat to the integrity of communications networks or the communications supply chain, the Commission will issue a public notice advising that such initial designation has been made, as well as the basis for such designation. This public notice shall serve as an ``initial designation'' of a covered company. Upon the issuance of such notice, interested parties may file comments responding to the initial designation, including proffering an opposition to the initial designation. If the initial designation is unopposed, the entity shall be deemed to pose a national security threat 31 days after the issuance of the notice. If any party opposes the initial designation, the designation shall take effect only if the Commission determines that the affected entity should nevertheless be designated as a covered company under the Commission's rule. In either case, the Commission shall issue a second public notice announcing its final designation and the effective date of that final designation. This public notice shall serve as the ``final designation'' of a covered company. In order to provide regulatory certainty to entities affected by initial designations, the Commission shall make a final designation effective no later than 120 days after release of its initial designation notice. The Commission may, however, extend such 120-day deadline for good cause. 20. In formulating its initial and final designations, the Commission will use all available evidence to determine whether an entity poses a national security threat. Examples of such evidence may include, but are not limited to: determinations by the Commission, Congress or the President that an entity poses a national security threat; determinations by other executive agencies that an entity poses a national security threat; and, any other available evidence, whether open source or classified, that an entity poses a national security threat. Where appropriate, the Commission will seek to harmonize its determinations with the determinations of other federal agencies in the Executive branch and determinations of the Legislative branch. The Commission will base its determination on the totality of evidence surrounding the affected entity and should consider any evidence provided by the affected entity, or any other interested party, in making its final determination. However, classified information will not be made public, nor will it be made available to the designated company. 21. Reversal of Designation. The Commission will act to reverse its designation upon a finding that a covered company no longer poses a national security threat to the integrity of communications networks or the communications supply chain. A covered company, or any other interested party, may submit a petition asking the Commission to remove a designation based on a showing of changed circumstances. The Commission shall seek the input of Executive Branch agencies and the public upon receipt of such a petition. If the record shows that a covered company is no longer a national security threat, the Commission shall promptly issue an order reversing its designation of that company. The Commission may dismiss repetitive or frivolous petitions for reversal of a designation without notice and comment--and may dismiss petitions that make no showing of changed circumstances or attempt to evade the limits the Commission's rules place on petitions for reconsideration or applications for review. If the Commission reverses its designation, it shall issue an order announcing its decision along with the basis for its decision. 22. In the Protecting Against National Security Threats Notice, the Commission highlighted the longstanding concerns about the threats posed by Huawei and ZTE, including by other Executive Branch agencies and Congress. Both companies, as well as their subsidiaries and affiliates, are restricted from selling certain equipment and services to federal agencies due to Congressional and Executive Branch concern about the threat their equipment and services pose to the communications supply chain. Huawei vigorously responded to these allegations in the record of the proceeding, and ZTE did not make any filings in the proceeding. The Commission's examination of the record re-affirms the concerns raised by them in the Protecting Against National Security Threats Notice, and the Commission therefore takes the step of initially designating Huawei and ZTE as covered companies for purposes of the prohibition the Commission adopts in this document. 23. The Commission concludes that publicly available information in the record is sufficient to support these designations. In addition, the Commission has compiled and reviewed additional classified national security information that provides further support for its determinations. 24. The Commission agrees with commenters who argue that ``state actors, most notably China and Russia, have supported extensive and damaging cyberespionage efforts in the United States,'' and there exists a ``substantial body of evidence'' about the risks of certain equipment providers like Huawei and ZTE. International experts have found that China has a ``notorious reputation for persistent industrial espionage, and in particular for the close collaboration between government and Chinese industry.'' Allies of the [[Page 234]] United States have discovered numerous instances where the Chinese government has engaged in malicious acts, including ``actors likely associated with the . . . Ministry of State Security . . . responsible for the compromise of several Managed Service Providers.'' And as noted in the 2012 HPSCI Report, Huawei and ZTE are the ``two largest Chinese- founded, Chinese-owned telecommunications companies seeking to market critical network equipment to the United States.'' 25. These two companies pose a great security risk because Chinese intelligence agencies have opportunities to tamper with their products in both the design and manufacturing processes. The 2012 HPSCI Report observed that the risks posed by companies such as Huawei are further exacerbated because the company offers services managing telecommunications equipment and its ``authorized access'' could be exploited ``for malicious activity under the guise of legitimate assistance.'' This legislative concern has continued, with Congress passing, and the President signing into law, significant restrictions on the purchase of equipment and services from Huawei and ZTE. And, in the proceeding, the Attorney General has agreed that ``a company's ties to a foreign government and willingness to take direction from it bear on its reliability'' for building or servicing telecommunications networks with the support of federal funds. As explained in the following, the Commission believes that Huawei and ZTE pose a unique threat to the security of communications networks and the communications supply chain because of their size, their close ties to the Chinese government both as a function of Chinese law and as a matter of fact, the security flaws in their equipment, and the unique end-to-end nature of Huawei's service agreements that allow it key access to exploit for malicious purposes. As a consequence, the Commission's primary focus is on Huawei and ZTE. 26. The Commission notes, at the outset, that the Chinese government is highly centralized and exercises strong control over commercial entities, permitting the government, including state intelligence agencies, to demand that private communications sector entities cooperate with any governmental requests, which could involve revealing customer information, including network traffic information. The Department of Justice says that the Chinese government ``has subsidized [its] firms to lock up as much of the market as possible,'' which ``threatens to thwart the emergence of fair competition and lead to irreversible market dominance that will force all of us onto Chinese systems, causing unmitigable harm to our national security.'' According to Article 7 of the Chinese National Intelligence Law (NIL), all ``organizations and citizens shall, according to the law, provide support and assistance to and cooperate with the State intelligence work, and keep secret the State intelligence work that they know.'' Article 14 permits Chinese intelligence institutions to request that Chinese citizens and organizations provide necessary support, assistance, and cooperation. Article 17 allows Chinese intelligence agencies to take control of an organization's facilities, including communications equipment. The Chinese NIL is extremely broad, applying to Chinese citizens residing outside of China. Article 11 specifies that the law's powers are not limited to Chinese soil, which would permit Chinese government elements to compel Huawei and ZTE to carry out their directives within the United States' national boundaries. Further, Article 28 of the NIL allows personnel to be punished for violating the Chinese NIL. This broad authority to compel support and assistance to Chinese intelligence agencies is particularly troublesome, given the Chinese government's involvement in computer intrusions and attacks as well as economic espionage. As a consequence, the Commission's primary focus in the Report and Order is on Huawei and ZTE. 27. The Commission initially designates Huawei, along with its parents, affiliates, and subsidiaries, as a covered company for purposes of the Commission's rule. 28. The Commission finds that Huawei's ties to the Chinese government and military apparatus, along with Chinese laws obligating them to cooperate with any request by the Chinese government to use or access their system, pose a threat to the security of communications networks and the communications supply chain. Congress and the Executive Branch have repeatedly expressed concerns regarding Huawei, its ties to the Chinese government, and its equipment. In addition to reports recommending that government agencies, federal contractors, and private-sector entities consider excluding Huawei and ZTE equipment from their networks due to long-term security risks and the companies' close ties to the Chinese government, Congress has also taken action to limit the purchase of certain Huawei and ZTE equipment and services for federally funded networks. Additionally, the Department of Commerce has added Huawei to its Entity List, which ``identifies entities for which there is reasonable cause to believe, based on specific and articulable facts, have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States.'' These concerns center around Huawei's established relationship with the Chinese government as well as Huawei's obligation under Chinese law to cooperate with requests by the Chinese government for access to their system. 29. Although Huawei argues that its affiliates in the United States are not subject to state security laws, the Commission is not persuaded to excuse these affiliates from the scope of the Commission's prohibition. One expert has noted that the nature of the Chinese system ``recognizes no limits to government power.'' Irrespective of their physical location, these affiliates still remain subject to Chinese law. 30. As the House Permanent Select Committee on Intelligence found, ``the Chinese government and the Chinese Communist Party . . . can exert influence over the corporate boards and management of private sector companies, either formally through personnel choices, or in more subtle ways.'' For example, Huawei's founder, Ren Zhengfei, is himself believed to be a former director of the People's Liberation Army Information Engineering Academy, an organization associated with China's signals intelligence. Ren Zhengfei exercises ``ultimate veto authority over the company's material decisions.'' Additionally, the Chinese government maintains an internal Communist Party Committee within Huawei that can exert additional influence on the company's operations and decisions. The House Permanent Select Committee on Intelligence also received internal Huawei documentation from former Huawei employees ``showing that Huawei provides special network services to an entity the employee believes to be an elite cyber- warfare unit within the PLA.'' 31. Moreover, analysts have found that while ``Huawei claims the Chinese state has no influence over its activities, . . . the company is treated as a state-owned enterprise and has benefited from state procurement funds, subsidized financing from state-owned policy banks and state funding for research.'' Huawei is reported to benefit from vast subsidies from the Chinese government, to include state-controlled [[Page 235]] financial organizations. One study ``identified 32 cases since 2012 where Huawei projects were funded by Exim Bank of China ($2.8 billion) or China Development Bank ($7 billion).'' In 1998, it was reported that China Construction Bank provided over $470 million in lines of credit to foreign companies as incentive to purchase Huawei products. This initiative accounted for over 45% of the bank's annual extension of credit. While Huawei has refused to answer questions about its ownership and governance, it can be inferred that the Chinese government clearly has a vested interest in the company's success. 32. The Commission's actions in this document are also informed by the actions of other agencies and branches of the government, along with the increasing caution urged by our nation's intelligence officials. For example, in February 2018, the leaders of all six top U.S. intelligence agencies warned against purchasing products or services from Huawei or ZTE with FBI Director Chris Wray saying, ``the Commission is deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share the Commission's values to gain positions of power inside our telecommunications networks that provides the capacity to exert pressure or control over the Commission's telecommunications infrastructure.'' The Department of Justice (DoJ) has also stated its ``strong[] support'' for the Commission's action in this document, noting that it is pursuing numerous criminal charges against Huawei for violations of federal law and ``a willingness to break U.S. law combined with a determination to avoid the consequences by obstructing justice argues against the reliability of the provider.'' 33. In initially designating Huawei as a covered company, the Commission also relies on similar assessments by other countries. For example, on October 9, 2019, the European Union, with the support of the European Commission and the European Union Agency for Cybersecurity, released its risk assessment on 5G Security, specifically finding a high security risk where hostile countries exercise pressure on suppliers to facilitate cyberattacks serving their national interests. Many of our allies, including Australia, New Zealand, and Japan, have taken steps to exclude Huawei equipment from their networks. While Huawei argues that its equipment is used in other countries without undermining any nation's security, several of the United States' closest allies have concluded that the risk posed by Huawei equipment and systems is too great to bear. In November 2018, New Zealand's intelligence agency barred its largest telecommunications carrier, Sparc, from using Huawei equipment. Likewise, in December 2018, Japan excluded Huawei from its domestic communications infrastructure. Additionally, in August 2019, the Australian government announced a ban on Huawei equipment. The Commission also notes that communications service providers in other countries, including BT, Orange, and Deutsche Telekom, are acting to keep Huawei equipment out of their 5G networks. 34. Moreover, the Commission is confident that the national security risk to our communications network from permitting Huawei equipment and services is significant. For example, in 2019, Finite State, a cybersecurity firm, issued a report describing the unique threat posed by Huawei's ``high number'' of security vulnerabilities. The report found that over half of the Huawei firmware images analyzed had at least one potential backdoor that could allow an attacker with knowledge of the firmware to log into the device, and that Huawei continues to make firmware updates without addressing these vulnerabilities. Finite State articulates the concern that suppliers of technology, such as Huawei, with ``secret or overt access to the infrastructure they are providing,'' could use that access ``in times of peace, or perhaps [for] something far more ominous in times of conflict.'' 35. Also in 2019, the United Kingdom's Huawei Cyber Security Evaluation Centre Oversight Board released a report that sounded the alarm about the risks associated with Huawei's engineering processes. The report further revealed that Huawei had made no substantive gains in the remediation of issues reported in the previous year, noting that, ``[a]t present, the Oversight Board has not yet seen anything to give it confidence in Huawei's capacity to successfully complete the elements of its transformation program that it has proposed as a means of addressing these underlying defects.'' Further, in a 2013 report, the Intelligence and Security Committee of the UK Parliament said, ``theoretically, the Chinese State may be able to exploit any vulnerability in Huawei's equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity.'' 36. Furthermore, a recent report from Recorded Future, a cyber threat intelligence firm, found that ``[t]he enormous range of products and services offered by Huawei generates a nearly unimaginable amount of data for one company to possess.'' This problem is compounded by Huawei's ``desire to be an end-to-end provider for whole network solutions.'' As the 2012 HPSCI Report found, when companies ``seek to control the market for sensitive equipment and infrastructure that could be used for spying and other malicious purposes, the lack of market diversity becomes a national concern for the United States and other countries.'' Huawei's desire to limit diversity in equipment poses a threat to the security of U.S. communications networks. Its access to this vast amount of data combined with its close ties to the Chinese government and its obligation under Chinese law to assist with Chinese intelligence-gathering mean that ``Huawei is potentially subjected to a government-driven obligation to capitalize on its global network and consumer devices ecosystem to fulfill core [Chinese government] national security and economic dominance objectives.'' Given the multitude of evidence about the threat that Huawei equipment presents, along with the company's unique and close relationship to the Chinese government, the Commission disagrees with Huawei's claim that there is no support for the conclusion that its equipment poses a threat. The fact that Huawei's subsidiaries act outside of China does not mean that their parent company lacks influence over their operations and decisions given the strong influence that Huawei's parent companies and the Chinese government can exert over their affiliates. The Commission additionally disagrees with Huawei's assertion that the Chinese NIL is irrelevant because it is merely a ``defensive measure'' that does not ``provide authority for Chinese intelligence agencies to engage in offensive intelligence activities.'' The broad nature of the Chinese NIL, along with the Chinese government's control over Huawei and history of espionage activities, presents far too great a risk to the security of U.S. communications networks to rely on the assurance that the Chinese government will act only in a vaguely-defined ``defensive'' manner. While the Commission recognizes that the Chinese NIL may be interpreted in different ways, the fact remains that entities such as Huawei that are subject to the NIL, and subject to the Chinese legal regime generally, pose too great a risk to the security of communications networks and the communications supply chain. [[Page 236]] 37. The Commission also disagrees with Huawei's criticisms of the Finite State report. Huawei argues that the Finite State report focused on old versions of Huawei's equipment and did not follow ``general practices'' of security testing, which it argues, ``typically involves dialogue between the security company and vendor'' about vulnerabilities. However, unlike a report that assesses a zero-day threat and would typically include dialogue with the vendor to provide time to mitigate the threat, Finite State's report was a general risk analysis report and was focused primarily on the culture of risk management at Huawei. In response to Huawei's public criticisms of its report, Finite State determined that, ``Based on 8 years of analysis of [UK Huawei Cyber Security Evaluation Centre] reports, along with the recent Finite States analysis, the Commission can clearly see that Huawei's security posture has not materially improved over time.'' Indeed, the Commission agrees with Finite State that ``Huawei cannot deny that, now, multiple organizations have independently found similar, substantial security vulnerabilities in their products.'' 38. In the light of the record in the proceeding and other publicly available information detailing the scope of the risk of allowing Huawei's equipment and services into our communications networks, and given that the Chinese government has the ``means, opportunity, and motive to use telecommunications companies for malicious purposes,'' the Commission concludes that Huawei, its parents, affiliates, and subsidiaries should be initially designated as a national security threat to the integrity of communications networks or the communications supply chain for purposes of the rule the Commission adopts in this document. 39. The Commission also initially designates ZTE, its parents, affiliates, and subsidiaries as a covered company for purposes of the Commission's rule. 40. As with Huawei, ZTE has close ties to the Chinese military apparatus, having originated from the Ministry of Aerospace, a government agency. In fact, ZTE is still alleged to be partially owned by the Chinese government. As the House Permanent Select Committee on Intelligence found, ZTE is in essence, ``a hybrid serving both commercial and military needs.'' In particular, much of ZTE's ownership constitutes state owned enterprises, and, like Huawei, ZTE contains an internal Communist Party Committee, as required by the laws of China. The House Permanent Select Committee on Intelligence also found that ZTE has not allayed the Committee's concerns that it ``is aligned with Chinese military and intelligence activities or research institutes.'' As described in this document, legislative concern with ZTE equipment and services has been ongoing, with Congress passing, and the President signing into law, significant restrictions on the purchase and use of ZTE equipment. 41. Open source information highlights the risks posed by ZTE equipment. In April 2018, the Department of Defense announced that ZTE and Huawei devices would no longer be offered for sale at U.S. military bases and ordered them removed from its stores worldwide. In August 2018, a report funded by the Department of Homeland Security's Science and Technology Directorate found a wide range of vulnerabilities in a number of mobile devices manufactured and marketed by ZTE. The report indicated that the vulnerabilities are built into the phones during the manufacturing process and could allow malicious access to user data. While the USF generally does not fund end-user devices such as phones, the security concerns raised regarding ZTE mobile phones give the Commission concerns about other ZTE equipment and services, including those funded by the USF. The National Security Institute published a report in January 2019 that describes the underlying risks posed by both Huawei and ZTE systems and recommends ``additional restrictions on Huawei and ZTE products and services in the U.S.'' As with Huawei, ZTE's equipment has been barred in Australia and New Zealand. 42. Finally, the DoJ, in supporting the Commission's initial designations of Huawei and ZTE, has noted that ZTE pleaded guilty to violating our embargo on Iran by sending approximately $32 million dollars' worth of U.S. goods to Iran and obstructing justice in an effort to thwart DoJ's investigation. Such disregard for American law in furtherance of the interests of foreign governments is additional evidence of the danger posed by Huawei and ZTE equipment in our communications networks. 43. Given that the Chinese government has the ``means, opportunity, and motive to use telecommunications companies for malicious purposes,'' the Commission concludes that ZTE Corporation, its parents, affiliates, and subsidiaries should be initially designated as a national security threat to the integrity of communications networks or the communications supply chain for purposes of the rule the Commission adopts in this document. 44. The Commission directs the Public Safety and Homeland Security Bureau (PSHSB) to implement the next steps in the designation processes for Huawei and ZTE. The Commission also directs PSHSB going forward to make both initial and final designations, to reverse prior designations, and to issue the public notices required in the designation process. PSHSB shall have discretion to revise this process if appropriate to the circumstances, consistent with providing affected parties an opportunity to respond and with any need to act expeditiously in individual cases. To the extent that a designated entity seeks review of a designation decision--from either PSHSB or the full Commission--PSHSB or the Commission shall act on such petition for reconsideration or application for review, respectively, within 120 days of the filing by a designated entity. The Commission finds that this time limitation is important to provide regulatory certainty to entities affected by designations made at the Commission or bureau level, and consistent with the national security interests at stake. The Commission or PSHSB may, however, extend such 120-day deadline for good cause. 45. Huawei and ZTE. The designations adopted herein for Huawei and ZTE shall serve as initial designations. Interested parties may file comments responding to these initial designations. Such comments are due 30 days after publication of the Report and Order in the Federal Register. After the conclusion of the comment period, PSHSB shall issue a public notice announcing its final determination and the effective date of any final designation. 46. The Commission next establishes the scope of the new prohibition. The rule the Commission adopts in the Report and Order shall apply to any and all equipment or services, including software, produced or provided by a covered company. USF recipients must be able to affirmatively demonstrate that they have not used any funds obtained via the USF to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services provided or manufactured by a covered company. 47. The Commission finds it necessary to establish this broad prohibition on the use of USF funds to procure or otherwise support any and all equipment and services produced or provided by a covered company. Although some commenters argue that a [[Page 237]] prohibition precluding the expenditure of USF funds on every product from a covered company would not advance any material security purpose, and that such a restriction would be overbroad with potentially negative repercussions for U.S. industry, both domestically and overseas, the Commission believes that a blanket prohibition best promotes national security, provides the most administrable rule, and eases compliance for USF recipients. Given the dynamic and wide-ranging nature of the potential threats to our networks, and the Commission's specific responsibility to protect against threats posed by USF-funded equipment and services, the Commission finds a complete prohibition on the expenditure of USF funds on any and all equipment and services from a covered company to be the only reliable protection against potential incursions. The Commission recognizes that a complete prohibition may impose attendant costs on providers, who must ensure that equipment or services obtained using USF funds do not use equipment or services produced or provided by a covered company, and the rural consumers served by these providers. However, the Commission finds that these costs are outweighed by the need to ensure that the services funded by USF are secure and by the benefits to our national security and the nation's communications networks. 48. Malware and vulnerabilities can be designed and built directly into communications equipment, even when that equipment is not the covered company's flagship equipment. Thus, these vulnerabilities can often be difficult to discover. Moreover, the transition to emerging next-generation networks and the accelerated adoption of virtualized distributed network infrastructure increases the number of attack points in the network and makes networks more susceptible to attacks and unauthorized intrusions. Given the increased risk that allowing any equipment from a covered company on the network can cause significant harm, the Commission cannot allow for bad actors to circumvent the Commission's prohibitions through clever engineering. 49. The Commission further finds that a complete prohibition on the expenditure of USF funds for all equipment and services produced or provided by a covered company will provide regulatory certainty and will be easier for providers to implement and for the Commission to enforce. The Commission agrees with Vermont Telephone, which argues that the Commission's rule ``would eliminate uncertainty and reduce regulatory burdens that fall most heavily on small operators,'' and that adopting the Commission's rule would ``level the competitive playing field by creating incentives for operators to secure their networks rather than opting to deploy lower-cost Chinese manufactured equipment.'' The Commission's decision to adopt a complete prohibition rather than a narrow one will greatly reduce administrative costs for both providers and consumers as it would be time consuming and costly to require determinations on a product-by-product basis as to whether any given equipment is subject to the prohibition. Relatedly, it will be simpler for participants, and thus more cost effective, to comply with a blanket ban on the use of USF funds on any and all equipment and services produced or provided by covered entities. Compliance costs will also be reduced because providers will more easily be able to certify that their subsidiaries and affiliates have not used USF funds to purchase, obtain, maintain, improve, modify, or otherwise support any equipment of a covered company. It would be far more difficult, costly, and invasive for the Commission to obligate providers to verify this same commitment on a product-by-product or even component-by- component basis. By the same token, it will be far simpler and more cost-effective for Universal Service Administrative Company (USAC) to audit and verify any such certification based on a blanket ban rather than a more selective product-by-product prohibition. 50. The Commission is not persuaded that uncertainty in the purchasing process dictates a narrower prohibition. Some commenters argue that it is difficult to know from which companies they are purchasing equipment and that a blanket prohibition within the USF is therefore unreasonable. They claim this difficulty is especially apparent in instances of ``white labeling,'' where a covered company provides equipment or services to a third-party entity for sale under that third party's brand and the purchaser may not know the covered company's equipment is part of the purchased product. Although the Commission understands the complications inherent in the purchasing process, it believes it is the responsibility of all USF recipients to work with their suppliers to understand what equipment and services they are purchasing and to ensure that such equipment and services are not produced or provided by a covered company. Indeed, were the Commission to find white labeling as outside the scope of its prohibition, it would create an obvious and transparent loophole for companies that pose a national to national security to sneak their equipment into our communications networks. 51. The Commission also makes clear that USF recipients may continue to use these federal funds to maintain, improve, modify, or otherwise support their communications networks generally so long as no such funding goes toward any equipment or services provided or manufactured by a covered company. For example, a USF recipient could use funding to maintain gas-powered generators or battery cells that provide back-up power to radio access network equipment, purchase backhaul facilities and interconnection services from third parties, upgrade and maintain switches and routers, and otherwise expend USF funds on equipment and services that support a provider's network in whole or in part and are not solely used in the maintenance or support of covered equipment. In contrast, a USF recipient could not use federal funds to upgrade covered equipment, install software updates on such equipment, or pay for a maintenance contract to the extent that contract covers covered equipment--even when such upgrades, installations, and contracts are not directly offered by a covered company. Similarly, a USF recipient would not be permitted to use USF support to pay its internal staff to perform maintenance on any equipment or services produced or provided by a covered company. Such expenditures would be directly and solely targeted at supporting equipment that poses a national security threat to our communications networks and allowing such expenditures to be paid for with federal funds would counter the Commission's goal of securing American communications networks and incentivizing the replacement of such equipment with equipment from trusted vendors. 52. The Commission notes that its rule does not prohibit USF recipients from using their own funds to purchase or obtain equipment or services from covered companies, but USF recipients must be able to clearly demonstrate that no USF funds were used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by a covered entity. But the Commission cautions USF recipients that choose to install new equipment or purchase new services from covered companies. Where a project involves the purchase of such equipment, the Commission believes it unlikely that many USF [[Page 238]] recipients will be able to show the detailed records necessary to demonstrate that no USF funds were used on equipment or services from a covered company on any part of that project. For example, if a USF recipient tried to install a new cellular radio base station from a company that has been designated as a national security threat, all labor and other expenditures for that installation are part and parcel of installing an insecure network. The Commission is thus skeptical that any USF recipient seeking to use USF funds on an ``eligible'' portion of such a project would will be able to establish with the necessary certainty, even with a detailed recordkeeping process in place, that no part of the installation process, including the base station and any and all related expenditures, are paid for using USF funds. However, the Commission does not entirely foreclose the possibility that a USF recipient might be able to segregate the use of federal funds from other funds for the completion of a particular project, and the Commission reminds recipients that such expenditures will be subject to the audit and enforcement mechanisms described herein. 53. The Commission agrees with commenters who suggest a whole-of- government approach to supply chain security. The Commission's oversight of the USF requires them to act so that USF funds are not used in a manner that undermines the security of communications networks. In addition, the Commission has a responsibility to act in order to support the ongoing efforts of the federal government to protect communications networks and the communications supply chain from security threats. The prohibition the Commission adopts in this document applies only to equipment and services in the context of the USF, so the Commission believes this limited application of the prohibition will advance the interests of network security and will provide necessary certainty to affected USF participants. In short, the Commission's actions in the Report and Order are a vital part of that approach and will complement the activities of other federal agencies and Congress. 54. The Commission disagrees with RWA, which contends that the prohibition it adopts in this document should extend only to ``additional equipment'' and ``new services'' not yet procured and deployed; such a distinction would do nothing to address the threat posed by existing equipment. If anything, it would magnify this risk by enabling providers to continue to use USF support to maintain, improve, modify, operate, manage, renew, or otherwise support such equipment. Restricting the prohibition the Commission adopts in this document to apply only to equipment that has not yet been purchased would not only undercut the purpose behind this proscription, but could actively increase the risks posed by existing equipment. 55. The Commission acknowledges the concerns of some commenters who contend that ``rural co-ops and closely held companies are massively restricted in their financial operations'' and argue that USF support is ``often critical'' in order to maintain the operational viability of their networks. While this may be true in the case of some rural carriers, the Commission is unwilling to allow USF dollars to be used in support of equipment and services that pose a direct and immediate threat to our national security and the security of our networks. To do so would place our communications networks and supply chains as a whole at risk. No provider has yet offered the detailed financial records that would be necessary for the Commission to determine whether an individual provider actually could not maintain its existing network without violating its rule--and the Commission reminds providers that they remain free to seek a waiver of this prohibition in the exceptional case where they would be unable to operate their networks absent the use of USF funds to maintain or otherwise support equipment or services produced or provided by covered companies. 56. While the rule the Commission adopts in this document will not, in and of itself, completely address the risks posed by equipment or services produced or provided by covered companies, that is no reason not to adopt the rule, as RWA appears to argue. As the Commission has already stated, the targeted rule it adopts in this document is part of the Commission's continuing efforts to protect the nation's communications networks and supply chain from potential security threats. These efforts are, by their very nature, ongoing and incremental. The Commission's is a specific but nevertheless important role in securing the communications supply chain and our nation's communications infrastructure. 57. Upgrades to Existing Equipment. The Commission next clarifies that the prohibition will apply to upgrades and maintenance of existing equipment and services. As explained in this document, this restriction includes a prohibition on using USF funds to pay third parties or a carrier's own employees to maintain or repair equipment from covered services. Costs for such services must be paid with non-USF funds. The rule the Commission adopts in this document prohibits USF recipients from using USF funds to purchase, obtain, maintain, improve, modify, or otherwise support equipment or services provided or produced by covered companies in addition to purchasing such equipment or services. The Commission specifically extends this prohibition to include upgrades to existing equipment and services. Several commenters have argued that upgrades to existing equipment should be exempt from the Commission's rule, claiming any prohibition on the use of USF funds to support upgrades to existing equipment would ``effectively mandate replacement of those products before the end of their life-cycle or force companies receiving USF monies to run outdated or inadequately maintained equipment.'' Others argue that such upgrades should be exempted because they are necessary to preserve equipment functionality, performance, and security. 58. The Commission recognizes that this rule may encourage some providers to choose not to upgrade equipment and instead to replace these products prior to the end of their life-cycle, or risk running outdated and inadequately maintained equipment. The Commission notes that such upgrades are in fact in the public interest because they would increase the security of our communications networks. Indeed, the Commission finds the risk posed by covered companies' products is too great to continue to allow federal funds to be used to purchase, obtain, maintain, improve, modify, or otherwise support them. To do so would allow these funds to be used to perpetuate existing security risks to the communications supply chain and the communications networks of this country. Further, the Commission is not restricting USF recipients from performing needed upgrades or maintenance to equipment procured from a covered company so long as they do not use USF funds to do so. Although the Commission may have concerns, it acknowledges that providers may continue to use and improve such equipment consistent with all other legal requirements, but they may not perform such maintenance or upgrades using USF funds. Affected carriers may of course file a request for waiver if they are manifestly unable to maintain their networks absent the use of USF funds to support equipment or services produced or provided by covered companies, and such failure poses a risk to public safety. The [[Page 239]] Commission evaluates waivers on a fact-specific basis. 59. Compliance Certifications. The Commission agrees with commenters who argue that the Commission should require recipients of universal service support to provide a certification that they have complied with the rule it adopts in this document. The Commission does not, at this time, require manufacturers to submit separate certifications, although USF recipients may require such certifications from manufacturers as part of their own contracts. The Commission directs WCB, in coordination with USAC, to revise the relevant information collections for each of the four USF programs to require a certification attesting to compliance with the rule adopted in this document. Given the variety of ways that USF participants file and certify to rule compliance, the Commission finds that directing WCB to develop such a certification for each respective program is the best means by which to implement this new certification requirement. 60. Audits and Recovery of Funds. The Commission believes that USAC audits are the most effective way to determine compliance with the requirements of the Report and Order, and the Commission directs USAC to implement audit procedures for each program consistent with the rules it adopts in this document. USF recipients must be able to affirmatively demonstrate that no universal service funds were used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services provided or manufactured by covered companies. The Commission notes that applicants in the E-rate and Rural Health Care programs already retain and provide information either during the application process or during audit and program integrity assurance processes that could demonstrate (if verified) that no USF funds were improperly used. And the Commission notes that many ETCs receiving High Cost funding now report the projects they complete using federal funds to the High Cost Universal Broadband portal, allowing relatively swift verification by USAC of compliance. If USAC knows the specific locations where federal funds were used to build communications networks, it can verify what equipment and services are used at those locations and audit that usage if necessary. To the extent that other ETCs do not yet report information to USAC that would verify compliance, the Commission directs WCB and USAC to revise its information collection and audit procedures to ensure the reporting of USF expenditures in a manner that will allow efficient oversight and thorough compliance. 61. Some commenters have argued that, for purposes of the E-Rate and Rural Health Care programs, service providers are in the best position to prevent violations of the rule and, as a result, should be the party responsible for recovery in cases where funds have been disbursed in violation of the rule. The Commission sees no reason to depart from the requirement that directs USAC to pursue recovery actions against the party or parties that committed the rule or statutory violation in question, recognizing that, in some instances, this could be the applicant school, library, health care provider, or consortium, rather than the service provider. The determination of which entity to seek recovery from is a factual determination based on the specific facts of the violation, and the Commission sees no need to establish a rule requiring recovery only from service providers. 62. Waivers. The Commission agrees with commenters who support a meaningful waiver process. As with any Commission rule, USF recipients may seek waivers of the rule the Commission establishes in this document. The Commission disagrees with commenters who suggest that it imposes a 90-day shot clock for resolution of such waivers. Commenters have provided no persuasive argument supporting the establishment of an arbitrary deadline for resolution of waiver requests and the Commission similarly refrains from establishing any specialized waiver requirements for the rule adopted in this document. 63. Because of the compelling interest in protecting our national security, the Commission concludes that the rule it adopts in this document should take effect immediately upon publication in the Federal Register. For purposes of the Lifeline and High-Cost Support Programs, any prohibition on the use of USF funds will take effect immediately upon publication of the effective date contained in the Final Designation Notice designating an entity as a covered company posing a national security threat. A requirement that USF recipients certify that they are in compliance with the Commission's rule will take effect following revision of each information collection as described in this document, including approval by the Office of Management and Budget under the Paperwork Reduction Act. 64. In the April 2018 Protecting Against National Security Threats Notice, the Commission made clear that its proposed rule would apply only prospectively. The Commission sought comment on how long USF recipients would need to comply with the rule and whether it should consider phasing in the rule for certain programs or USF recipients. The Commission agrees with commenters who argue that the Commission should not delay the effective date of the rule. These commenters contend that service providers have long been aware of the security risks associated with certain vendors that may affect their ability to continue to receive federal funding, and thus many service providers have already made the business decision to purchase equipment from alternative vendors, precisely to avoid the security risks and the possible greater costs those risks might present in the long run. Given the important national security concerns at stake in the proceeding, the Commission believes it is critical that it moves forward expeditiously. Moreover, because many service providers have already made the business decision to purchase equipment from alternative vendors in order to avoid security risks, the Commission believes that the impact of an immediate effective date will be minimal. Given the industry's long-standing knowledge of the risks posed by the installation and purchase of such equipment, the Commission does not believe that a phase-in period is necessary. Indeed, the important national security concerns at issue necessitate swift action. 65. Moreover, because the rule is prospective in effect, it does not prohibit the use of existing services or equipment already deployed or in use. USF recipients may continue to use equipment or services provided or produced by covered companies obtained prior to the issuance of the rule, but may not use USF funds to purchase, obtain, maintain, improve, modify, or otherwise support such equipment or services in any way. 66. The Commission next clarifies how its rule shall apply for E- Rate and Rural Health Care recipients. Specifically, unlike other USF recipients, E-Rate and Rural Health Care recipients apply for funding to cover specific services and equipment on coordinated basis, with funding tied to a particular funding year. To ensure prospective only effect, the rule the Commission adopts will apply to all funding years that start after the designation of a covered company (so the Commission would expect the rule prohibiting purchases from Huawei and ZTE that it initially designates in this document to apply for Funding Year 2020, starting July 1, 2020). This [[Page 240]] provides a common administrative deadline for applicants and USAC and should allow sufficient time for E-Rate and Rural Health Care applicants to be trained to include service provider security compliance as a necessary factor in the selection of providers for the forthcoming funding year. The Commission notes that Funding Year 2020 for both programs begins July 1, 2020. The Commission believes that the decision strikes the best balance for promoting national security in a way that is practicable for E-Rate and Rural Health Care participants. For earlier funding years, the Commission directs USAC to process Operational Service Provider Identification Number (SPIN) changes and service substitutions to swap out non-compliant equipment for compliant equipment upon a showing that the equipment not yet installed would be prohibited under the Commission's rule. 67. Existing Multiyear Contracts. The Commission finds that its rule extends to existing contracts to acquire equipment or services from any covered company that were negotiated and entered into prior to the final designation of that entity as a covered company. In other words, existing multiyear contracts to acquire equipment or services from a covered company will not be exempt from the rule. The Commission disagrees with commenters who favor such an exemption. Exempting existing multiyear contracts would negate the purpose behind the Commission's rule and allow federal funds to be used to perpetuate existing security risks to communications networks and the communications supply chain. 68. Some commenters raise a number of constitutional challenges to the rule the Commission adopts in this document. They argue that the action adopted in this document, violates principles of due process, that it amounts to an unconstitutional bill of attainder, and that it amounts to a regulatory taking by denying carriers any economically productive use of their existing networks. The Commission finds these arguments unpersuasive. 69. Both carriers and suppliers argue that a national security condition on USF funding would violate their due process rights guaranteed by the Fifth Amendment. The Due Process Clause of the Fifth Amendment provides that ``[n]o person shall be . . . deprived of life, liberty, or property, without due process of law.'' These due process challenges, therefore, involve two questions: First, whether carriers or suppliers are deprived of a protected interest in ``property'' or ``liberty.'' And second, if they are, whether the procedures employed by the Commission comport with principles of due process. The Commission concludes that the rule and its application, as adopted in this document and applied initially to Huawei and ZTE, do not violate the due process rights of USF recipients, of suppliers generally, or of Huawei and ZTE specifically. The Commission discusses these conclusions in the following. 70. Carriers' Due Process Claims. CCA, on behalf of its carrier members, argues that the rule will violate the due process rights of carriers that rely on USF support in two ways. First, CCA asserts, the rule will interfere with carriers' ``long-standing investment-backed reliance interests'' in their telecommunications networks. Second, CCA claims that the rule ``violates the due process rights of equipment, device and service providers, as well as the carriers who rely on them'' by failing to provide ``an opportunity to review the unclassified evidence on which the official actor relied.'' Because this second argument primarily concerns the due process rights of suppliers and is also raised by them in more detail, the Commission addresses it--along with suppliers' other concerns--in the following. 71. Regarding its first argument, CCA explains that many carriers have upgraded or are upgrading their networks to the newest available technologies, including by contracting with foreign suppliers who offer competitive pricing, in service of ``the USF's mandate to provide affordable telecommunications access to underserved communities.'' Invoking FCC v. Fox Television Stations, CCA argues that these carriers ``did not have fair notice of what would be forbidden,'' and invoking General Motors Corp. v. Romein, CCA asserts that the proposed rule ``unfairly interferes with carriers' legitimate expectations without sufficient justification.'' 72. In Romein, General Motors challenged the effect of a Michigan workers' compensation statute that required it to retroactively pay workers' compensation benefits. General Motors argued that the statute's retroactive provisions ``unreasonably interfered with closed transactions,'' and thereby violated due process. Applying rational basis review, the Court rejected this challenge and found that the statute was a rational means of achieving a legitimate objective. Huawei similarly argues that the rule the Commission adopts in this document would violate the Administrative Procedure Act as a rule that has ``unreasonable secondary retroactivity.'' While the Commission acknowledges that the rule may have some retroactive effect, the Commission finds that any retroactive effect is reasonable in light of the goals of the Report and Order. Secondary retroactivity is reviewed under a reasonableness standard to determine whether or not it is arbitrary or capricious. The Commission notes that the rule and the initial designation of Huawei and ZTE as covered companies will not explicitly prevent Huawei from selling its products to any company. And as noted, the Commission concludes that multiyear contracts cannot be exempt from the rule, given that such an exemption would largely undermine the national security goals of the Report and Order. 73. At the outset, at least with respect to Huawei and ZTE, the Commission rejects the premise that carriers had a ``legitimate expectation'' of being able to continue to purchase products and services from them using USF funds and ``did not have fair notice'' that a rule like the one adopted in this document may be imposed. Mounting public concern about these entities was apparent at least as early as 2010, when a bipartisan group of lawmakers wrote a letter to the Chairman of the FCC, requesting information about the security of U.S. telecommunications networks in light of potential deals between U.S. carriers and Huawei and ZTE. 74. Moreover, CCA's reliance on Fox Television is misplaced. That case addressed whether the FCC had violated the due process rights of two television networks by failing to give them fair notice that, in contrast to a prior FCC policy, a fleeting expletive or a fleeting shot of nudity could be actionably indecent. Here, by contrast, the Commission has issued a Notice and allowed interested parties to comment on the proposed rule, which will only be applied prospectively and does not require carriers to remove or stop using any already- purchased equipment or services. This situation is materially different than that presented in Fox Television, and at least one court has rejected an attempt to invoke Fox Television under similar circumstances, where parties were given notice and an opportunity to comment on the proposed rule. Finally, the Commission disagrees with CCA's apparent assertion that it has not provided ``sufficient justification'' to satisfy the test for rational basis review articulated in General Motors. The government has a legitimate interest in safeguarding [[Page 241]] national security, and the Commission's rule is a rational means of furthering that interest. 75. Suppliers' Due Process Claims. Some commenters--including Huawei--argue that due process requires that the rule offer suppliers designated as national security threats notice and a meaningful opportunity to respond to the evidence against them. Assuming that a designation could result in a deprivation of a cognizable liberty or property interest, an argument which the Commission considers and rejects in the following, the Commission has provided and will continue to provide due process as required under the Constitution and process in conformance with the Administrative Procedure Act. Under Mathews v. Eldridge and other applicable precedent, due process requires that the deprived party be afforded notice of the action, including enough information about the factual basis for the action to allow for a meaningful challenge, and a meaningful opportunity to be heard. An evaluation of the sufficiency of the process will consider the private interest that would be affected, the risk of an erroneous deprivation of such interest through the procedures used (and the probable value, if any, of additional procedural safeguards), and the government's interest, including the burdens of additional procedural requirements. 76. The rulemaking proceeding has provided and will continue to provide Huawei and ZTE with notice and an opportunity to be heard on the issue of whether they should be designated under the rule adopted in the Report and Order. The Protecting Against National Security Threats Notice in the proceeding set forth Congress's concern with both companies and explained that this concern stems from the fact that both companies are subject to such a degree of undue influence by the Chinese government as to raise counterintelligence and security concerns. It was clear from the Protecting Against National Security Threats Notice that the Commission was considering designating them under the proposed rule. In fact, the Protecting Against National Security Threats Notice specifically sought comment on ``defin[ing] covered companies as those specifically barred by the National Defense Authorization Act from providing a substantial or essential component, or critical technology, of any system, to any federal agency or component thereof,'' and the WCB specifically sought comment on how the 2019 NDAA should affect the Commission's approach in the proceeding. Huawei responded to the Protecting Against National Security Threats Notice at great length, and the Commission has fully considered those arguments. As with any Commission decision, the Report and Order is subject to procedures for reconsideration by the Commission and for judicial review. 77. Further, both Huawei and ZTE will have an additional opportunity to respond to the factual allegations supporting their initial designation under the process established in the Report and Order. The initial determination adopted in the Report and Order expands on the concerns raised in the Protecting Against National Security Threats Notice and responds to Huawei's submissions that attempted to address these concerns. Huawei and ZTE will have a further chance to respond before PSHSB issues a final designation that either affirms or rejects the initial designation. The Commission therefore concludes that Huawei and ZTE will be afforded all the process that is due in the proceeding. 78. For all other designations, the Commission will adhere to the process discussed in this document, which includes notice and an opportunity to comment on any initial designation, a description of the basis for such initial designation and, if opposed, a written final determination subject to review by the Commission and, ultimately, the courts. Any such designation will also be subject to review, and potentially reversal, in the future if such an entity, or another interested entity, can demonstrate that it should no longer bear such a designation. 79. Huawei is incorrect when it argues that it violates the Due Process Clause to issue this adjudicatory decision in the context of a rulemaking proceeding. There is no requirement that designations be made pursuant to the formal adjudicatory procedures of the Administrative Procedure Act. Rather, the relevant question is whether the affected parties have had the ``opportunity to present, at least in written form, such evidence as those entities may be able to produce to rebut the administrative record.'' Huawei has already done so here, and ZTE had the same opportunity. There is nothing improper about issuing a designation pursuant to a rulemaking proceeding. Additionally, Huawei and ZTE will have a further opportunity to specifically respond to their initial designation during the comment period adopted in the Report and Order. 80. Moreover, the Fifth Amendment guarantees due process only where government action threatens or deprives an individual of life, liberty, or property. The Commission finds that designated suppliers and/or carriers do not suffer a deprivation of life, liberty, or property sufficient to trigger due process protections. Huawei claims that designating it under the rule the Commission adopts in this document would deprive it of liberty in three related ways: (1) By interfering with its freedom to practice a chosen profession; (2) by debarring it or effectively debarring it by preventing it from selling equipment and services to USF recipients; and (3) by imposing a ``stigma'' sufficiently serious to alter Huawei's legal status. The Commission finds none of these arguments persuasive. 81. First, covered companies are not barred from a field of employment. Unlike the aggrieved parties in the cases cited by Huawei and CCA, the suppliers found to be a threat to national security will not be broadly excluded from a profession or field--such as aeronautics or law. To the contrary, any such designated suppliers will be free to pursue their business by serving as suppliers to a variety of carriers; in fact, as one commenter pointed out, a designation would not formally restrict them from conducting business with any customer, including those who participate in USF programs. 82. Second, the adopted rule does not debar covered companies, either through ``formal debarment'' or through ``broad preclusion, equivalent in every practical sense to formal debarment.'' Huawei itself recognizes an uneasy fit with the debarment cases it cites, conceding that those cases ``merely involve actions that preclude private entities from transacting with the Government, while the proposed rule would preclude private entities from transacting with other private entities who spend federal funds.'' Huawei argues, inter alia, that the proposed rule meets the definition of debarment in section 54.8 of the Commission's rules. Even assuming Huawei is ``debarred'' from the USF under this definition, it is not ``debarred'' as the term is used in the cases cited by Huawei, which, as Huawei itself notes, involve government actions precluding private entities from serving the government. The Commission is similarly unconvinced by Huawei's attempt to analogize itself to a subcontractor. While there is some authority for the proposition that due process protections extend to the debarment of subcontractors, Huawei and other affected suppliers are not subcontractors, and, even if they were, designation here does amount to de facto debarment--it does not prevent [[Page 242]] designated suppliers from doing business with the government or carriers (the prime contractors, in Huawei's analogy). 83. The rule here does not prevent any private entity from transacting with the government--either formally or through broad preclusion equivalent to formal debarment--nor does it completely prevent entities from transacting with carriers who receive USF funding. 84. Third, designation as a covered company does not create a deprivation by imposing a stigma sufficiently serious to alter a supplier's legal status. To establish a deprivation under this ``stigma-plus'' theory, a party must show (1) the public disclosure of a stigmatizing claim by the government; and (2) an accompanying denial of ``some more tangible interest such as employment, or the alteration of a right or status recognized by state law.'' With respect to the first prong, assuming arguendo that designation by the Commission as a threat to national security is likely to impose some amount of stigma, the stigmatized party must also satisfy the ``plus'' factor of the ``stigma plus'' test. Courts have found this factor satisfied where the government has deprived a party of some benefit to which it has a legal right, like the ability to purchase alcohol or fly. The D.C. Circuit has found this prong satisfied where the government-imposed stigma is so severe that it ``broadly precludes'' the stigmatized party from ``pursuing a chosen trade or business.'' The Commission finds that the rule adopted in this document does not satisfy this prong. 85. Huawei argues that the alleged stigma of a designation under the proposed rule would alter its status in two ways. First, by ``barring the use of universal service funds to buy the company's equipment.'' Second, by having the practical effect of discouraging other U.S. entities from buying Huawei's equipment. But while designation may create a disincentive for carriers to purchase equipment from designated entities, designation imposes no explicit restriction on designated entities at all; designated entities remain free to sell to anyone, including recipients of USF. Likewise, USF recipients remain free to purchase equipment from designated entities-- and some may continue to do so, though they would not be able to use USF support for any covered equipment and services. This fact alone would prevent Huawei or other covered companies from establishing the deprivation of a legal right or the ``broad preclusion'' required in Trifax, the case on which Huawei principally relies in establishing this factor. Thus, the Commission concludes that there is no cognizable deprivation of liberty or property either in adopting the rule or designating Huawei and ZTE herein the Report and Order. 86. Unconstitutional Taking. Some commenters assert that the Commission's proposed rule would constitute a regulatory taking because it would deny some carriers of ``all economically beneficial or productive use'' of their property.'' These commenters argue that the proposed rule would prevent carriers from upgrading, repairing, or servicing pre-existing equipment purchased from prohibited suppliers, rendering this equipment useless. Without funding to compensate carriers for these losses, they argue, the proposed rule will run afoul of the Takings Clause of the Fifth Amendment, which prohibits the government from taking ``private property . . . for public use, without just compensation.'' 87. The Commission disagrees with these arguments. At the outset, the Takings Clause applies only when ``property'' is taken, but Commission and judicial precedent make clear that carriers have no vested property interest in ongoing USF support. Therefore, there is no merit to any suggestion that deprivation of future USF support amounts to a Takings under the Fifth Amendment. While carriers do have a cognizable property interest in their equipment, to the extent the action diminishes the value of equipment carriers have already purchased, this interference does not amount to a regulatory taking. The concurrently adopted Further Notice addresses making additional support available pursuant to NDAA section 889(b)(2)--a fact that arguably mitigates any takings concerns and makes any potential takings claim unripe. Further, there is no per se regulatory taking under Lucas v. South Carolina Coastal Council, because the rule will not deprive affected carriers of all economic value in their networks or equipment--the proposed rule is prospective in nature, and will allow them to continue using pre-existing equipment. Nor does the rule effect a partial regulatory taking under the three-factor test established in Penn Central Transportation Company v. New York City. First, the economic impact on affected carriers should not be severe, as they should still be able to use pre-existing equipment. Second, the rule should not upend reasonable investment-backed expectations. As explained in this document, the long history of concern about Huawei and ZTE should have served as a warning that the federal government may take action regarding these companies, and in any event the Protecting Against National Security Threats Notice provided affected carriers actual notice of this action. More broadly, the Commission frequently enacts rules adjusting the levels of USF support received by carriers, and has long held that carriers have no entitlement to ongoing USF support at current levels. Third and finally, with respect to the ``character'' of the Commission's action, any interference could not be characterized as physically invading or permanently appropriating the property of carriers--and commenters seem to offer no argument to the contrary. 88. Bill of Attainder. Lastly, Huawei argues that the rule violates the Bill of Attainder Clause. A law constitutes a bill of attainder ``if it (1) applies with specificity, and (2) imposes punishment.'' According to the Supreme Court, ``the Bill of Attainder Clause was intended . . . as an implementation of the separation of powers, a general safeguard against legislative exercise of the judicial function, or, more simply, trial by legislature.'' Thus, ``[a] bill of attainder is a legislative act which inflicts punishment without a judicial trial.'' Huawei argues that the rule ``contravene[s] the Bill of Attainder Clause by targeting a small group of people for punitive measures.'' 89. The Commission finds this argument unpersuasive. First, the Supreme Court has never applied the Bill of Attainder Clause to a corporation like Huawei. Second, the rule cannot amount to a bill of attainder because it is not a ``legislative act.'' The Commission is unaware of any court opinion applying the Bill of Attainder clause to agency regulations. In a case challenging the Commission's 2011 order overhauling the high-cost universal service program, the Tenth Circuit considered and rejected a similar argument on the grounds that the Commission's order was not a legislative act. Second, even if the rule were a ``legislative act,'' it does not impose a ``punishment.'' As the Report and Order makes clear, the Commission has a legitimate, non- punitive reason to take the actions contemplated by the rule--the protection of national security. While some of the burdens of the rule will fall on those entities identified as threats to national security, the burdens imposed will not be ``so disproportionately severe and so inappropriate to nonpunitive ends that they unquestionably have been held to [[Page 243]] fall within the proscription of [the Bill of Attainder Clause].'' 90. The Commission's cost benefit analysis focuses on the economic costs of its action. An economic cost is the extent to which resources are spent inefficiently, in this case, on more expensive suppliers. The Commission notes that record evidence indicates the vast majority of such costs are attributable to ETCs receiving high-cost universal service support. The Commission accordingly focuses its analysis on such costs because any costs attributable to other programs are unlikely to have any measurable impact on whether the benefits of the rule outweigh its costs. Furthermore, the records suggest that the dominant economic cost equals the necessary additional cost to carriers who choose to purchase more expensive equipment as a result of the Commission's action. The Commission estimates this cost and qualitatively consider other economic costs of its action. The Commission finds these other costs to be relatively small. Given the evidence available, the Commission estimates that the costs of the actions in this document will not exceed $960 million and are likely to be much lower. 91. Quantifying the expected benefits of the Commission's rule is difficult. Nonetheless, the Commission takes into account several comparable situations to estimate an order of magnitude lower bound of benefits. Notably, a foreign adversary's access to American communications networks could result in hostile actions to disrupt and surveil our communications networks, impacting our nation's economy generally and online commerce specifically, and result in the breach of confidential data. To start, our national gross domestic product was $20.5 trillion last year, growing 2.9% or $595 billion last year, adjusting for inflation. Accordingly, preventing even a 0.005% disruption to our economy, or a 0.162% disruption to annual growth, would outweigh the costs of the prohibition. Likewise, the digital economy accounted for $1.35 trillion of our economy in 2017, and so preventing a disruption of even 0.072% would mean the benefits of the rule outweigh the costs. Given how dependent the general economy--let alone the digital economy--is on our national communications network and how interconnected that network is and is becoming, the Commission finds it likely that any potential disruption would exceed these measures by a large margin. As a check on the Commission's analysis, consider the impact of existing malicious cyber activity on the U.S. economy: $57 billion to $109 billion in 2016. Given the incentives and documented actions of hostile nation-state actors, reducing this activity (or preventing an expansion of such damage) by even 1.68% would justify the costs of the Commission's rule. Or set aside broader commercial implications (such as theft of trade secrets and business plans) and focus on the impact of data breaches on consumers: An estimated 7% of consumers over the age of 16 were identity theft victims in 2014, and the estimated average loss to an identity theft victim is over $2,800. Accordingly, if the Commission's rule reduced the incidence of data breach and identity theft by just 0.137% among American consumers over the age of 16, the benefits of the rule would outweigh the costs. In the Commission's judgment and given this analysis, the Commission finds the benefits of its rule to the American economy, commerce, and consumers are likely to significantly and substantially outweigh the costs by a large margin (the upper end of those costs being $960 million). Finally, the Commission notes that the benefits of the rule also extend to even harder to quantify values, such as preventing untrustworthy elements in the communications network from impacting our nation's defense, public safety, and homeland security operations, our military readiness, and our critical infrastructure, let alone the collateral damage such as loss of life that may occur with any mass disruption to our nation's communications networks. The Commission finds that the benefits of safeguarding our nation against these threats alone would also significantly and substantially outweigh the costs of the Commission's rule by a large margin. 92. Calculating the Additional Cost to Carriers. The Commission assumes based on the initial designations that its actions will prevent a carrier from using universal service funds to make purchases from Huawei or ZTE. As carriers maintain their existing networks and upgrade them to new technologies such as 5G, carriers relying on universal service funds may choose more expensive equipment--and for the sake of this cost-benefit analysis, the Commission assumes that the prices of Huawei and ZTE tend to be lower than those of other suppliers without a corresponding loss in quality, reliability, or durability. Buying more expensive equipment or services also increases the value of the firm's capital base, which in turn, increases service and maintenance costs, and the required return on capital to bondholders and shareholders, resulting in a second source of cost. The Commission also estimates a useful lifetime of network equipment (like mobile switches) and exterior equipment (radio network access equipment (RAN) placed on or near a pole or tower) of approximately 10 years. 93. To estimate the additional cost to carriers of the prohibition and given the estimated useful lifetime of network equipment, the Commission expects that in 10 years all Huawei and ZTE equipment that will be replaced (or upgraded) with universal service support will have been replaced. At that point, the additional annual capital outlays will peak, and the Commission generously estimates the total annual cost of its actions, including service and maintenance cost, and the required return on capital, will be between approximately $17 million and $107 million. Although the Commission initially assumes Huawei and ZTE maintain their (non-quality-adjusted) price advantage for 10 years, the Commission then allows competition to linearly eliminate that advantage over the next ten years. On that basis, the Commission estimates the present value of the cost this will impose on carriers to range from $160 million and $960 million. 94. The analysis assumes constant real equipment prices. While real equipment prices will likely decline, it is the difference between the prices of alternatives to Huawei and ZTE equipment and the prices of Huawei and ZTE equipment that determines the reimbursement cost. While lower real prices would increase demand, they would also reduce the extent to which reimbursements from the Fund are necessary, the net effect of which is likely to be small relative to the error inherent in the Commission's estimates. 95. In developing these estimates, the Commission first estimates the cost of replacing Huawei and ZTE equipment, and then estimate ongoing expenses. Since the Commission's Report and Order does not mandate replacement, the Commission does not assume that all Huawei and ZTE equipment is replaced by alternative equipment. Instead, the Commission expects that a fraction of the Huawei and ZTE equipment will be replaced. The Commission then estimates the ongoing expenses implied by the assumed replacements. However, the sum of the estimated replacement and ongoing costs is not entirely attributable to the Commission's action. Instead, it is the difference between these costs and the [[Page 244]] costs that would have been incurred if Huawei and ZTE equipment were used. The Commission estimates this difference using reported differences between the prices of Huawei and ZTE equipment and the prices of alternative equipment (again, setting aside for these purposes concerns about the lower quality, reliability, or durability of such lower-priced equipment). 96. The Commission estimates the average cost for a firm to replace its Huawei and ZTE equipment, excluding ongoing expenses, to range from $40 million to $45 million. The Commission then multiplies this by an estimate of the number of firms that have Huawei or ZTE equipment and relies on universal service support, and then reduces it to account for the extent to which carriers will use other sources of capital to purchase and maintain Huawei and ZTE equipment. The result is an estimate of the cost of replacing Huawei and ZTE equipment, excluding ongoing expenses. 97. Seven carriers reported their estimated cost of replacing installed Huawei or ZTE equipment. The estimates come from Pine Belt Cellular, Sagebrush, Union Telephone Company, NE Colorado Cellular, SI Wireless, United TelCom, and James Valley Telecommunications. The median of the firms' replacement cost estimates is $50 million. 98. To guard against distortion due to extreme estimates, particularly given carriers' incentives to report higher estimates, the Commission prefers the median to the mean. The mean of the 7 reports, $94 million, is significantly raised by NE Colorado Cellular's cost estimate, which is 3 times larger than the next highest estimate, and 60 times larger than the lowest estimate. NE Colorado Cellular's absolute costs also seem high. It reports 80% of its network to be Huawei equipment, which it estimates would cost $360 million to replace. That implies a network with a replacement cost of approximately $450 million (= $360 million/0.8 million). Assuming an annual cost factor of 25%, this implies annual expenses of $112.5 million. As a comparison, the annual cost of switching in the Connect America Model is 0.2671, the sum of the annual charge factors for capital expenditures, 0.1476, and operating expenditures, 0.1195. (For the Commission's estimates of the Report and Order costs, the Commission uses a 30% annual charge factor, as it wishes to avoid understating the costs of its actions. Here, the Commission seeks to show that NE Colorado Cellular's costs are high, so it uses a 25% annual charge factor to demonstrate that their reported costs are high even under conservative assumptions.) NE Colorado Cellular reports serving 110,000 customers, so capital costs alone amount to approximately $85 per month per customer ($112.5 million/12/110,000 = $85). Of course, NE Colorado Cellular must recover costs beyond its capital costs. NE Colorado Cellular collects and pays roaming fees, the net of which could reduce the required monthly recovery from its customers, but presumably not radically. Thus, NE Colorado Cellular would need to be charging monthly subscriber fees of around or probably in excess of $85 per month, which seems high, especially compared with T-Mobile's ``Premium Unlimited Plan,'' which costs $50 per month per subscription when four subscriptions are purchased. 99. The Commission expects that firms motivated to report their costs in the record of the proceeding have above average costs. Indeed, the reporting carriers are unlikely to be representative of carriers affected by the Commission's actions, but rather reflect carriers with greater incentives to put their concerns in the record, i.e., carriers for which the impact of a rip-and-replace requirement is large compared with similarly situated non-reporting carriers. In 2018, the 7 carriers who provided rip and replace cost estimates represented only 0.15% of mobile carrier end-user revenues as reported in their FCC Form 499s. Consequently, the Commission conservatively discounts the median of reported costs by between 10% and 20%, which yields an estimated replacement cost for each network of $40 million to $45 million. 100. The Commission generously estimates 106 firms currently buy Huawei and ZTE equipment. Huawei reports serving 85 U.S. customers in 2019. Alternatively, the Commission could rely on the Dell'Oro Group's North American market share estimate for ZTE of zero. This would imply only 85, rather than 106 purchasers, lowering the Commission's cost estimates by approximately 20%. Market share estimates for Huawei and ZTE, respectively of 31.1% and 7.5%, imply 105.5 (= 85 * (1 + 7.5/ 31.1)) purchasers of equipment from Huawei and ZTE. See Dell'Oro Group, Market Research Reports on Mobile Radio Access Network, which also finds Huawei's North American share to be only 1.5% and ZTE's to be zero. This is likely an overestimate as both suppliers, but especially ZTE, have experienced a decline in their U.S. customer bases. For sake of this analysis, however, the Commission rounds up to 106 firms. Given all of these customers are not likely to be ETCs, e.g., they may be firms purchasing Wi-Fi routers for internal use, the Commission estimates between 32 (30%) and 53 (50%) of these firms accept universal service funds. This range is consistent with CoBANK's estimate that 30 rural carriers are impacted. 101. Lastly, the Commission recognizes capital is fungible, and carriers have some leeway to buy Huawei or ZTE equipment from other funding sources. For these carriers, the Commission estimates they may only use universal service funds to replace between 50% and 75% of their existing Huawei or ZTE equipment. The Commission's actions prevents carriers from purchasing Huawei and ZTE equipment using universal service funds but does not prohibit them from purchasing such equipment using funds from other sources so long as they can meet the accounting requirements described in this document. This gives the following lower and upper bounds for the costs of replacing installed Huawei or ZTE equipment: Lower bound: $640 million = $40 million * 32 * 50%. Upper bound: $1.79 billion = $45 million * 53 * 75%. 102. Converting the Replacement Cost into a Cost Stream. Assuming the average useful life of the equipment in question is ten years, then on average in each year, 10% of the total value of the equipment must be replaced. The Commission adds to this an additional 20% of the value of the equipment for expenses for service and maintenance costs and a return to bondholders and shareholders. The sum equals a generous annual charge factor of 30%. This may be broken down into a 10% factor for capital purchases to maintain the capital base, and a 20% factor for service, maintenance, and a return to bondholders and shareholders. By comparison, the annual cost factor for switching in the Connect America Model is 0.2671 the sum of the annual cost factors for capital expenditures, 0.1476, and operating expenditures, 0.1195. This, with assumptions about prices discussed in this document, allows the Commission to develop a cost stream associated with each year for 20 years. 103. Comparing Expenses under the Report and Order with the Case of No Report and Order. Of course, this equipment would be replaced with or without the Commission's requirement. The relevant cost of the Commission's action is the price differential or markup between purchasing alternative equipment and Huawei or ZTE equipment. Sources suggest this markup [[Page 245]] ranges from 5% to 40% (not taking into account any change in quality, reliability, or durability). These markups do not account for quality differences between Huawei and ZTE, and their rivals, or the likelihood that these rivals' prices will become more competitive over time. The 40% estimate, which is well above the other two estimates, comes from a carrier that appears particularly concerned about the Commission's actions, and hence may have overestimated the markup. Consequently, the Commission uses the mid-points of each of the other two markup estimates, 10% and 25%, as lower and upper bounds. Using these price markup assumptions and subtracting the annual cost streams in the absence of the Report and Order from the cost streams under the Report and Order results in a stream of cost differences. The Commission thus estimates the present value of the cost differences for the next twenty years that would arise due to the Report and Order ranges from $160 million to $960 million. 104. The Economic Efficiency Costs of the Commission's Actions. So far, the Commission has only discussed the replacement cost of its actions. To understand the potential breadth of the economic cost of the Commission's actions, first consider the simple case in which prices of both the cheaper and the more expensive providers recover no more than the economic costs of supply, including a return of capital (capital replacement), and a return on capital, accounting for the risks the firm's owners bear. Call this a normal profit. In that case, the cost just calculated is a key economic cost, representing an increase in resources used because the Commission's actions cause carriers to shift their purchases from more to less efficient providers. But there is a further efficiency consequence of the Commission's actions. Purchase from less efficient suppliers occurs at higher (quality-adjusted) prices. If the quality-adjusted prices of Huawei and ZTE are equal to their rivals' prices, then the Commission's actions would have no costs. However, some carriers prefer Huawei or ZTE to alternative suppliers, implying that these carriers view the prices of Huawei or ZTE to be the lowest quality-adjusted price available to them. This lowers output because end users face higher prices, and consequently purchase less than is efficient. Estimating the efficiency cost of this is difficult, but relative to the replacement cost, the distortion cost is small and likely swamped by the error inherent in the replacement cost estimate. This is true from a global as well as a domestic perspective. 105. This can be seen by focusing on the intermediary market for network equipment, i.e., demand in this market is derived from demand for services provided to end users. This implies the distortions in the intermediary market reflect those in the final market. The reimbursement cost to the Universal Service Fund is the product of the amount of network equipment bought and sold at the new higher prices, call this Q, and the markup over Huawei and ZTE prices, call this [Delta]P. The cost of the distortion caused by the reduction in demand for network equipment due to inefficiently higher prices is the lost value consumers would have obtained from the additional quantity they would have consumed at the Huawei or ZTE prices. This lost value equals the area under the demand curve in the region where demand is curtailed due to the higher prices of the alternative suppliers. At a first approximation, this cost is, because demand is downward sloping, strictly less than the product of the change in what is bought and sold, call this [Delta]Q, and the change in price, [Delta]P. The reimbursement cost, [Delta]P * Q, swamps the distortion cost, [Delta]P * [Delta]Q, since Q is generally considerably larger than [Delta]Q. Thus, if higher prices reduce demand by 5% (= [Delta]Q/Q), then the distortion cost could not add more than 5% to the cost to the Universal Service Fund ([Delta]P * [Delta]Q/[Delta]P * Q = 5%). 106. From a global perspective, the Commission's estimates of the economic cost of its actions would be higher to the extent that Huawei or ZTE earn more than a normal profit despite having substantially lower prices than their rivals. Purchases diverted to alternative suppliers would cause Huawei and ZTE to forgo that extra-normal profit. However, it seems unlikely that Huawei or ZTE earn extra-normal profit. Similarly, from a global perspective, the Commission's economic cost estimate would be lower to the extent that the prices of the rivals of Huawei and ZTE, today essentially being Ericsson and Nokia, incorporate extra-normal profits. While U.S. purchasers, and hence the Universal Service Fund, would be spending more when purchasing from Ericsson and Nokia at higher prices, to the extent these prices incorporate extra- normal profit, this would be a transfer from the U.S. to the foreign owners of Ericsson and Nokia. Finally, from a global perspective, if Huawei or ZTE's prices are less than what is required to recover their costs of operations, e.g., due to a government subsidy, then the economic cost of the Commission's actions would be lower. 107. The Commission rejects Huawei's claims that its actions would reduce 5G deployment and would materially increase mobile radio access network equipment prices in the U.S., which in turn would materially harm growth and employment in the U.S. economy. It is unlikely the Commission's actions will impact U.S. 5G deployment. The four largest U.S. mobile carriers do not use and have no plans to use Huawei (or ZTE) radio access network equipment. Given this, and Aron's claim that there are high costs associated with switching from one equipment manufacturer to another, it is implausible that the Commission's actions will affect these carriers' 5G deployment plans. More broadly, the Commission finds it unlikely that its actions will materially increase U.S. radio access network equipment prices. While carriers that buy equipment from covered companies could face higher prices in the near term (and only to the extent they use universal services funds to purchase that equipment), Huawei's own chief executive has admitted that Huawei has ``virtually no business dealings in the U.S.''--making it far more likely that the Commission's rule will have ``virtually no'' impact on 5G deployment. What is more, the Commission finds that ensuring a robust ecosystem of trusted vendors for 5G equipment (one collateral consequence of the Commission's rule) is more likely to keep 5G equipment prices checked by a competitive market over the long term, facilitating deployment and continued U.S. leadership in 5G. III. Information Collection Order 108. In the concurrently adopted Further Notice, the Commission seeks comment on proposals to address the national security threats arising from the existing use of equipment or services produced or provided by covered companies. To support the Commission's future efforts to protect the communications supply chain, the Commission directs WCB and OEA, in coordination with USAC, to conduct an information collection to determine the extent to which potentially prohibited equipment exists in current networks and the costs associated with removing such equipment and replacing it with equivalent equipment. The information collection will aid the Commission's review of the record and guide its next steps in the proceeding. Because section 889(f) of the 2019 NDAA identifies specific companies that are prohibited from federal procurements, and the concurrently adopted Further Notice [[Page 246]] seeks comment on how to implement those and other prohibitions, the Commission specifically seeks comment on the extent to which equipment or services from companies identified in Section 889 of the NDAA exist in current networks. 109. The Commission seeks information from ETCs on the potential costs associated with the complete removal and replacement of any equipment and services produced or provided by Huawei and ZTE. The information collection applies to all subsidiaries and affiliates of ETCs. 110. Specifically, the Commission seeks information on all equipment and services from Huawei and ZTE that are used or owned by ETCs. ETCs are the subject of the Commission's proposed rule (and among USF recipients the most likely to currently own and use equipment and services from Huawei and ZTE). The Commission therefore limits its information collection only to ETCs and will not require cost information from other USF recipients at this time. The Commission nonetheless will allow service providers that are not ETCs to participate on a voluntary basis should they have ETC designation petitions pending (or may intend to file such in the future). And the Commission will allow other USF recipients who are not ETCs to participate on a voluntary basis as well. 111. In implementing the information collection, WCB and OEA should gather information from ETCs as to whether they own equipment or services from Huawei or ZTE, what that equipment is and what those services are, the cost to purchase and/or install such equipment or services, and the cost to remove and replace such equipment or services. ETCs must demonstrate how they arrived at any cost estimates they provide in response to the information collection. All submissions must be certified to ensure the accuracy of the responses. 112. The information collection shall be mandatory for all ETCs and voluntary for others. The Commission directs WCB to consider the potential confidentiality of any information submitted, particularly where public release of such information could raise security concerns (e.g., granular location information). The Commission expects, however, that the public interest in knowing whether a carrier uses equipment or services from Huawei or ZTE would significantly outweigh any interest the carrier would have in keeping such information confidential. As part of the information collection, the Commission directs WCB and OEA to seek any information necessary to verify responses provided by ETCs to the information collection, including by requiring further information from respondents. The Commission directs WCB and OEA to proceed expeditiously with the information collection, including by seeking emergency PRA approval from OMB, if necessary and appropriate. The Commission believes there is good cause for requesting emergency PRA approval from OMB for the reasons described in the following. Given the nature of the national security concerns, the Commission finds that the serious and immediate risks to communications networks likely justify the expedited approval of the information collection. IV. Procedural Matters A. Paperwork Reduction Act 113. This document contains new or modified information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. It will be submitted to the Office of Management and Budget (OMB) for review under Section 3507(d) of the PRA. OMB, the general public, and other Federal agencies will be invited to comment on the new or modified information collection requirements contained in the proceeding. In addition, the Commission notes that pursuant to the Small Business Paperwork Relief Act of 2002, Public Law 107-198, see 44 U.S.C. 3506(c)(4), the Commission previously sought specific comment on how the Commission might further reduce the information collection burden for small business concerns with fewer than 25 employees. B. Congressional Review Act 114. The Commission has determined, and the Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, concurs, that this rule is non-major under the Congressional Review Act, 5 U.S.C. 804(2), because it is promulgated under the Telecommunications Act of 1996 and the amendments made by that Act. The Commission will send a copy of this Report and Order, Further Notice of Proposed Rulemaking, and Order to Congress and the Government Accountability Office pursuant to 5 U.S.C. 801(a)(1)(A). 115. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated into the Protecting Against National Security Threats Notice for the proceeding. The Commission sought written public comment on the proposed rule in the Protecting Against National Security Threats Notice, including comment on the IRFA. The Commission received only a single comment on the IRFA. Because the Commission amends its rules in the Report and Order, the Commission has included the Final Regulatory Flexibility Analysis (FRFA). The present FRFA conforms to the RFA. 116. Consistent with the Commission's obligation to be responsible stewards of the public funds used in USF programs and increasing concern about ensuring communications supply chain integrity, the Order adopts a rule that restricts universal service support from being used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by any company posing a national security threat to the integrity of communications networks or the communications supply chain. 117. The RFA directs agencies to provide a description and, where feasible, an estimate of the number of small entities that may be affected by the final rules adopted pursuant to the Order. The RFA generally defines the term ``small entity'' as having the same meaning as the terms ``small business,'' ``small organization,'' and ``small governmental jurisdiction.'' In addition, the term ``small business'' has the same meaning as the term ``small-business concern'' under the Small Business Act. See 5 U.S.C. 601(3) (incorporating by reference the definition of ``small-business concern'' in the Small Business Act, 15 U.S.C. 632). Pursuant to 5 U.S.C. 601(3), the statutory definition of a small business applies ``unless an agency, after consultation with the Office of Advocacy of the Small Business Administration and after opportunity for public comment, establishes one or more definitions of such term which are appropriate to the activities of the agency and publishes such definition(s) in the Federal Register.'' A ``small- business concern'' is one which: (1) Is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the SBA. 118. Small Businesses, Small Organizations, Small Governmental Jurisdictions. The Commission's actions, over time, may affect small entities that are not easily categorized at present. The Commission therefore describes in this document, at the outset, three broad groups of small entities that could be directly affected herein. First, while there are industry specific size standards for small businesses that are used in the regulatory flexibility [[Page 247]] analysis, according to data from the SBA's Office of Advocacy, in general a small business is an independent business having fewer than 500 employees. These types of small businesses represent 99.9% of all businesses in the United States which translates to 28.8 million businesses. 119. Next, the type of small entity described as a ``small organization'' is generally ``any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.'' Nationwide, as of Aug 2016, there were approximately 356,494 small organizations based on registration and tax data filed by nonprofits with the Internal Revenue Service (IRS). 120. Finally, the small entity described as a ``small governmental jurisdiction'' is defined generally as ``governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.'' U.S. Census Bureau data from the 2012 Census of Governments indicates that there were 90,056 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States. Of this number there were 37,132 general purpose governments (county, municipal and town or township) with populations of less than 50,000 and 12,184 special purpose governments (independent school districts and special districts) with populations of less than 50,000. The 2012 U.S. Census Bureau data for most types of governments in the local government category show that the majority of these governments have populations of less than 50,000. Based on this data the Commission estimates that at least 49,316 local government jurisdictions fall in the category of ``small governmental jurisdictions.'' 121. Small entities potentially affected by the rules herein include Schools and Libraries, Healthcare Providers, Providers of Telecommunications and other Services, Internet Service Providers and Vendors and Equipment Manufacturers. 122. Restriction on Use of USF Funds. The Order adopts a rule that no universal service support may be used to purchase or obtain any equipment or services produced or provided by a covered company posing a national security threat to the integrity of communications networks or the communications supply chain. Applicants may continue to use their own funds to upgrade and maintain such equipment. They must, however, be able to affirmatively demonstrate that they have not used any funds obtained via the USF to purchase, obtain, maintain, improve, modify, or otherwise support equipment or services provided or manufactured by a covered company. This restriction applies to any and all equipment and services, including software, produced or provided by a covered company. Because the rule is prospective in effect, it does not prohibit the use of existing services or equipment already deployed or in use. USF recipients may seek waivers of the requirements. 123. Covered Companies. The Report and Order initially designates Huawei and ZTE as covered companies for purposes of the prohibition the Commission adopts in this document. Independently, the Order establishes a process for designating entities as national security threats for purposes of the Commission's rule, and delegates to the PSHSB the authority to implement this process, as well as the next steps in the designation processes for Huawei and ZTE. Because equipment from subsidiaries, parents, and affiliates pose the same risks to network integrity as equipment directly from the covered company, the Commission includes any subsidiary, parent, or affiliate of a covered company as a covered company subject to the Commission's prohibition. 124. Effective Date of Rule. Because of the compelling interest in protecting our national security, the Commission concludes that the rule it adopts in this document should take effect immediately upon publication in the Federal Register. For purposes of the Lifeline and High-Cost Support Programs, any prohibition on the use of USF funds will take effect immediately upon publication of the effective date contained in the Final Designation Notice designating an entity as a covered company posing a national security threat. A requirement that USF recipients certify that they are in compliance with the Commission's rule will take effect following revision of each information collection as described in the Order, including approval by the Office of Management and Budget (OMB) under the Paperwork Reduction Act. For E-Rate and Rural Health Care Recipients, the rule the Commission adopts will apply to all funding years that start after the designation of a covered company. The Commission's rule extends to existing contracts to acquire equipment or services from any covered company that were negotiated and entered into prior to the final designation of that entity as a covered company. In other words, existing multiyear contracts to acquire equipment or services from a covered company will not be exempt from the rule. 125. Compliance Certifications. The Order establishes that the Commission should require recipients of universal service support to provide a certification that they have complied with the adopted rule, and directs WCB, in coordination with USAC, to revise the relevant information collections for each of the four USF programs to implement a certification attesting to compliance with the adopted rule. 126. Audits and Recovery of Funds. The Order directs USAC to implement audit procedures for each USF program consistent with the adopted rule. USF recipients must be able to affirmatively demonstrate that no universal service funds were used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services provided or manufactured by covered companies. The Order notes that applicants in the E-rate and Rural Health Care programs already retain and provide information either during the application process or during audit and program integrity assurance processes that could demonstrate (if verified) that no USF funds were improperly used. And many ETCs receiving High Cost funding now report the projects they complete using federal funds to the High Cost Universal Broadband portal, allowing relatively swift verification by USAC of compliance. To the extent that other ETCs do not yet report information to USAC that would verify compliance, the Commission directs WCB and USAC to revise its information collection and audit procedures to ensure the reporting of USF expenditures in a manner that will allow efficient oversight and thorough compliance. The Order does not depart from the requirement that directs USAC to pursue recovery actions against the party or parties that committed the rule or statutory violation in question, recognizing that, in some instances, this could be the applicant school, library, health care provider, or consortium, rather than the service provider. 127. Information Collection. The Information Collection Order directs WCB and OEA, in coordination with USAC, to conduct an information collection to determine the extent to which potentially prohibited equipment exists in current networks and the costs associated with removing such equipment and replacing it with equivalent equipment. Specifically, the information collection will seek information from ETCs on the potential costs associated with the complete removal and replacement of any equipment and services produced or [[Page 248]] provided by Huawei and ZTE. Specifically, the Commission seeks information on all equipment and services from Huawei and ZTE that are used or owned by ETCs. ETCs are the subject of the Commission's proposed rule (and among USF recipients the most likely to currently own and use equipment and services from Huawei and ZTE). The Commission therefore limits its information collection only to ETCs and will not require cost information from other USF recipients at this time. The Commission nonetheless will allow service providers that are not ETCs to participate on a voluntary basis should they have ETC designation petitions pending (or may intend to file such in the future). And the Commission will allow other USF recipients who are not ETCs to participate on a voluntary basis as well. 128. In implementing the information collection, WCB and OEA should gather information from ETCs as to whether they own equipment or services from Huawei or ZTE, what that equipment is and what those services are, the cost to purchase and/or install such equipment or services, and the cost to remove and replace such equipment or services. ETCs must demonstrate how they arrived at any cost estimates they provide in response to the information collection. All submissions must be certified to ensure the accuracy of the responses. The information collection shall be mandatory for all ETCs and voluntary for others. The information collection applies to all subsidiaries and affiliates of ETCs. The Information Collection Order directs WCB to consider the potential confidentiality of any information submitted, particularly where public release of such information could raise security concerns (e.g., granular location information). The Commission expects, however, that the public interest in knowing whether a carrier uses equipment or services from Huawei or ZTE would significantly outweigh any interest the carrier would have in keeping such information confidential. As part of the information collection, the Commission directs WCB and OEA to seek any information necessary to verify responses provided by ETCs to the information collection, including by requiring further information from respondents. The Commission directs WCB and OEA to proceed expeditiously with the information collection, including by seeking emergency PRA approval from OMB, if necessary and appropriate. 129. The RFA requires an agency to describe the steps the agency has taken to minimize the significant economic impact on small entities of the final rule, consistent with the stated objectives of the applicable statutes, including a statement of the factual, policy, and legal reasons in support of the final rule, and why any significant alternatives to the rule considered by the agency and which affect the impact on small entities were rejected. 130. The scope of the rule adopted in the Order is carefully limited so as to lessen its impact on small entities. Because the rule is prospective in effect, it does not prohibit the use of existing services or equipment already deployed or in use. USF recipients may continue to use equipment or services provided or produced by covered companies obtained prior to the issuance of the rule, although they may not use USF funds to purchase, obtain, maintain, improve, modify, or otherwise support such equipment or services in any way. Recipients may also continue to use their own funds to upgrade and maintain such equipment, so long as they do not use USF funds to do so. The Order also permits USF recipients to seek a waiver of the requirements. In these ways, the Order seeks to minimize the economic burden of these rules on small entities. 131. Effective Date. The rules adopted herein and the initial designations of Huawei and ZTE as covered companies shall be effective immediately upon publication in the Federal Register. 132. While a rule ordinarily will take effect 30 days after publication in the Federal Register, the Commission finds here that good cause exists to expedite the implementation of these rules and to make them effective upon publication in the Federal Register. In finding that good cause exists, the Commission applies the test articulated by the D.C. Circuit in Omnipoint Corporation v. FCC, which requires an agency to ``balance the necessity for immediate implementation against principles of fundamental fairness which require that all affected persons be afforded a reasonable amount of time to prepare for the effective date of its ruling.'' 133. The Commission first examines the necessity for immediate implementation. The record before the Commission establishes that the nature of today's communications networks is such that untrusted participants in the supply chain pose a serious and immediate risk to the integrity and proper functioning of these networks. In addition, expediting the Commission's process for analyzing such risks serves to minimize the scope of exposure of USF recipients to the significant flaws in their networks from future installation of equipment that may compromise the security of these networks, and any resulting need to replace such equipment. Against this critical national security concern the Commission balances the concerns of fairness to affected parties-- including whether dispensing with the 30-day waiting period will deprive affected parties of ``a reasonable time to adjust their behavior before the final rule takes effect.'' Here, the Commission notes that the principal effect of the rules adopted in the Report and Order--restriction on the spending of USF to certain suppliers designated as a threat to national security--will not take effect until an entity is actually designated as a threat to national security under the proposed rules. Thus, no entity will be designated until--at the earliest--31 days after the effective date of the Report and Order. In other words, making these rules effective immediately upon publication in the Federal Register will not inhibit any party's ability to ``prepare for [their] effective date'' because the rules the Commission adopts in this document does not include any requirements with which USF recipients must immediately comply. 134. While the Commission has adopted initial designations of Huawei and ZTE as covered companies, use of USF support to procure or otherwise support equipment or services produced or provided by these two companies has not and will not be disallowed until such time as PSHSB issues a public notice announcing its final determination and the effective date of any potential final designation of one or both of these companies. To the extent that accelerating the effective date requires these companies to respond more quickly to their initial designation, the Commission will provide copies of the Report and Order to both parties or their U.S. agents or affiliates immediately after release. The Commission has recognized that a finding of good cause under section 553(d)(3) can be further supported where ``the Commission is serving those entities by overnight mail.'' 135. Even were the rules the Commission adopts in this document to have an immediate impact on USF recipients, it does not believe it would affect the Commission's findings here. Many service providers have already made the business decision to purchase equipment from alternative vendors in order to avoid security risks. Given this, and the industry's long-standing knowledge of the risks posed by the installation and purchase of such equipment, the Commission believes that the impact of an immediate effective date would be minimal. [[Page 249]] 136. In this case, given the critical security concerns at issue, and the fact that an expedited schedule will not impede the ability of interested parties to prepare for the implementation of the rules the Commission adopts in this document, it finds that good cause exists, in accordance with the balancing test articulated by the Court in Omnipoint, to expedite the implementation of these rules and to make them effective immediately upon publication in the Federal Register. 137. Ex Parte Presentations. This proceeding shall be treated as a ``permit-but-disclose'' proceeding in accordance with the Commission's ex parte rules. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter's written comments, memoranda, or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission's ex parte rules. V. Ordering Clauses 138. Accordingly, it is ordered, pursuant to in sections 1-4, 201(b), 229 and 254 of the Communications Act of 1934, as amended, and section 105 of the Communications Assistance for Law Enforcement Act, 47 U.S.C. 151-154, 201(b), 229, 254, 1004, that the Report and Order is adopted. 139. It is further ordered that Part 54 of the Commission's rules is amended as set forth in the following. 140. It is further ordered that, pursuant to Sec. Sec. 1.4(b)(1) and 1.103(a) of the Commission's rules, 47 CFR 1.4(b)(1), 1.103(a), the Report and Order shall be effective immediately upon publication of the Report and Order in the Federal Register. 141. It is further ordered that, pursuant to Sec. Sec. 1.4(b)(1) and 1.103(a) of the Commission's rules, 47 CFR 1.4(b)(1), 1.103(a), the initial designations adopted in this order shall be effective immediately upon publication of the Report and Order in the Federal Register. 142. It is further ordered, pursuant to sections 1-4, 201(b) and 254 of the Communications Act of 1934, as amended, 47 U.S.C. 151-154, 201(b), 254, that the Information Collection Order is adopted. Information collection pursuant to the Order shall be effective immediately upon OMB approval. List of Subjects in 47 CFR Part 54 Communications common carriers, Health facilities, Infants and children, internet, Libraries, Reporting and recordkeeping requirements, Schools, Telecommunications, Telephone. Federal Communications Commission. Katura Jackson, Federal Register Liaison Officer, Office of the Secretary. Final Rules For the reasons discussed in the preamble, the Federal Communications Commission amends 47 part 54 as follows: PART 54--UNIVERSAL SERVICE 0 1. The authority citation for part 54 is revised to read as follows: Authority: 47 U.S.C. 151, 154(i), 155, 201, 205, 214, 219, 220, 229, 254, 303(r), 403, 1004, and 1302 unless otherwise noted. 0 2. Add Sec. 54.9 to subpart A to read as follows: Sec. 54.9 Prohibition on use of funds. (a) USF support restriction No universal service support may be used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by any company posing a national security threat to the integrity of communications networks or the communications supply chain. (b) Designation of Entities Subject to Prohibition. (1) When the Public Safety and Homeland Security Bureau (PSHSB) determines, either sua sponte or in response to a petition from an outside party, that a company poses a national security threat to the integrity of communications networks or the communications supply chain, PSHSB shall issue a public notice advising that such designation has been proposed as well as the basis for such designation. (2) Upon issuance of such notice, interested parties may file comments responding to the initial designation, including proffering an opposition to the initial designation. If the initial designation is unopposed, the entity shall be deemed to pose a national security threat 31 days after the issuance of the notice. If any party opposes the initial designation, the designation shall take effect only if PSHSB determines that the affected entity should nevertheless be designated as a national security threat to the integrity of communications networks or the communications supply chain. In either case, PSHSB shall issue a second public notice announcing its final designation and the effective date of its final designation. PSHSB shall make a final designation no later than 120 days after release of its initial determination notice. PSHSB may, however, extend such 120- day deadline for good cause. (3) PSHSB will act to reverse its designation upon a finding that an entity is no longer a threat to the integrity of communications networks or the communications supply chain. A designated company, or any other interested party, may submit a petition asking PSHSB to remove a designation. PSHSB shall seek the input of Executive Branch agencies and the public upon receipt of such a petition. If the record shows that a designated company is no longer a national security threat, PSHSB shall promptly issue an order reversing its designation of that company. PSHSB may dismiss repetitive or frivolous petitions for reversal of a designation without notice and comment. If PSHSB reverses its designation, PSHSB shall issue an order announcing its decision along with the basis for its decision. (4) PSHSB shall have discretion to revise this process or follow a different process if appropriate to the circumstances, consistent with providing affected parties an opportunity to respond and with any [[Page 250]] need to act expeditiously in individual cases. [FR Doc. 2019-27610 Filed 1-2-20; 8:45 am] BILLING CODE 6712-01-P