In absence of clarity, chaos: How an Executive Order focused on technology security could end up harming US technology leadership.

Before I begin, rest assured that this is not a political post. Please don’t read any partisan or political views into any of my arguments here. This post is meant to be an objective analysis of an executive order and its potential impact on technology markets.

Now that my political disclaimer is out of the way, let’s begin.

1. Executive Orders are often justified.

As you well know, I am not against the use of executive orders to achieve policy objectives. A year ago, when the Trump administration issued an executive order that blocked the hostile takeover by Broadcom of US innovation powerhouse Qualcomm (reminder: Qualcomm is not just a chipmaker), I welcomed the move. Prompted by CFIUS, whose job it is to sound the alarm when a business deal might jeopardize US interests, the emergency executive order was 100% justified and necessary. Qualcomm falling into the hands of Singapore-based* Broadcom could have jeopardized US technology leadership and US technology security, especially with the commercialization of 5G just around the corner, and research into what will presumably be referred to as 6G roughly a decade from now ramping up in China and the US.

* Yes, I know that Broadcom is technically based in San Jose now, but Avago’s ties to Singapore haven’t magically evaporated in the last 18 months.

2. Does Huawei really pose a security threat?

As you also probably know, as much as I admire Huawei’s technical prowess and the impressive quality of its products, I am also aware of its ties to the Chinese government, which are widely believed to also include ties to the Chinese military. While I would caution against anti-Huawei hysteria, and take sensationalist stories about Huawei spy tech with a very large grain of salt, I do feel that exercising caution when it comes to allowing Huawei equipment to work its way into US and EU critical infrastructure, is warranted. Even if Mission-Impossible-style spy chips turn out to be fables and exaggerations, Huawei equipment, like all equipment comes with its own bucket of vulnerabilities. The debate raging in the technology security community right now is whether or not those vulnerabilities (as they pertain to Huawei) are accidental or deliberate, and regardless of the answer, whether they can be managed or are beyond mitigation.

The frame the concern as concisely as I can, the #1 fear among technology and security analysts is that a hostile nation, (presumably but not limited to China) might someday exploit some of Huawei’s hidden vulnerabilities to, say, shut down power grids, or take over sensitive sites like nuclear power plants, or water treatment plants, or even commercial airports. A secondary concern is that much of Huawei’s technology could also allow hostile actors to spy on individuals and organizations through active and passive measures. For this reason, several countries have adopted protective postures against Huawei, particularly as they contemplate how to tackle the commercialization of 5G.

Let me state here and now that in my opinion, even if we brush aside the wilder claims about the risks posed by Huawei technologies, these concerns are warranted and legitimate. They do demand, if not a response, a practical strategy from governments.

Note that nowhere in the Executive Order we will be reviewing a little further down is Huawei mentioned by name.

3. How to address the Huawei problem with minimum global disruption.

While some political pundits have advocated a ban on Chinese technology products from Huawei, ZTE, and others, prohibition isn’t necessarily the best approach to this problem. For starters, we don’t yet exactly and firmly know what all of the problems with Huawei technologies are. We have opinions and some evidence but we don’t have consensus. We don’t have specificity. Huawei’s threat is still too abstract for policymakers to be able to address the problem with any kind of accuracy. That needs to change.

Furthermore, globalization has made technology supply chains complex, international, and essentially borderless. Apple is a US company but its phones are made by contract manufacturers in Asia. Every technology company in the world sources components and manufacturing in Asia, most of which happens to be in China. While China is an economic, military, and strategic rival, occasional adversary, and potential enemy, we cannot simply snap our fingers and divorce the US technology sector’s success from its dependence on and partnership with China. It isn’t practically realistic or strategically sound to consider a world in which the US or China built a wall between US technology and Chinese technology.

Therefore, an outcome-based solution to the Huawei problem might look like this:

Question #1: Can we trust Huawei equipment?

Question #2: If the answer is no, can we create guidelines for Huawei to follow, that would make its technologies compliant with (presumably new) US technology security standards? Could we also create a no-hostility, no-spying pact to help protect ourselves from hostile technology exploits?

Question #3: Should we create an agency tasked with setting, controlling, and enforcing these standards? (Answer: Yes.)

The solution should not be to ban ALL Huawei technologies from entering US and EU markets, but rather to set conditions that would eradicate (or at least severely minimize) security risks. This would be the least disruptive approach, and one which would benefit all parties, including consumers. Scroll down to item 9 for more ideas on how to get started.

4. “Keep your friends close and your enemies closer” applies here as well.

Huawei has been, for at least the last three to five years, working diligently to undermine US technology leadership around the world, particularly as it pertains to 5G. Most notably, Huawei popped up as the FTC’s lead “witness” against US rival Qualcomm several months ago, raising a record level of eyebrows across Washington DC; to say nothing of technology and security analysts, who watched in horror as FTC lawyers, seemingly unaware that they were being played by China, allowed a federal agency to be weaponized against a US technology company by a foreign adversary. The case, still under review by Judge Koh, has, for obvious reasons, attracted the attention of the Department of Justice, and presumably sounded alarm bells at every national security agency office from Sand Diego to Boston.

The point I am trying to make here is that in an instance like this one, it may be wiser to keep Huawei in play than to banish them. Keeping Huawei in play but with tight boundaries gives US and EU regulators a good deal of joint control over Huawei’s operations within their jurisdictions. Any company that wants to play in those markets will have to make concessions in order to do so. Problems and threats can therefore be mitigated and minimized. Build a wall and throw Huawei out means surrendering every bit of that control and influence on Huawei, and giving the company (and China) license to do whatever they want everywhere else in the world.

I have to be honest: It thrills me to see Huawei finally get a taste of its own medicine, especially after having tried to harm US technology companies for years. Part of me finds this turn of events profoundly satisfying. BUT… a ban is not a sound strategy. Not from a national security standpoint, and not from a technology innovation standpoint either. Engaging with Huawei and with China comes with its share of risks and problems, but engagement and partnerships, no matter how contentious, do provide the US and the EU with options and initiative. The alternative does not.

5. Unilateralism is rarely a strong play in diplomacy and negotiations. Multilateralism is more effective at applying pressure against hostile actors.

The smartest strategy whenever a hostile actor threatens global security or aims to disrupt markets, is for powerful countries to band together and exert pressure together. Unilateralism, in which one country goes at the problem alone, should be a last resort, not a first resort. Ideally, what we would have seen here was the US government and the EU forming a global coalition of powerful economies – including Canada, Mexico, Australia, Japan, etc. – to collectively establish conditions, guidelines, and sanctions against companies like Huawei (and perhaps China as a whole). Instead, the US appears to be tackling the problem alone, even though many telecom markets have already shown themselves very much aligned with the US posture towards Huawei. This, in my view, is a mistake. A united front could force China and Huawei to negotiate a compromise that would be beneficial to everyone. If you already have a coalition to unite and lead, why not leverage it?

A US ban on Huawei and Huawei-adjacent companies does little to stop Huawei and China from reinforcing their position outside of the United States. It does nothing to steer Huawei and China towards more West-friendly behaviors. It achieves only the most superficial of objectives: limited prohibition. And while that may be an adequate defensive strategy for a smaller country like Denmark or Israel, I don’t see how that kind of isolationist thinking ultimately serves the broader national security and geostrategic interests of the United States.

6. While China and Huawei specifically do pose a threat to US technology leadership and to US national security, particularly with regard to the 5G-driven transformation of our critical infrastructure, that threat does not currently rise to the level of a national emergency.

There is a difference between a threat and an emergency. I believe that Huawei does pose a credible threat to US national security. I also believe that China also poses a threat to US national security. Neither of these threats rise to the level of a national emergency, however. There is no Threat Condition Orange. Networks don’t need to be shut down. No one is in danger. There is no emergency.

When every threat is labeled an emergency, it becomes difficult to differentiate between mere threats (which can be addressed diligently and with an eye towards positive outcomes) and legitimate emergencies, which trigger emergency defensive responses as opposed to well-thought-out plans. Crying wolf like this doesn’t only rob us of initiative and impactful toolkits that work, they also jeopardize our ability to address and solve problems rationally and over time. It also leads us towards the dangerous potential for confusion when a legitimate emergency comes to our shores: After having cried wolf one too many times, will we even take a legitimate emergency seriously, or will we wonder if it is yet another threat being overblown for political effect?

To be clear, something does need to be done about China and Huawei, and now… but this knee-jerk “emergency” approach probably isn’t the best way to address the problem.

7. The language of the Executive Order is problematic: Too vague on the scope of the prohibition, yet firmly specific on the prohibition itself.

Again, you can read the full EO here. Let me single out the portions that are of concern to me, aside from the emergency language already mentioned.

Scope:

“Section 1.  Implementation.  (a)  The following actions are prohibited:  any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service (transaction) by any person, or with respect to any property, subject to the jurisdiction of the United States, where the transaction involves any property in which any foreign country or a national thereof has any interest (including through an interest in a contract for the provision of the technology or service), where the transaction was initiated, is pending, or will be completed after the date of this order…”

Here, the Executive Order prohibits/bans the acquisition, importation, transfer, installation and use of communication technology in which any foreign country or national thereof as any interest, including interest as a contractor.

This section of the EO effectively prohibits the importation into the United States of any technology product made in China. In theory, this order could be applied in the future to iPhones, as they are manufactured by contract manufacturers (who have an interest in the transaction). In fact, as Chinese law requires that US companies operating in China do so through joint ventures, and such joint ventures typically require majority ownership by Chinese interests, the EO issues a predicate blanket prohibition on any product made in China by US companies (via joint ventures) or by a Chinese company under contract with a US company.

That language reflects either a dangerous misunderstanding of the conditions under which US-China technology supply chains exist, or a dangerous degree of recklessness with regard to to the future of the US technology sector with regard to a) its supply chain, b) its Chinese partnerships, and c) the importance of the Chinese market. Either way, reading that sent chills down my spine, and not the good kind. Let’s continue.

Caveats:

“… and where the Secretary of Commerce (Secretary), in consultation with the Secretary of the Treasury, the Secretary of State, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, the United States Trade Representative, the Director of National Intelligence, the Administrator of General Services, the Chairman of the Federal Communications Commission, and, as appropriate, the heads of other executive departments and agencies (agencies), has determined that:

“(i) the transaction involves information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary;…”

Could be China. Could be Russia. Could be Mexico. Could be Singapore. Could be Canada. Definitions are needed here. Literally any country can be labeled an adversary at any time, for any reason, giving the US government the ability to block technology sales from any company in the world, for any reason that can be passed off as national security threat. Again, the language here is dangerously broad.

“… and

(ii)  the transaction:

(A)  poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States;

(B)  poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States; or

(C)  otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.”

Here, we see some welcome specificity: “undue risk of sabotage or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance.” That’s good. “Undue risk.”Poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the digital economy of the United States.” Also good. “Otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.” That one is too vague. “Undue” is a specific threshold. We can nail that down and make it consistent. “Unacceptable” is far more subjective and abstract. Clauses A and B are perfect, but clause C erodes the specificity of the section ii to give the Secretary and the rest of the team dangerously broad latitude.

“(b)  The Secretary, in consultation with the heads of other agencies as appropriate, may at the Secretary’s discretion design or negotiate measures to mitigate concerns identified under section 1(a) of this order.  Such measures may serve as a precondition to the approval of a transaction or of a class of transactions that would otherwise be prohibited pursuant to this order.

“(c)  The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted prior to the effective date of this order.”

(b) The Secretary of Commerce apparently has the unilateral authority to negotiate remedies (or decline to do so) with flagged or targeted companies. A cynic might read into this that the Commerce Department now has the ability to enter into any trade negotiation with a stacked deck and a few extra aces to spare. I am not a cynic, but I understand the concern this new tack raises.

(c) Existing contracts and agreements should generally feel themselves excluded from this prohibition, but flexibility exists on the matter, so who knows?

In other words, the US Secretary of Commerce, based on this EO, now has the absolute power, under a blanket national security emergency justfication, to block any foreign company, foreign subsidiaries of US companies, and foreign contractors working for US companies or their foreign subsidiaries in the technology sector, from doing business in the United States.

We will not be having a discussion about the value of “free, open markets” today. I will not preach about the benefits of competition either. I promised no politics and no partisanship in this analysis. I would be remiss, however, if I failed to point out that, if you are a believer in open markets and competition, I can understand why you might feel nervous to discover that the Commerce Department of the United States now has the ability to reshape global technology supply chains and pick winners and losers in the technology sector, at will, and with little to no oversight. That might feel like a US win today, but a year from now, it could end up causing more harm than good. Caution ahead.

8. Confusion leads to uncertainty, and uncertainty is a stock market threat.

Many years ago, when I served as a military officer, one of the most important rules of command that were all but beaten into me was this: Your orders must always be clear in order to be carried out properly. Orders that aren’t clear, or orders whose objectives (end results) aren’t clear, tend to backfire. Some people will misunderstand your intent, or misunderstand how you want something done, or when, or why. Worse yet, some people will obey the order to the letter, knowing that the outcome will be disastrous, just to cover their asses.

That isn’t what you want: Good orders are clear, and therefore, good leadership is characterized by clear leadership.

This executive order is so broad in scope that I have to assume that most US companies aren’t exactly sure what to do about it. Google, Qualcomm, Intel, and Broadcom have already signaled that they were cutting ties with Huawei, and this, at least to me, feels more like a CYA response than a deliberate severance from Huawei for being a bad actor. (Otherwise, the cutting of ties would have likely happened sooner.) What is the alternative? Risk running afoul of an Executive Order? Even though Huawei is never mentioned in the EO, the safest thing to do is to interpret the EO as it was intended, and go along with it. Too bad for Huawei. It owns its part in this outcome after all.

The problem though, is that US companies are trying to read the tea leaves here, and probably working overtime to translate what the EO actually means for specific supply chain arrangements they have regarding 5G and 5G-adjacent technologies. And if my read on this isn’t completely off-base, they are probably also trying to figure out what the EO will mean a week from now, and six months from now, and a year from now, as opposed to what it means today. Shorthand: Does severing ties with Huawei put an end to it, or does this EO grow into a wider, more problematic policy for the tech sector?

My assumption here is that, if tech and telco companies are struggling to get their heads around what this EO means for their partnerships today and in the future, their investors have to be even more in the dark about how this will all play out, and that is not a healthy place for markets to be in.

9. While the national security threat is real, this EO feels a lot more like hard leverage in the US-China trade war, and that’s a shame. An alternate solution emerges:

Another concern for me is that national security threats and commerce disputes, while often overlapping, should be dealt with independently from one another. National security threats posed by Huawei technologies won’t magically disappear when China and the US finally come to an agreement, and yet you can’t read this EO in the context of the current trade dispute and not imagine the possibility of Huawei bans (spoken or unspoken) being lifted as part of an eventual trade agreement. That’s a problem.

What I would like to see is a more NatSec focus on the threat that Huawei actually poses, independently of the US-China trade dispute. This would require nuance, however, and specificity, and focus.

Regardless of how the trade dispute lands, Huawei could, for instance be required by the US (and why not the EU as well?) to break itself up in order to be allowed to operate in Western markets. A US/EU-based Huawei could, as an option, limit itself to selling consumer electronics. (Huawei phones and laptops don’t pose a threat to critical national infrastructure, last I checked.) A similar kind of segmentation could be applied to chipsets, components, and equipment made in China, to compartmentalize or tier the threat outlined in Section ii A, B, and C of the EO. This seems a more practical and far less disruptive approach to the legitimate NatSec threat posed by Huawei (and companies that also pose a threat) than the broad prohibition currently outlined in the EO. It isn’t a complete solution, but it is a starting point, and right now, a good starting point seems like a good place from which to perhaps reset this discussion.

10. Another EO unintended consequence: disrupting the commercialization of5G.

This topic requires its own analysis, so let me just use this final point as a placeholder for a follow-up. Just know that if Huawei decides to build its own walled garden, and the US-China technology supply chain becomes a casualty of this escalating trade war, the 5G deployment timeline we were all banking on, including investments in equipment and services, could very well be severely impacted. That impact would likely affect major sectors like manufacturing, transportation, agriculture, telecommunications, and energy. That wouldn’t be good news for anyone.

In conclusion:

This EO feels like misapplied good intentions: Yes, we should do something about the legitimate threat posed by Huawei, and yes, we should force it to play by our rules or risk sanctions. But no, this broad “emergency” power grab doesn’t feel like the right approach to the Huawei problem, as a) it may not move Huawei to change its behavior, b) it threatens the stability of the technology supply chain, and c) it could severely hinder the direction of 5G commercialization around the world.

I could be wrong about all of this, and it is early still, so I reserve the right to change my mind… but for now, I am not thrilled about this direction. Too chaotic. Too short-sighted. Too broad.

Feel free to tell me what I am missing. That’s what the comments are for.

To be continued.

 

 

 

 

 

Follow me

Olivier Blanchard

Senior Analyst at Futurum Research
Olivier Blanchard has extensive experience managing product innovation, technology adoption, digital integration, and change management for industry leaders in the B2B, B2C, B2G sectors, and the IT channel. His passion is helping decision-makers and their organizations understand the many risks and opportunities of technology-driven disruption, and leverage innovation to build stronger, better, more competitive companies. A trusted source of analysis and insights on digital business and digital innovation, Olivier also travels the globe speaking about business technology, Disruption as a Model (DaaM), and the impact of innovation on markets and culture. He is also the best-selling author of Social Media RIO: Managing and Measuring Social Media Efforts in Your Organization, and co-author of Building Dragons: Digital Transformation in the Experience Economy. Blanchard is based in Greenville, South Carolina.
Olivier Blanchard
Follow me