CONFIDENTIAL INFORMATION Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. 20554 In the Matter of CHINA TELECOM (AMERICAS) File Nos. CORPORATION f/k/a CHINA TELECOM (USA) CORPORATION Executive Branch Recommendation to the Federal Communications Commission to Revoke and Terminate China Telecom?s International Section 214 Common Carrier Authorizations CONFIDENTIAL INFORMATION TABLE OF CONTENTS I. Introduction .. 1 II. The national security environment has changed signi?cantly since 2007 .. 2 China Telecom provides a full suite of communications services in the United States with its international Section 214 authorizations .. 7 IV. The Executive Branch recommends revocation and termination of China Telecom?s international Section 214 authorizations .. 12 A. China Telecom has engaged in conduct that calls its trustworthiness into question (Factor 2) .. 17 1. China Telecom made inaccurate statements to Team Telecom about where it stored U.S. records .. 19 2. China Telecom made inaccurate statements to US. customers about its cybersecurity practices and may have failed to comply with US. cybersecurity and privacy laws .. 26 B. China Telecom is owned and controlled by Chinese parent entities and ultimately by the Chinese government (Factors its ownership, China Telecom will be forced to comply with Chinese government requests without suf?cient legal procedures subject to independent judicial oversight (Factors 6-7) .. 37 D. China Telecom?s US. operations provide opportunities for Chinese state- sponsored actors to engage in economic espionage and to disrupt and misroute U.S. communications traf?c (Factors 5, 8-12) .. 41 E. 1. China Telecom?s US. operations provide opportunities for Chinese government-sponsored actors to engage in economic espionage against US. targets (Factors 5, 9-12) .. 41 2. China Telecom?s operations in the United States provide opportunities for Chinese government-sponsored actors to disrupt and misroute U.S. communications traf?c (Factors 8-10, 12) .. 44 China Telecom?s lack of trustworthiness limits the Executive Branch?s ability to conduct statutorily authorized law enforcement and national security missions, and to protect information about targets and classi?ed sources and missions (Factors 13, 51 V. The Executive Branch does not recommend further mitigation .. 53 VI. Conclusion .. 56 CONFIDENTIAL INFORMATION REDACTEDH I. Introduction The Executive Branch1 recommends that the Federal Communications Commission (FCC or Commission) revoke and terminate its 2007 certi?cation that China Telecom (Americas) Corp. (China Telecom) meets the present or future public convenience and necessity requirement under Section 214 of the Communications Act, as amended, 47 U.S.C. 214(a). This recommendation re?ects the substantial and unacceptable national security and law enforcement risks associated with China Telecom?s continued access to US. telecommunications infrastructure pursuant to its international Section 214 authorizations. The Executive Branch?s recommendation is based on: 0 Changed circumstances in the national security environment, including the US. government?s increased concern in recent years about the Chinese govemment?s malicious cyber activities; 0 China Telecom?s status as a subsidiary of a Chinese state-owned enterprise under the ultimate ownership and control of the Chinese government; 0 China Telecom?s inaccurate statements to US. government authorities and US. customers regarding its cybersecurity practices, and its apparent failure to comply with US. federal and state cybersecurity and privacy laws; and 0 China Telecom?s US. operations, which provide opportunities for increased Chinese state-sponsored cyber activities, including economic espionage and the disruption and misrouting of US. communications traf?c. 1 For purposes of this recommendation, the Executive Branch includes the Departments of Justice (DOJ), Homeland Security (DHS), Defense State, Commerce, and the United States Trade Representative (U STR) (collectively, the Executive Branch or Executive Branch Agencies). CONFIDENTIAL INFORMATION REDACTEDH In the current environment, the national security and law enforcement risks associated with China Telecom?s international Section 214 authorizations cannot be mitigated. The bases for the Executive Branch?s recommendation are set forth in the arguments below and unclassi?ed exhibits appended hereto. The Executive Branch is also submitting a separate classi?ed appendix with additional information relevant to this recommendation, but submits that the unclassi?ed information alone is suf?cient to support its recommendation. H. The national security environment has changed signi?cantly since 2007 The national security environment has changed signi?cantly since 2007, when the Commission last certi?ed China Telecom?s international Section 214 authorizations to provide international common carrier services. In 2007, the US. Intelligence Community?s top concern was terrorism, with the countries of highest concern being Iraq, Afghanistan, and Pakistan.2 In 2007, the Of?ce of the Director of National Intelligence (ODNI) did not mention the word ?cyber? in its annual brie?ng to Congress on global threats.3 By 2019, the world had changed: cyber issues are listed at the top of this year?s ODNI worldwide threat assessment, and China is the ?rst country identi?ed by name for its persistent economic espionage and growing threat to core military and critical infrastructure systems.4 2 Exhibit 7 at EB-335, Annual Threat Assessment Hearing Before the S. Select Comm. 0n Intelligence, 110th Cong. 3 (2007) (unclassi?ed statement of John D. Negroponte, Director of National Intelligence). 3 Id. 4 Exhibit 8 at EB-351, Worldwide Threat Assessment of the US. Intelligence Community Before the S. Select Comm. 0n Intelligence, 116th Cong. 5 (2019) (statement of Daniel R. Coats, Director of National Intelligence). CONFIDENTIAL INFORMATION The 2019 global threat assessment warns not only of the Chinese government?s cyber activities but also of the potential use of ?Chinese information technology ?rms as routine and systemic espionage platform against the United States and allies.?5 In July 2018, National Counterintelligence and Security Center (N CSC) similarly warned that ?the Chinese government seeks to enhance its collection of US. technology by enlisting the support of a broad range of actors spread throughout its industrial base.?6 The Executive Branch Agencies have raised similar concerns recently. In August 2018, warned that ?China uses its cyber capabilities to support intelligence collection against US. diplomatic, economic, academic, and defense industrial base sectors.?7 According to the access and skill seen in past Chinese intrusions ?are similar to those necessary to conduct cyber operations in an attempt to deter, delay, disrupt, and degrade operations prior to or during a con?ict.?8 In December 2018, DHS stated that actors such as China . . . have used cyber intrusions to steal private sector proprietary information and sabotage military and critical infrastructure. China will continue to use cyber espionage and bolster cyber attack capabilities to support its national security priorities.?9 In September 2018, the White House 5 1d. (emphasis added). 6 Exhibit 82 at EB-1910, Foreign Economic Espionage in Cyberspace, National Counterintelligence and Security Center 5 (July 26, 2018), newsroom/item/ 1 889-201 7 Exhibit 65 at EB-1384, Of?ce of the Sec?y of Def. Ann. Rep. to Cong, Military and Security Developments Involving the People ?3 Republic of China 2018, at 75 (Aug. 16, 2018), POWER-REPORT.PDF. 3 Id. 9 Exhibit 59 at EB-973, China?s Non-traditional Espionage Against the United States: The Threat and Potential Policy Responses: Hearing Before the S. Comm. on the Judiciary, 115th Cong., at 1 (Dec. 12, 2018) (statement of Christopher Krebs, Director, Cybersecurity and 3 CONFIDENTIAL INFORMATION estimated that ?China engaged in cyber-enabled economic espionage and trillions of dollars of intellectual property the?.?lo In November 2018, the Director of the Federal Bureau of Investigation (FBI) warned that ?no country poses a broader, more severe intelligence collection threat than China. Nearly every FBI ?eld of?ce currently has economic espionage cases that lead back to China. . . . They?re using an expanding set of nontraditional methods to do that?both lawful and unlawful?from things like foreign investments and corporate acquisitions, to cyber intrusions and supply chain threats.?ll By the end of 2018, had announced multiple indictments of Chinese state actors targeting the U.S. private sector. Since the Economic Espionage Act was passed in 1996, about 80 percent of economic espionage cases (involving trade secret the? where the defendant knew or intended that his theft would bene?t a foreign government, instrumentality, or agent) have involved China, and most trade secret the? cases have had some nexus to China. Recently announced criminal charges include: 0 The October 10, 2018 unsealing of an indictment against a Chinese intelligence of?cer for seeking to steal U.S. trade secrets relating to aircraft engine designs;'2 Infrastructure Security Agency, U.S. Department of Homeland Security). '0 Exhibit 57 at EB-933, National Cyber Strategy of the United States of America, White House 2 (Sept. 2018), Cyber-Strategy.pdf. Exhibit 90 at EB-1971, Christopher Wray, Dir. Fed. Bureau of Investigation, Address at the Ninth Annual Financial Crimes and Cybersecurity Symposium, Keeping our Financial Systems Secure: a Whole-of-Society Approach, at 2 (Nov. 1, 2018), response. ?2 See Exhibit 66 at Press Release, U.S. Dep?t of Justice, Chinese Intelligence Of?cer Charged with Economic Espionage Involving Theft of Trade Secrets from Leading U.S. 4 CONFIDENTIAL INFORMATION REDACTEDH 0 The October 30, 2018 unsealing of an indictment of Chinese intelligence of?cers and hackers and co-opted company insiders working for them for targeting U.S. aerospace technology, including information related to a turbofan engine used in commercial airliners;l3 The November 1, 2018 unsealing of an indictment charging a Chinese state-owned company, a Taiwanese company, and three individuals for economic espionage related to theft of US. trade secrets relating to dynamic random access memory;14 and The December 20, 2018 unsealing of an indictment of two defendants for working in association with a Chinese intelligence service to hack into managed service providers (MSP) and their clients, here and abroad, for the purpose of stealing, among other data, intellectual property and con?dential business and technological information of MSP clients in the banking and ?nance, telecommunications and Aviation Companies (Oct. 10, 2018), see also Exhibit 97 at EB-2004, United States v. Xu, No. 18-cr-43, Indictment (S.D. Ohio Apr. 4, 2018). '3 See Exhibit 67 at Press Release, U.S. Dep?t of Justice, Chinese Intelligence Of?cers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years (Oct. 30, 2018), insiders-conspired-steal; see also Exhibit 98 at EB-2020, United States v. Zhang, No. 13-cr- 3132, Indictment (S.D. Cal. Oct. 25, 2018). '4 See Exhibit 68 at EB-1446, Press Release, U.S. Dep?t of Justice, PRC State-Owned Company, Taiwan Company, and Three Individuals Charged with Economic Espionage (Nov. 1, 2018), justice. see also Exhibit 99 at United States v. United Microelectronics Corp., No. 18-cr-465, Indictment (N .D. Cal. Sept. 27, 2018). CONFIDENTIAL INFORMATION REDACTEDH consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining sectors.15 The US. Trade Representative, in its March 2018 Section 301 ?ndings, reported that ?cyber theft [was] one of China?s preferred methods of collecting commercial information because of its plausible deniability.?16 Only months later, in its November 2018 Update to its Section 301 ?ndings, the US. Trade Representative raised alarms that incidents of Chinese cyber the?s were rapidly accelerating.17 Most recently, in May 2019, the FCC echoed concerns raised by the Executive Branch Agencies about China?s access to US. telecommunications networks in its unanimous decision denying China Mobile International (USA) Inc.?s application for an international Section 214 authorization.18 The FCC found that ?in the current security environment, there is a signi?cant risk that the Chinese government would use the grant of such authority to China Mobile USA to '5 See Exhibit 69 at EB-1448, Press Release, U.S. Dep?t of Justice, Two Chinese Hackers Associated with the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Con?dential Business Information (Dec. 20, 201 8), see also Exhibit 100 at EB-2071, United States v. Zhu, No. 18-cr-891, Indictment (S.D.N.Y. Dec. 17, 2018). 16 Exhibit 60 at EB-1135, Of?ce of the US. Trade Representative, Findings of the Investigation into China ?s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation under Section 301 of the Trade Act of 19 74, at 153 (Mar. 22, 201 8), '7 See Exhibit 61 at EB-1205-17, Of?ce of the US. Trade Representative, Update Concerning China?s Acts, Policies and Practices Related to Technology Transfer, Intellectual Property, and Innovation, at 10-22 (Nov. 20, 2018), 01 Investi gations/ 3 01 %20Report%20Update.pdf. ?8 In the Matter ofChina Mobile Int'l (USA) Inc., FCC No. 19-38, 34 FCC Red. 3361 (May 10, 2019) (China Mobile Order). CONFIDENTIAL INFORMATION conduct activities that would seriously jeopardize the national security and law enforcement interests of the United States.?19 [11. China Telecom provides a full suite of communications services in the United States with its international Section 214 authorizations China Telecom is an international common carrier authorized to provide ?international basic switched, private line, data, television and business services?20 under 47 U.S.C. 214 and 47 C.F.R. China Telecom?s stated mission is to ?deliver high-quality data and voice solutions and services between the Americas and China to businesses and carriers.?22 Its international Section 214 authorizations, last certi?ed in 2007, are conditioned on China Telecom?s compliance with a Letter of Assurances (LOA) with FBI and DHS.23 '91d. at 33661] 8. 2? 47 C.F.R. 63.22(d) (facilities-based international common carrier); 47 CPR. 63.23(c) (resale-based international common carrier). 21 Exhibit 10 at EB-395, Int ?1 Authorizations Granted, 22 FCC Red. 15266 (2007) (granting Petition to Adopt Conditions to Authorizations and Licenses ?led by DHS with concurrence of and FBI, and conditioning grant of authorization of pro forma transfer of control of international Section 214 authorizations); Exhibit 11 at EB-400, Int ?1 Authorizations Granted, 17 FCC Red. 16199 (2002) (authorizing China Telecom (USA) Corp. to operate as a facilities-based and reseller-based carrier under 47 CPR. between US. and China); Exhibit 12 at EB-408, Int ?1 Authorizations Granted, l6 FCC Red. 14695 (2001) (authorizing China Telecommunications Corp. to operate as a facilities-based and resale-based carrier under 47 CPR. between the United States and all international locations except for China). 22 Exhibit 9 at 89, General FA Qs, China Telecom Americas, (last visited Feb. 26, 2019). 23 See Exhibit 1 at Letter from Yi-jun Tan to DOJ, FBI and DHS (July 17, 2007); see also Exhibit 10 at EB-395, 22 FCC Red. 15266 (2007) (granting DHS petition to adopt conditions to China Telecom?s Section 214 authorization subject to an 47 U.S.C. 214(c) (granting the Commission authority to attach to any Section 214 authorization ?such terms and conditions as in its judgment the public convenience and necessity may require?). CONFIDENTIAL INFORMATION China Telecom leverages its international Section 214 authorizations to provide both regulated and unregulated services as a ?one-stop? provider of a ?full suite? of communications services.24 China Telecom offers US. customers access to international private line and leased circuits.25 China Telecom markets its international private line services as providing ?[s]afe? highly secure bandwidth for sensitive data.?26 China Telecom advertises that its international private lines even have a presence ?inside key securities exchanges and ?nancial data centers.?27 China Telecom also operates a mobile virtual network operator (MVNO) service under the ?CTExcel? brand name and resells mobile services directly to retail customers.28 It targets CTExcel to more than four (4) million Chinese Americans, two (2) million Chinese tourists 2? Exhibit 9 at EB-389, supra note 22. 25 Exhibit 16 at EB-526, International Private Leased Circuit from China Telecom Americas, China Telecom Americas, content/uploads/2018/ (last visited Feb. 12, 2019); Exhibit 17 at EB-528, International Ethernet Private Line from China Telecom Americas, China Telecom Americas, (last visited Feb. 12, 2019); Exhibit 18 at EB-530, International Private Lines, China Telecom Americas, (last visited Mar. 4, 2019). China Telecom may provide or re-sell international private lines with its international Section 214 authorizations. See 47 CPR. 63.23(c) (authorizing facilities and resale-based intemational common carriers to provide, inter alia, private line, data and business services); see also Int ?1 Authorizations Granted, 20 FCC Red. 5985 (2005) (granting authority to make assignment of assets, including private line circuits, from Global Crossing Telecommunications, Inc. to Westcom Corp., where Global Crossing was operating pursuant to international Section 214 authorizations); In the Matter of onorola Corp. Emi Commc'ns Corp., 9 FCC Red. 4066 (1994) (discussing an international Section 214 carrier?s provision of facsimile, data, and international message telephone services over resold international private lines) (citation omitted). 26 Exhibit 16 at EB-527, supra note 25; see also Exhibit 17 at EB-528, supra note 25. 27 Exhibit 18 at EB-530, supra note 25. 28 Exhibit 22 at EB-542, CTExcel, China Telecom Americas, (last visited Feb. 26, 2019). CONFIDENTIAL INFORMATION REDACTEDH visiting the United States annually, 300,000 Chinese students at US. colleges, and more than 1,500 Chinese businesses in the United States.29 China Telecom also offers several services for which it is unclear that an international Section 214 authorization is required but could potentially be affected by future FCC actions. China Telecom?s existing FCC authorizations provide a level of certainty that allow it to offer enterprise-level services that fall within regulatory ?gray areas.? Such services include China Telecom?s MPLS VPN30 services to provide global ?point-to-point? connections, as well as the ability to ?converge multi-site voice, data, video and cloud applications across locations onto one secure global network.?3 1 Also included are China Telecom?s SD-WAN32 services to ?effectively route tra?ic from your global of?ces and data center Another category of services that fall within this ?gray area? are virtual private local area network (LAN) services, which provide ?worldwide Ethernet connectivity to help enterprises to reduce network cost, 29 Exhibit 23 at EB-547, Press Release, China Telecom Americas, China Telecom has big US plan (Jan. 15, 2016), 30 MPLS VPN or multi-protocol label switching virtual private networks. MPLS is a mode of communications transport that can carry different kinds of communications, including circuit (traditional telephone) and packet (Internet) communications. VPNs allow users to connect from geographically separate locations to a private network, such as users in different branch of?ces connecting to one corporate intranet. MPLS VPNs use virtual point-to-point MPLS interconnections to set up VPNs. See Exhibit 20 at EB-535, MPLS VPN, China Telecom Americas, (last visited Feb. 26, 2019). 3' Id. at EB-535-36. 3?2 See Exhibit 21 at EB-539, Software De?ned WAN, China Telecom Americas, (last visited Feb. 26, 2019). SD-WAN or software-de?ned wide-area network. SD-WAN is a type of network architecture that allows enterprises to connect geographically separate of?ces to each other using different modes of communications transport (such as MPLS and broadband). 33 Id. at EB-539. CONFIDENTIAL INFORMATION REDACTEDH deploy diversi?ed options and improve connectivity among geographically dispersed locations.?34 China Telecom also offers data center and cloud services that do not require an international Section 214 authorization.? These services provide customers with ?fast, reliable and secure multi-point network connections from their global offices, data centers or colocation China Telecom advertises that its customers have access to over two dozen physical co-location facilities in the United States,37 where it supplies ?24/7 operations, security and support,? as well as equipment to customers so that they can ?avoid the cost, complexity and time required to build and manage [their] own facilities.?38 In addition, it also provides private cloud ?infrastructure enabling [customers] to build, monitor and manage [their] individualized cloud service.?39 34 Exhibit 19 at EB-533, Virtual Private LAN Service, China Telecom Americas, (last visited Feb. 26, 2019). Virtual private LAN service is a way to provide Ethemet-based multipoint to multipoint communication over Internet Protocol (IP) or MPLS. 35 See, China Mobile Order, 34 FCC Red. at 3364 1[ 4. 36 Exhibit 27 at EB-558, Public Cloud Exchange, China Telecom Americas, (last visited Mar. 1, 2019). 37 Exhibit 6 at EB-296-331, Global Data Center Map, China Telecom Americas, (last visited Feb. 1, 2019) (showing compiled list of China Telecom?s U.S. Points of Presence, colocation facilities, and cloud exchanges). 38 Exhibit 28 at EB-561, Colocation Services, China Telecom Americas, (last visited Mar. 1, 2019); see also Exhibit 6 at EB-296, supra note 37. 39 Exhibit 29 at EB-565, Cloud In?astructure, China Telecom Americas, (last visited Mar. 1, 2019). 10 CONFIDENTIAL INFORMATION REDACTEDH China Telecom is also a managed service provider (MSP). It advertises a ?Managed Security? service with ?proven security solutions? to ?protect . . . mission-critical applications, data and user It also offers ?Managed services, through which it proposes to manage private corporate intranets. This service ?enables multi-national organizations to connect . . . to multiple sites via a secure, private and high-performance network.?42 A ?[m]anaged Customer Premises Equipment (CPE) solution? helps US. customers outsource their ?router and equipment management.?43 China Telecom?s existing authorizations include facilities-based authorizations44 that give China Telecom the option to expand its US. presence without needing further FCC approvals. With its current authorizations, China Telecom can continue to extend its existing network,45 install new equipment or upgrade existing equipment on its network,46 request additional 40 Exhibit 31 at EB-572, Managed Security, China Telecom Americas, (last visited Mar. 1, 2019). 4? Exhibit 25 at 1313-553, Managed WAN, China Telecom Americas, (last visited Feb. 28, 2019). See also Exhibit 26 at EB-556, Services, China Telecom Americas, (last visited Feb. 12, 2019). WAN, or wide area network, connects geographically disparate locations onto one private network, such as a corporate intranet. ?2 Exhibit 25 at 513-553, supra note 41. 43 Exhibit 30 at EB-569, Managed CPE, China Telecom Americas, (last visited Mar. 1, 2019). 44 See Exhibit 11 at EB-400, supra note 21; and Exhibit 12 at supra note 21 (China Telecom?s 2001 and 2002 authorizations to operate as facilities-based carrier between the United States and foreign points). 45 See 47 CPR. 63.02(a) (2018) (?Any common can'ier is exempt from the requirements of Section 214 . . . for the extension of any line?). 46 See 47 U.S.C. 214(a) in this section shall be construed to require a ll CONFIDENTIAL INFORMATION REDACTEDH interconnections with the networks of other US. common carriers,47 or provide facilities-based mobile wireless services using its own network facilities instead of reselling mobile services as it currently does as an without seeking further FCC approvals under Section 214. As explained in the next section, the potential for China Telecom to increase its capabilities as a common carrier heightens the national security and law enforcement concerns raised in this recommendation. IV. The Executive Branch recommends revocation and termination of China Telecom?s international Section 214 authorizations Under Section 214 of the Communications Act, a carrier may not provide common carrier telecommunications services without ?rst obtaining from the Commission a certi?cate that the ?present or future public convenience and necessity require? those services.49 The Commission considers a number of factors in evaluating relevant public interest concerns, including national security, law enforcement, foreign policy, and trade concerns raised by the Executive Branch.50 certi?cate or other authorization from the Commission for any installation, replacement, or other changes in plant, operation, or equipment, other than new construction, which will not impair the adequacy or quality of service provided?). 47 See China Mobile Order, 34 FCC Red. at 3377 In 33 n.98 (?nding that with an international Section 214 authorization, China Mobile would be able to request interconnection with the networks of other Section 214-authorized U.S. common carriers). 48 See id. at 3364 11 4 n.20; see also id. at 3377 11 33 n.98 (?nding that China Mobile would need an international Section 214 authorization to transport communications from the United States to foreign points as an MVNO operator). ?9 47 U.S.C. 214(a) (emphases added). 50 See In the Matter of Mkt. Entry Regulation of Foreign-A?liated Entities, 11 FCC Red. 3873, 1] 3, 3897 1[ 62 (1995) (First Foreign Participation Order). 12 CONFIDENTIAL INFORMATION REDACTEDH When it comes to national security and law enforcement concerns, an applicant for an international Section 214 authorization is not entitled to a presumption that its application is in the public interest.? The FCC has stated that although an applicant for an international Section 214 authorization may be entitled to a rebuttable presumption that grant of its application would not be contrary to the public interest?on competition grounds?no such presumption applies to national security and law enforcement concerns.52 The applicant has the burden to show that the public interest would be served by the grant despite national security and law enforcement risks identi?ed by the Executive Branch.53 The Commission ?accord[s] deference to the expertise of the Executive Branch in identifying and interpreting issues of concern related to national security, law enforcement, and foreign policy? relevant to a pending Section 214 application.54 Because Section 214(a) directs the Commission to act when ?present? or ?future? interests are concerned, and to determine whether the public convenience and necessity ?require? the carrier?s services,55 the Commission should also apply the same deference to the Executive Branch?s expertise with respect to any national security and law enforcement concerns associated with an existing international Section 214 authorization. 5' See In the Matter of Rules Policies on Foreign Participation in the US. Telecommunications Mitt, 12 FCC Red. 23891 23920 1] 65 (1997) (Second Foreign Participation Order). 52 China Mobile Order, 34 FCC Rcd. at 3367 1] 11. 53 Id. 54 Second Foreign Participation Order, 12 FCC Red. at 23920 11 63. 5'5 47 U.S.C. 214(a). 13 CONFIDENTIAL INFORMATION REDACTEDH The Executive Branch, and speci?cally DOJ, DH S, and (collectively, Team Telecom?), reviews international Section 214 carrier authorizations for national security and law enforcement concerns. In China Mobile, Team Telecom publicly disclosed a multifactor analysis it applies when making a recommendation based on national security and law enforcement concerns.57 These factors include, but are not limited to: The Carrier: Whether the carrier has a past criminal history; . Whether the carrier has engaged in conduct that calls the carrier?s trustworthiness into question; and 3. Whether the carrier is vulnerable to exploitation, in?uence, or control by other actors; [Qt?l State Control, In?uence and Abilig to Compel Carrier to Provide Information: 4. Whether the carrier?s foreign ownership could result in control of US. telecommunications infrastructure or persons operating such infrastructure by a foreign government or an entity controlled by or acting on behalf of a foreign government; 5. Whether the carrier?s foreign ownership is from a country suSpected of engaging in actions, or possessing the intention to take actions, that could impair US. national security; 6. Whether the canier will be required, by virtue of its foreign ownership, to comply with foreign requests requests for communications intercepts) relating to the carrier?s operations within the United States, or whether the carrier is otherwise susceptible to such requests and/or demands made by a foreign nation or other actors; and 7. Whether such requests are governed by publicly available legal procedures subject to independent judicial oversight; The Carrier?s U.S. Operations: 8. Whether the carrier?s operations within the United States provide opportunities for the carrier or other actors to undermine the reliability of the domestic communications infrastructure; 9. Whether the carrier?s operations within the United States provide opportunities for the carrier or other actors to identify and expose national security vulnerabilities; 56 See Second Foreign Participation Order, 12 FCC Rcd. at 23919 1] 62 (The Team Telecom agencies consist of the ?federal agencies [that] have speci?c expertise? on national security and law enforcement issues and lead the Executive Branch?s assessment on those issues). 57 Redacted Executive Branch Recommendation to Deny China Mobile International (USA) Inc.?s Application for an International Section 214 Authorization, FCC No. ITC-214- 20110901-00289, at 6-7 (?led July 2, 2018), 14 CONFIDENTIAL INFORMATION 10. Whether the carrier?s Operations within the United States provide opportunities for the carrier or other actors to render the domestic communications in??astructure otherwise vulnerable to exploitation, manipulation, attack, sabotage, or covert monitoring; 11. Whether the carrier?s operations within the United States provide opportunities for the carrier or other actors to engage in economic espionage activities against corporations that depend on the security and reliability of the US. communications infrastructure to engage in lawful business activities; or 12. Whether the carrier?s operations within the United States provide opportunities for the carrier or other actors to otherwise engage in activities with potential national security implications; Requirements of US. Legal Process: 13. Whether the Executive Branch will be able to continue to conduct its statutorily authorized law enforcement and national security missions, which may include issuance of legal process for the production of information or provision of technical assistance; including l4.Whether the con?dentiality requirements that protect information about the targets of lawful surveillance and classi?ed sources and methods will continue to be effective. (collectively, the Factors).58 Team Telecom developed the Factors based on input from agencies with expertise in national security and law enforcement matters, as well as past experiences evaluating applications referred by the Commission and monitoring the effectiveness of mitigation measures. Team Telecom, as the expert agencies within the Executive Branch for identifying and addressing national security and law enforcement concerns, publicly applied these Factors for the ?rst time in the July 2018 recommendation to deny China Mobile International (USA) Inc.?s applicatiOn for an international Section 214 authorization.59 China Telecom?s ongoing operations in the United States raise similar?but more pressing?national security and law enforcement concerns. Accordingly, Team Telecom applied the same Factors in the Executive Branch?s recommendation herein that the Commission revoke and terminate China Telecom?s 58 Id. at 6-7. 59 See id.; see also China Mobile Order, 34 FCC Rcd. at 3368 11 14 n.46, 3367 1] 12, and 3374 26 (citing the Factors in denying China Mobile?s application for an international Section 214 authorization). 15 CONFIDENTIAL INFORMATION existing international Section 214 authorizations. In light of the current national security environment, the Executive Branch has determined that 13 of the 14 Factors weigh strongly in favor of revocation and termination. Only the ?rst Factor, China Telecom?s lack of criminal history, is neutral. The Executive Branch?s recommendation considered: 0 China Telecom?s past conduct, which includes making inaccurate statements to Team Telecom about where it stored U.S. records, making inaccurate statements to U.S. customers about its cybersecurity practices, and potentially failing to comply with U.S. federal and state cybersecurity and privacy laws (Factor 0 The Chinese government?s ultimate ownership and control of China Telecom, and the Chinese Communist Party?s (CCP) recently strengthened in?uence and control over China Telecom?s parent entity (Factors 0 China Telecom?s forced compliance with Chinese government requests (Factors 0 China Telecom?s operations in the United States, which provide opportunities for increased Chinese govemment?sponsored economic espionage, theft of trade secrets (Factors 5, 9-12), and the disruption and misrouting of U.S. communications traf?c (Factors 5, 8-10, 12); and 0 China Telecom?s lack of trustworthiness, which limits the Executive Branch?s ability to conduct statutorily authorized law enforcement and national security missions and effectively protect information about investigations and classi?ed sources and missions (Factors 13-14). 16 CONFIDENTIAL INFORMATION REDACTEDH A. China Telecom has engaged in conduct that calls its trustworthiness into question (Factor 2)60 Team Telecom, while monitoring China Telecom?s LOA compliance over the past year, has discovered conduct that calls into question China Telecom?s trustworthiness. This includes China Telecom?s delayed responses to Team Telecom requests for information, its inaccurate statements to Team Telecom and US. customers, and its apparent failure to comply with federal and state cybersecurity and privacy laws. As an initial matter, China Telecom delayed six months before providing documents in response to a Team Telecom request. This calls into question its willingness to cooperate with Team Telecom to monitor compliance with the LOA. In June 2018, Team Telecom asked for copies of China Telecom?s cybersecurity policies in order to monitor compliance with the requirement that China Telecom ?take all practicable measures? to prevent unauthorized access to US. Records.61 China Telecom did not immediately disclose that Instead, it delayed its response for six months, during which Team Telecom repeated its request ?ve more times.62 In December 2018, China Telecom produced two documents, neither of 6? Factor 2 considers whether a carrier has engaged in conduct that calls its trustworthiness into question. 61 See Business Con?dential Exhibit 32 at EB-576, Letter from DOJ National Security Division to China Telecom (June 13, 2018) (citing LOA). 62 See Business Con?dential Exhibit 33 at EB-578, E-mail from Morgan, Lewis Bockius (hereinafter Morgan Lewis), China Telecom?s outside counsel, to DOJ National Security Division (Aug. 30, 2018) ?rst follow-up e-mail on July 23, 2018 and second follow-up e-mail on August 29, 2018); Business Con?dential Exhibit 34 at EB-581, E-mail from Morgan Lewis to DOJ National Security Division (Sept. 18, 2018) third follow-up e-mail on September 17, 2018); Business Con?dential Exhibit 35 at EB-587, EB-586, E-mail from Morgan Lewis to DOJ National Security Division (Nov. 26, 2018) fourth follow-up e- mail on November 6, 2018; ?fth follow-up e-mail on Nov. 15, 2018). 17 CONFIDENTIAL INFORMATION which existed when Team Telecom made the initial request. The ?rst document, dated ?ve days before China Telecom provided it to Team Telecom.63 The second,- was improperly redacted and dated one month before China Telecom provided it to Team Telecom.64 was After further negotiation, China Telecom disclosed that the redaction concealed Aside from the delays, the Executive Branch is troubled by new disclosures in these documents that indicate China Telecom made inaccurate statements to U.S. government authorities about where it stored U.S. records and to U.S. customers about its cybersecurity 63 See Business Con?dential Exhibit 36 at EB-593, Letter from Mor an Lewis to National Securit Division with attachments Dec. 6 6? Id. at EB-621. 65 Business Con?dential Exhibit 37 at EB-655, E-mail from Morgan Lewis to DOJ National Security Division (Jan. 24, 2019). 18 CONFIDENTIAL INFORMATION practices. China Telecom?s inadequate cybersecurity and privacy practices raise questions as to whether it has complied with relevant federal and state laws. 1. China Telecom made inaccurate statements to Team Telecom about where it stored U.S. records China Telecom?s recent disclosures indicate that China Telecom previously made inaccurate statements to Team Telecom about where it stored U.S. records. After further questioning by Team Telecom, China Telecom admitted that This admission contradicts China Telecom?s January 2016 statement that? ?China Telecom previously represented to Team Telecom that 67 Business Con?dential Exhibit 103 at EB-2111-2112 Letter from Mor an Lewis to 6? Business Con?dential Exhibit 125 at EB-2784, Letter from China Telecom to DOJ, FBI, and DHS (Jan. 11,2016). 19 CONFIDENTIAL INFORMATION REDACTEDH China Telecom has not explained the apparent contradiction in its January 11, 2016 and April 4, 2019 letters to Team Telecom. When Team Telecom attempted to investigate further and requested access logs of foreign access to China Telecom?s U.S. customer records, China Telecom claimed that it 69 Id. 70 Business Con?dential Exhibit 103 at EB-2113, supra note 67. 72 Business Con?dential Exhibit 103 at EB-2112, supra note 67; see also Business Con?dential Exhibit 119 at EB-2745, Letter from National Security Division to Morgan Lewis (May 29, 2019). 20 CONFIDENTIAL INFORMATION Team Telecom, through DOJ, FBI, and DHS, relied on this representation when, two months later, it recommended that the FCC grant international Section 214 authorizations to China Telecom subject to the 2007 LOA. 73 Business Con?dential Exhibit 3 at 5, Responses of China Telecom to Combined Questions for FCC Applicants, dated May 11, 2007 (emphasis added). 74 Business Con?dential Exhibit 36 at EB-621, supra note 63. 21 CONFIDENTIAL INFORMATION CONFIDENTIAL INFORMATION 78 Id. at EB-634. 79 Id. CONFIDENTIAL INFORMATION China Telecommunications Corporation is China Telecom?s ultimate parent entity, and is directly under Chinese government supervision; it owns 70.89 percent of the Parent Entity (CTCL), which in turn wholly owns both CTG and China Telecom.83 80 Business Con?dential Exhibit 103 at EB-2112 su ra note 67 also Business Con?dential Exhibit 103 at EB-2113, supra note 67. 82 Business Con?dential Exhibit 103 at EB-2111, supra note 67 (response to Question No. 7). 83 Exhibit 4 at EB-67, China Telecom Corp. Ltd., Annual Report Form 20-F (Apr. 27, 2018) (ownership chart). 8? The ownershi dia am is derived from information in Exhi i 4 24 CONFIDENTIAL INFORMATION Until questioned by Team Telecom in March 2019, China Telecom did not correct its 85 Business Con?dential Exhibit 103 at EB-21 13, supra note 67. 86 Business Con?dential Exhi - 25 CONFIDENTIAL INFORMATION REDACTEDH ?Such conduct calls China Telecom?s trustworthiness into question and signi?cantly undermines Team Telecom?s and the Executive Branch?s con?dence in any ability to mitigate the national security and law enforcement concerns associated with China Telecom?s FCC authorizations. 2. China Telecom made inaccurate statements to US. customers about its gbersecuritv practices and may have failed to comply with US. cybersecuritv and privacy laws The Executive Branch also learned that? Having failed to respond substantively to Team Telecom?s June 2018 request for cybersecurity policies for six months, China Telecom ?nally submitted what it described as 87 Id. at EB-590 (emphasis added). 88 Business Con?dential Exhibit 37 at EB-655, supra note 65. 26 CONFIDENTIAL INFORMATION REDACTEDH Even if China Telecom had 89 Business Con?dential Exhibit 102 at EB-2103, Letter from National Security Division to Morgan Lewis (Mar. 21, 2019) (quoting Exhibit 1 at EB-2, supra note 23). 90 Business Con?dential Exhibit 103 at EB-2107, supra note 67. 9] Id. at see also Business Con?dential Exhibit 1 19 at EB-2745, supra note 72. 92 Business Con?dential Exhibit 103 at 138-2108, EB-2112-13, supra note 67. 93 Business Con?dential Exhibit 119 at EB-2745, supra note 72 (summarizing May 21, 2019 meeting between China Telecom and Team Telecom); see also Business Con?dential Exhibit 124 at EB-2774, Letter from Morgan Lewis to National Security Division (June 14, 2019) CONFIDENTIAL INFORMATION federal law. China Telecom may have let customers believe that they would receive a higher level of cybersecurity than they actually did. China Telecom promised its customers ?maximum ?95 and enticed them to trust China Telecom with their ?mission-critical? data.96 China security, Telecom speci?cally targeted these claims to US. customers operating in the ?nancial, logistics, retail, energy, media, and healthcare industries. '95 Exhibit 38 at EB-659, Developing a Trusted Security Strategy for China, China Telecom Americas, (last visited Mar. 23, 2019) (advertising the [China Telecom] difference? is ?providing maximum security?). 96 Exhibit 31 at EB-572, supra note 40. 28 CONFIDENTIAL INFORMATION REDACTEDH CHINA TELECOM Company Solutions Industries a, . - fuwu (Above: Excerpted from Exhibit 42 at EB-699, mhasis in red).97 The Federal Trade Commission (FTC) has previously found statements made under similar circumstances to be unfair and deceptive practices under Section 5(a) of the Federal Trade Commission Act In 2016, the FTC sued the operators of the AshleyMadison.com website, alleging that the defendants misrepresented their network security to customers; the FTC speci?cally cited AshleyMadison.com?s failure ?to have a written organizational information security policy.?99 China Telecom?_ ?while advertising ?maximum security? for its data and telecommunications 97 Exhibit 42 at EB-699, Financial, China Telecom Americas, (last visited Feb. 15, 2019). 98 15 U.S.C. 45(a). 99 Exhibit 40 at EB-668, Federal Trade Comm ?n v. Ruby Corp., Case No. 16-cv-2438, Dkt. No. 1, Complaint at 1] 31, 43-47 (D.D.C. ?led Dec. 14, 2016). The defendants settled the complaint by stipulating to a permanent injunction against misrepresenting security practices and agreeing to a partially suspended monetary judgment of $8.75 million. See Exhibit 41 at EB-684, Federal Trade Comm ?n v. Ruby Corp., Case No. l6-cv-2438, Dkt. 9, Stipulated Order for Permanent Injunction and Other Equitable Relief (D.D.C. Dec. 19, 2016). 29 CONFIDENTIAL INFORMATION REDACTEDH services, raises questions about whether China Telecom and its Parent Entity have complied with federal laws such as Section 5(a) of the FTCA. Second China Telecom? 3 questions about whether it complied with more speci?c state laws requiring formal cybersecurity policies and appropriate data protection practices. These laws include: 0 Ohio law requiring businesses to ?create, maintain, and comply with a written cybersecurity program? to avoid liability for unreasonable information security practices.100 China Telecom is subject to Ohio law because it has engaged in sales and business development in Ohio.101 0 Colorado law requiring businesses to ?implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal identifying information and the nature and size of the business and its operations.?102 China Telecom is subject to Colorado law becauSe it has a Point of Presence in Denver, Colorado.103 0 Delaware law requiring any business that ?owns, licenses or maintains personal information [to] implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modi?cation, disclosure, or destruction of '00 See Ohio Rev. Code Ann. 1354.02 (West, 2018) (requiring written cybersecurity program to qualify for an af?rmative defense). See Exhibit 84 at Xiruo Zhao, Linkedln, zhao-361a9bb7/. (last visited Mar. 12, 2019) (disclosing 650+ China Telecom sim card sales in Ohio in 2018). ?02 Colo. Rev. Stat. (2018). '03 See Exhibit 6 at EB-296, EB-302, supra note 37 (Coresite POP in Denver, CO). 30 CONFIDENTIAL INFORMATION REDACTEDH personal information??04 China Telecom is subject to Delaware law because it is incorporated in Delaware.105 0 California law requiring businesses to ?implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modi?cation, or disclosure??(5 China Telecom is subject to California law because it maintains a Global Network Operations Center (NOC) ?07 and signi?cant facilities in 108 California. California law enacted in 2004 also requires businesses to post privacy policies ?conspicuously? on their websites.109 According to China Telecom,? ?As late as July 2, 2017, a publicly available cached version of China Telecom?s website site map did not show a link to a privacy policy.] China Telecom?s apparent failure to comply with Califomia?s Del. Code 123?100 (2018). 105 Exhibit 2 at EB-4, China Telecom (USA) Corporation Stock Purchase Agreement (June 15, 2007). Cal. Civ. Code 1798.81.5(b) (West, 2018). 107 Exhibit 85 at EB-1936, O??ice Locations, China Telecom Americas, (last visited Mar. 13, 2019). '03 Exhibit 6 at EB-296, EB-304-311, EB-318, EB-320-27, supra note 37. ?09 Cal. Bus. Prof. Code 22575 (West, 2018). ?0 Business Con?dential Exhibit 103 at EB-2113, supra note 67. ?1 Exhibit 43, Site Map, China Telecom Americas, cached July 2, 2017, (last visited 31 CONFIDENTIAL INFORMATION privacy policy law is exacerbated by the fact that China Telecom has maintained signi?cant operations in California since at least 2004.112 While any one of these omissions and violations might be excused as an oversight, collectively they demonstrate a corporate disregard for regulations designed to protect the privacy and security of Americans? data. An FCC Section 214 authorization empowering the collection, storage, and transport of such data by such an entity is not in the public interest. B. China Telecom is owned and controlled by Chinese parent entities and ultimately by the Chinese government (Factors 3 and 4)113 As the wholly owned subsidiary of a parent entity that is majority-owned by a Chinese state-owned enterprise, China Telecom is ultimately owned and controlled by the Chinese government. China Telecom?s parent, China Telecom Corp. Ltd. (CTCL, or the Parent Entity), is a Chinese company that has over $50 billion in assets, employs more than 371,000 professionals, and manages 70 percent of the Internet in China.l 1" The Parent Entity is majority- owned (70.89 percent) through an intermediary (China Telecommunications Corp., also known as China Telecom Group) owned by the State-owned Assets Supervision and Administration Commission (SASAC) of the State Council of China.] '5 In addition to the Chinese govemment?s Apr. 2, 2019) (showing China Telecom Americas website sitemap with no record of a privacy policy on July 2, 2017). ?2 Exhibit 9 at EB-389, supra note 22. ?3 Factor 3 considers whether the carrier is vulnerable to exploitation, in?uence or control by other actors. Factor 4 considers whether the carrier?s foreign ownership could result in control of US. telecommunications in?'astructure or persons operating such infrastructure by a foreign government or an entity controlled by or acting on behalf of a foreign government. ?4 Exhibit 9 at EB-389-90, supra note 22- ?5 Exhibit 4 at EB-32, EB-42, EB-67, supra note 83. 32 CONFIDENTIAL INFORMATION REDACTEDH 70.89 percent ownership, Chinese provincial state-owned entities own 11.96 percent,116 for a combined 82.85 percent ownership by all Chinese government entities. China Telecom?s relevant ownership is illustrated in the diagram1 ?7 below: 70.89% Total 29.11% Factors 3 and 4, applied to these facts, weigh strongly in favor of revocation and termination. The Commission previously considered similar factors in China Mobile to support ?6 Id. at EB-67. The provincial state-owned entities are Guangdong Rising Assets Management Co., Ltd. (6.94 percent), Jiangsu Guoxin Investment Group Co., Ltd. (1.18 percent), Zhejiang Financial Development Company (2.64 percent) and Fujian Investment and Development Group Co., Ltd. (1.20 percent). ?7 The information displayed in the diagram is derived from id. at 513-32, EB-42, EB-67. 33 CONFIDENTIAL INFORMATION the denial of an international Section 214 authorization application where the applicant was indirectly owned and controlled by the Chinese government by ?nding that the applicant would be vulnerable to exploitation, in?uence and control by the Chinese government.118 Like the applicant in China Mobile, China Telecom is indirectly majority-owned and controlled by the Chinese government and is vulnerable to exploitation, in?uence and control by the Chinese government. First, China Telecom is wholly owned and controlled by a single Chinese entity?the Parent Entity.? '9 - The Parent Entity is majority-owned and controlled by a state-owned enterprise under Chinese government supervision.121 The Parent Entity has disclosed that the state-owned enterprise?s controlling interests could result in actions that con?ict with the interests of the Parent Entity or its shareholders.122 ?8 China Mobile Order, 34 FCC Rcd. at 3368-71 1111 14?19; see also id. at 3368 $4 n.46 (citing Factors EB-13. Exhibit 4 at 133?42, supra note 83. Id. at EB-42 (?China Telecom Group, a state-owned enterprise . . . as our controlling shareholder, will continue to exercise signi?cant in?uence over our management and policies. . . The interests of China Telecom Group as our controlling shareholder could con?ict with our interests or the interests of our other shareholders. As a result, China Telecom Group may take actions with respect to our business that may not be in our or our other shareholders? best 34 CONFIDENTIAL INFORMATION Second, China Telecom is ultimately majority-owned and controlled by the Chinese government. In China Mobile, the Commission was concerned about Chinese laws123 and certain practices that the Chinese government could use to exploit, in?uence, and control a state- owned enterprise. 124 Some of the concerns raised by the Commission in China Mobile about the Chinese government?s ability to in?uence state-owned enterprises, and consequently their indirect subsidiaries, may have already been realized when it comes to China Telecom. For example, in China Mobile, the Commission noted a USTR report which stated that state-owned enterprises ?are being pressured to amend their articles of association to ensure Communist Party representation on their boards of directors . . . and to ensure that they make important company decisions in consultation with internal Communist Party committees.?125 interests?). ?23 China Mobile Order, 34 FCC Rcd. at 3369 11 17 (?Chinese law requires citizens and organizations, including state?owned enterprises, to cooperate, assist, and support Chinese intelligence efforts wherever they are in the world?); see also Exhibit 118 at EB-2735, China Law Translate, National Intelligence Law of the PRC. (2017), (accessed May 29, 2019); see also Exhibit 120 at EB-2747, Murray Tanner, Beijing ?s New National Intelligence Law: From Defense to O?ense, Lawfare (July, 20, 2017), (citing laws on National Intelligence, Counterespionage, National Security, Counterterrorism, Cybersecurity, and Foreign NGO Management, amendments to PRC Criminal Law, Management Methods for Lawyers and Law Firms, and then-pending draft Law and draft Standardization Law); see also Exhibit 115 at EB-2524, Of?ce of the Sec?y of Def. Ann. Rep. to Cong, Military and Security Developments Involving the People?s Republic of China 2019, at 101 (?The 2017 National Intelligence Law requires Chinese companies, such as Huawei and ZTE, to support, provide assistance, and cooperate in China?s national intelligence work, wherever they operate?). '24 China Mobile Order, 34 FCC Rcd. at 3369-70 11 18 (citing World Bank and USTR reports on Chinese state-owned enterprises demonstrating Chinese government exploitation, in?uence and control); see also Exhibit 116 at EB-2568, USTR, 2018 Report to Congress on China?s WTO Compliance, at 13 (Feb. 2019). ?25 China Mobile Order, 34 FCC Red. at 3370 11 18 n.60 (citing USTR 2018 Report to Congress on China?s WTO Compliance); see also Exhibit 116 at EB-2568, supra note 124. 35 CONFIDENTIAL INFORMATION Such changes may have already occurred with respect to China Telecom. In January 2018, China Telecom?s Parent Entity revised its Articles of Association to give the CCP greater powers,'26 three months after the Chinese government amended the Constitution of the CC R127 According to the Chinese government, the constitutional amendments were made to ?de?ne the status and role of Party organizations in State-owned enterprises.?128 State-owned enterprises would be required to form CCP organizations inside the enterprise to ?focus their work on the operations of their enterprise,? to ?guarantee and oversee the implementation of the principles and policies of the Party and the state within their own enterprise,? and ?participate in making decisions on major issues in the enterprise.?129 China Telecom?s Parent Entity followed suit in January 2018 to revise Articles 9 and 98 13? The Parent of its Articles of Association to conform to the CCP constitutional amendments. Entity?s revised Articles of Association give CCP organizations within the company greater controls over the management and operations over the business. Article 9 of the revised Articles of Association states that: ?26 Exhibit 48 at EB-735 and EB-766, Articles of Association of China Telecom Corp. Ltd. as of Jan. 4, 2018 (Articles 9 and 98 of unof?cial English translation of Articles of Association as ?led with the SEC on Apr. 27, 2018 as part of Annual Report (Form '27 Exhibit 114 at EB-2404, Constitution of the Communist Party of China, Revised and adopted at the 19th National Congress, (Oct. 24, 2017), pdf. '28 Exhibit 113 at EB-23 82, Full text of resolution on amendment to CPC Constitution, State Council of the People?s Republic of China, 7140.htm (Oct. 24, 2017) '29 Exhibit 114 at EB-2404, supra note 127 (Article 33). Exhibit 48 at EB-735, 766, supra note 126 (Articles 9 and 98). 36 CONFIDENTIAL INFORMATION In accordance with the Company Law and the Constitution of the Communist Party of China (the ?Party?), the Company shall set up Party organisations. The Party organisations shall perform the core leadership and political ?mctions. The Company shall set up Party working organs, which shall be equipped with suf?cient staff to handle Party affairs and provided with suf?cient funds to operate the Party organisationsm Article 98 of the Articles of Association states that: Prior to making decisions on material issues of the Company, the board of directors shall seek advice from the Party organisations. When the board of directors appoints senior management personnel of the Company, the Party organisations shall consider and provide comments on the candidates for management positions nominated by the board of directors or the general manager, or recommend candidates to the board of directors and/or the general manager. 1 32 The Parent Entity?s prior Articles of Association did not mention the CCP.133 C. Due to its ownership, China Telecom will be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight (Factors 6-7) 134 China Telecom will be forced to comply with Chinese government requests. It has already submitted to at least one foreign request from its Parent Entity without suf?cient legal process or judicial oversight. As discussed above in Section IV .A.1, supra, China Telecom has Id. at EB-735 (emphasis added). ?32 Id. (emphasis added). ?33 Compare Exhibit 49 at EB-798, China Telecom Corp. Ltd., Annual Report (Form 20? F) (Apr. 28, 2016), Ex. 1.1 (Articles of Association of China Telecom Corp. Ltd. as of May 27, 2015) with Exhibit 48 at EB-732, supra note 126, at Ex. (Articles of Association of China Telecom Corp. Ltd. as of Jan. 4, 2018). 134 Factor 6 considers whether a carrier will be required to comply with foreign requests due to its foreign ownership. Factor 7 considers whether any foreign requests to the carrier would be governed by publicly available legal procedures subject to independent judicial oversight. 37 CONFIDENTIAL INFORMATION The Chinese government?s controls over the Parent Entity and China Telecom, combined with newly enacted Chinese laws, raise signi?cant concerns that China Telecom will be forced to comply with Chinese government requests, including requests for communications intercepts, without the ability to challenge such requests. These new laws include the Cybersecurity Law of the People?s Republic of China, effective June 1, 2017, and the implementing regulation for the Cybersecurity Law, effective November 1, 2018. The June 1, 2017 Cybersecurity Law requires extensive cooperation by telecom and '35 Business Con?dential Exhibit 36 at EB-621, supra note 63. 136 Id. at EB-629, attachment B: U.S. Records Security Agreement, at 9 11 6.2. 38 CONFIDENTIAL INFORMATION REDACTEDII network operators: Article 35: Critical information infrastructure operators purchasing network products and services that might impact national security shall undergo a national security review organized by the State cybersecurity and informatization departments and relevant departments of the State Council. Article 49: Network operators shall cooperate with cybersecurity and informatization departments and relevant departments in conducting implementation of supervision and inspections in accordance with the law.137 According to the Parent Entity?s interpretation of the 2017 Cybersecurity Law, the law sets forth a ?cybersecurity review? that government authorities could initiate that would focus on the ?controllability? of network products and services.138 The November 1, 2018 ?Regulation on Internet Security Supervision by Public Security Organs? (Order No. 151 of the Ministry of Public Security) provided further directives for implementing the 2017 Cybersecurity Law.139 The regulation authorizes the Ministry of Public Security to conduct on-site and remote inspections of any company with ?ve or more networked computers, to copy user information, log security response plans during on-site inspections, and check for vulnerabilities.MO The People?s Armed Police would also be present at inspections to '37 Exhibit 51 at EB-866, Translation: Cybersecurity Law of the People?s Republic of China (Effective June 1, 2017), '38 Exhibit 4 at EB-86, supra note 83. '39 See Exhibit 53 at EB-901, China: New Regulation on Policy Cybersecurity Supervision and Inspection Powers Issued, Library of Congress (Nov. 13, 2018), see also Exhibit 54 at EB-903, China?s New Cybersecurity Measures Allow State Policy to Remotely Access Company Systems, Recorded Future Blog (Feb. 8, 2019), "0 Exhibit 54 at 133-904, supra note 139. 39 CONFIDENTIAL INFORMATION REDACTEDH ensure compliance with the inspection.141 For remote inspections, the Ministry of Public Security would be permitted to use certain cybersecurity service agencies.142 Both the 2017 Cybersecurity Law and 2018 Regulation on Internet Security Supervision provide little, if any, detail about the available legal procedures or judicial oversight to challenge any Chinese govermnent requests. According to industry sources, these new laws codi?ed existing practices rather than imposing wholly new obligations.143 The Executive Branch?s concerns about these laws the level of access and the inability to challenge the laws) is no longer theoretical. China Telecom has disclosed that,? Id. at 133?907, EB-909. ?42 Id. at 133?905. 143 Exhibit 56 at EB-921, Covington Burling LLP., China Releases New Regulation on Cybersecurity Inspection, Inside Privacy (Oct. 23, 2018), ?44 Exhibit 36 at 133-634, supra note 63- 40 CONFIDENTIAL INFORMATION REDACTEDH D. China Telecom?s U.S. operations provide opportunities for Chinese state- sponsored actors to engage in economic espionage and to disrupt and misroute U.S. communications traf?c (Factors 5, China Telecom?s U.S. operations provide opportunities for Chinese state-sponsored actors to engage in espionage, to steal trade secrets and other con?dential business information, and to disrupt and misroute U.S. communications traf?c. As explained in Section II, supra, the Executive Branch has in the past year escalated its warnings about the threats posed by Chinese govemment-sponsored cyber actors in the current national security environment. These warnings are not limited to direct acts by the Chinese government, but also include the Chinese govemment?s potential use of Chinese information technology ?rms as routine and systemic espionage platforms against the United States. '46 1. China Telecom?s U.S. operations provide Opportunities for Chinese govemment-smnsored actors to engage in economic espionage against U.S. targets (F actors 5, 9-12) China Telecom?s U.S. operations provide the Chinese government with access to valuable targets for economic espionage and other intellectual property and privacy-related thefts. The international Section 214 authorizations furnish China Telecom with access to more customers, communications traf?c, and interconnections with other U.S. common carriers than it '45 Factor 5 considers whether a carrier?s foreign ownership is from a country suspected of engaging in actions, or possessing the intention to take actions, that could impair national security. Factor 8 considers whether a carrier?s U.S. operations provide opportunities for actors to undermine the reliability of domestic communications in?astructure. Factor 9 considers whether a carrier?s U.S. operations provide opportunities for actors to expose national security vulnerabilities. Factor 10 considers whether a carrier?s U.S. operations provide opportunities to render communications infrastructure vulnerable to exploitation or covert monitoring. Factor 1 1 considers whether a carrier?s U.S. operations provide opportunities for foreign actors to engage in economic espionage against U.S. corporations. Factor 12 considers whether a carrier?s U.S. operations provide opportunities for actors to engage in other activities with potential national security implications. '46 Exhibit 8 at EB-351, supra note 4. 41 CONFIDENTIAL INFORMATION would have otherwise. Moreover, China Telecom intentionally markets its services as secure to customers in industries highly vulnerable to economic espionage, such as the ?nancial, logistics, retail, media, energy, and healthcare industries.147 China Telecom?s status as a managed services provider (MSP) provides abundant opportunities for Chinese govemment-sponsored actors, as described in a recent federal indictment. According to the December 2018 Zhu indictment, Chinese hackers working in association with the Chinese Ministry of State Security targeted MSPs in order to ?leverage the networks to gain unauthorized access to the computers and computer networks of the clients and steal, among other data, intellectual property and con?dential business data on a global scale.?148 If data centers and corporate intranets are the information economy?s equivalent to banks, then an access to its clients? networks and data centers puts potential bank robbers one step closer to circumventing a bank?s security apparatus. China Telecom?s managed network and security services similarly provide opportunities for Chinese govemment?sponsored cyber actors. According to the October 2018 Zhang indictment, in one cyber intrusion of a French company, a Chinese intelligence of?cer reported to a colleague that sent a fake email pretending to be from network management.?149 Through China Telecom, Chinese government-sponsored cyber actors may have access to China Telecom?s network management and security services. They also have access to the Parent Entity, which is now required by its Articles of Association to carry out functions for and seek the advice of the CCP. Next time, Chinese government-sponsored cyber actors may no longer ?47 Exhibit 42 at EB-699, supra note 97. ?48 Exhibit 100 at EB-2074, supra note 15. ?49 Exhibit 98 at EB-2034, supra note 13- 42 CONFIDENTIAL INFORMATION need to pretend to be from network management?they might actually be from network management. China Telecom?s access to its clients? U.S. records may provide additional opportunities for Chinese government-sponsored cyber actors. China Telecom?s largest US. customers include? As previously mentioned, China Telecom Concerns about such access are heightened by prior reporting that China Telecom?s Chinese af?liates have aided the Chinese govemment?s economic espionage efforts. According to Mandiant (now FireEye), China Telecom?s Parent Entity has provided special ?ber optic communications infrastructure to house a known state-sponsored military cyber unit.153 Mandiant has alleged that this Chinese military unit has stolen hundreds of terabytes of sensitive data from at least 141 organizations across a diverse set of organizations.154 150 Business Con?dential Exhibit 107 at EB-2148, Letter from Morgan Lewis to DOJ National Security Division, Exhibit (April 18, 2019). Business Con?dential Exhibit 36 at EB-634, supra note 63, at Exhibit B. '52 Business Con?dential Exhibit 103 at EB-2113, supra note 67. ?53 Exhibit 70 at EB-1468, EB-1471, Mandiant,APT1: Exposing One ofChina ?3 Cyber Espionage Units, 19, 2013). ?54 Id. at 133-1455. 43 CONFIDENTIAL INFORMATION REDACTEDH 2. China Telecom?s operations in the United States provide opportunities for Chinese government-sponsored actors to disrupt and misroute U.S. communications traf?c (Factors 8-10. 12) Factors 8-10 and 12, when evaluated in light of reports that China Telecom has disrupted and misrouted Internet traf?c (including U.S. government Internet traf?c), also weigh in favor of revocation and termination. China Telecom?s U.S. operations, particularly its eighteen (18) Points of Presence (PoPs) in the United States,155 provide Chinese govemment-sponsored actors with openings to disrupt and misroute U.S. data and communications traf?c. In November 2018, industry monitors observed that Google services were made unavailable to U.S. enterprise users for over an hour, because China Telecom?s network announced erroneous route information]56 In late 2018 and early 2019, during the partial U.S. government shutdown, private security watchers detected China Telecom?s network misrouting the U.S. Department of Energy?s Internet traf?c.157 The misrouting incidents are not isolated incidents but part of a pattern going back to 2010.158 These incidents are believed to result from Border Gateway Protocol 155 Exhibit 6 at EB-296, supra note 37; see also center-map/ (last visited Feb. 1, 2019). ?56 See Exhibit 71 at EB-1527, Ameet Naik, Internet Vulnerability Takes Down Google, Thousand Eyes Blog (Nov. 12, 2018), takes-down-goo g1e/; see also Exhibit 72 at EB-1535, Press Release, China Telecom Corp. Ltd., Statement Regarding the Unfounded Report on China Telecom Being Alleged ?Hijacking Internet Traf?c,? (last visited Jan. 23, 2019). '57 See Exhibit 87 at EB-1948, China Telecom hijack of us Dept. of Energy route continuing into 6th day (Jan. 2, 2019), see also Exhibit 88 at EB-1951, Possible BGP hijack, (Dec. 28, 2018), ?58 See Exhibit 73 at EB-1786-87, 2010 Rep. to Congress of the U.S.-China Econ. Security Rev. Commission, at 243-44 (November 2010); Exhibit 74 at EB-1860, Chinese ISP hijacks the Internet, (Apr. 8, 2010), 44 CONFIDENTIAL INFORMATION REDACTEDH announcement errors, in which China Telecom either originated erroneous route information, or propagated and ampli?ed erroneous route information by advertising it to US. peering partners. BGP assumes the truthful and correct advertising of BGP routes on the Internet and, accordingly, is subject to abuse by unscrupulous (or incompetent) actors. Isolated incidents of misrouting, if quickly identi?ed and corrected, may have limited impact. But that is not the case for China Telecom. For nearly a decade, China Telecom has been on notice that its network advertised incorrect routing information to its neighbors on the Internet. Public reports have claimed that China Telecom?s network160 misrouted large amounts of information and communications traf?c, over long periods of time (often several months), sometimes involving US. government traf?c. For example: 0 April 8, 2010 (15 percent of available routes worldwide): For about 18 minutes, China Telecom advertised erroneous network traf?c routes that instructed US. and other foreign Internet traf?c to travel through Chinese servers. Other servers around the world quickly adopted these paths, incorrectly advertising about 15 percent of all available intemet/; Exhibit 75 at EB-1866, Demchak, C. and Shavitt, Y, China?s Maxim Leave No Access Point Unexploited: the Hidden Story of China Telecom?s BGP Hijacking, Military Cyber Affairs, Vol. 3: Iss. 1, Article 7 (2018). '59 BGP is the routing method that enables the Internet to route information and is a vital part of the Internet infrastructure. Much like a GPS navigation system, the BGP routing protocol provides directions for individual packets of data traveling across independently operated networks on the Internet. BGP uses an Autonomous System (AS) architecture, under which each autonomous system (such as a network operated by a university or Internet Service Provider) is assigned a unique Autonomous System Number (ASN). Under BGP, these ASNs collect routing information ?'om their neighboring ASNs (peers) about what routes are available at that moment, and then propagate that routing information ?irther, which results in creating dynamically updated information about available routes on the Internet. The BGP protocol is used to determine which of the available routes is most suitable. '60 References to ?China Telecom?s network? here refer to both China Telecom?s network as well as its Parent Entity?s network, which is consistent with China Telecom?s own usage. See Exhibit 81 at EB-1899, China Telecom Americas Global Network, (accessed Mar. 11, 2019) (interchangeably referring to its own network and its Parent Entity?s network, ChinaNet AS4134, as one ?Global Network?). 45 CONFIDENTIAL INFORMATION routes on the Intemet to transit through China!? 0 March 2011 (Facebook U.S. traf?c): Traf?c to Facebookcom from was routed through China Telecom.162 0 December 2015 through 2017 (Verizon traf?c): China Telecom advertised erroneous routing information such that Verizon traf?c was routed through China for many months through 2017.163 0 February to August 2016 (Canada South Korea government traf?c): China Telecom erroneously advertised routes such that traf?c between Canadian and South Korean government sites were routed through China Telecom?s POP in Los Angeles and forwarded to China.?54 0 October 2016 (U .S. Italy bank traffic): China Telecom erroneously advertised routes such that traf?c from the United States to a large Anglo-American bank headquartered in Milan,115t5aly, was routed through China Telecom?s P0P in Los Angeles and forwarded to China. 0 April to May 2017 (Sweden/Norway to Japan involving U.S. media traf?c): China Telecom also erroneously advertised routes such that traf?c between Sweden, Norway and Japan, involving a large U.S. news organization, was routed through China Telecom?s POP in California and forwarded to China before being sent to Japan.166 0 April to July 2017 (Italy to Thailand traf?c, affecting U.S. ISPs Cogent and Level 3): China Telecom also erroneously advertised routes from its Los Angeles P0P such that traf?c from Italy to Thailand was routed through China. The erroneous route information affected large U.S. Internet service providers, including Cogent and Level 3, as well as South Korean providers.I67 Exhibit 73 at supra note 158. '62 Exhibit 76 at EB-1877, Andree Toonk, acebook ?s detour through China and Korea, (Mar. 26, 2011), '63 Exhibit 77 at EB-1880, Doug Madory, China elecom ?5 Internet ra?ic Misdirectz'on, VantagePoint Blog (Nov. 5, 2018), misdirection]; Exhibit 75 at EB-1872-73, supra note 158. ?64 Exhibit 75 at EB-1872-73, supra note 158. ?65 Id. at EB-1873. 1? Id. at EB-1874. ?67 Id. at EB-1874. 46 CONFIDENTIAL INFORMATION 0 November 13, 2018 (Google worldwide traf?c, including Suite, Google Search and Google Analytics): For over an hour, China Telecom also erroneously advertised routes from a Nigerian ISP that resulted in traf?c being routed through China and terminating at a China Telecom edge router.168 0 December 2018-January 2019 (U .S. Department of Energy traf?c): Private security watchers detected the re-routing of US. Department of Energy Internet traf?c associated with erroneous route information announced by China Telecom?s network.169 0 June 6, 2019 (European mobile provider traf?c, including U.S.-Europe traf?c): For more than two hours, traf?c destined for Europe?s largest mobile providers was routed through China Telecom?s network, resulting in signi?cant outages that affected WhatsApp availability in the United States.170 This most recent event occurred months after Team Telecom eci?call asked China Telecom When asked to explain, China Telecom claimed that? '68 Exhibit 71 at EB-1527, supra note 156; Exhibit 72 at EB-1535, supra note 156 (Parent Entity acknowledging that China Telecom forwarded ?erroneous routing con?guration by a Nigerian operator? thus ?resulting in severe congestion?). '69 Exhibit 88 at 133-1951, supra note 157. '70 Exhibit 121 at EB-2751, Doug Madory, Large European Routing Leak Sends ra?ic Through China elecom, Oracle Blog (June 6, 2019), china-telecom; see also Exhibit 122 at EB-2761, Archana Kesavan, WhatsApp Disruption: Just One of Broader Route Leak, ThousandEyes Blog (June 7, 2019), Exhibit 123 at EB-2768, Dan Goodin, BGP event sends European mobile tra?ic through China elecom for 2 hours, Ars Technica (June 8, 2019), technology/201 9/ 06/b gh-china-telecom-for?Z- hours/. See Business Con?dential Exhibit 78 at EB-I890, Attachment to E-mail from Morgan Lewis to National Security Division (Jan 23, 2019) (providing responses to questions regarding press reports of China Telecom?s alleged BGP hijacking. '72 Id. at EB-1892. 47 CONFIDENTIAL INFORMATION REDACTEDH Unlike other large data and communications providers in the United States (such as Charter, Cogent, Comcast, CenturyLink, Google, and Microsoft), China Telecom did not join the Internet Society?s Mutually Agreed Norms for Routing Security or other efforts to improve routing security.177 China Telecom has instead argued that? 173 Id. at 138-1892 (response to Question No. 10). 174 Id. at EB-1893 (response to Question No. 1 1). 175 1d. at EB-1893 (response to Question No. 10). 176 1d. at EB-1893 (response to Question No. 10). 177 Exhibit 111 at EB-2189, Network Operator Participants, Mutually Agreed Norms for Routing Security, (last visited May 1, 2019); see also Exhibit 12] at EB-2759, supra note 170 (Oracle security analyst stating that a ?great place for any telecom to start improving their routing hygiene is to join the Internet Society?s Mutually Agreed Norms for Routing Security (MANRS) I 78 Business Con?dential Exhibit 78 at supra note 171 (response to Question No. 1). CONFIDENTIAL INFORMATION This argument is akin to a hazardous chemicals manufacturer arguing that the public need not worry about its failure to monitor safety conditions or follow voluntary ?re safety codes, because nothing has exploded yet, and even if it did, it would not be purposeful. In today?s national security environment, China Telecom?s access to the US. creates a vulnerability that is just as real as failing to monitor ?ammable fumes on a factory ?oor. China Telecom?s US. operations present opportunities, and plausible deniability, for Chinese state-sponsored actors to disrupt and misroute US. Internet traf?c. China Telecom today operates? and has 18 PoPs where it accesses the US. communications network at all major US. interconnection points, including those located in Ashbum, Virginia; Los Angeles, California; New York City; Silicon Valley (San Jose, Santa Clara and Palo Alto, California).180 China Telecom also advertises BGP routing information to peering partners, including China Telecom?s presence in the United States worsened the effects of the November 13, 2018 incident in which its erroneous BGP route advertisements interrupted Google services for 179 Id. at EB-1891 (response to Question No. 3). 180 Exhibit 6 at EB-296, supra note 37. 18] Business Con?dential Exhibit 78 at EB-1891, supra note 171 (response to Question No. Exhibit 79 at EB-1894, China elecom, PeeringDB, (last visited Feb. 8, 2019). CONFIDENTIAL INFORMATION REDACTEDH more than an hour. China Telecom?s Parent Entity admitted that it forwarded erroneous routes received from its Nigerian peer.182 This erroneous information was then disseminated to China Telecom?s peering partners (including those in the United States).183 In a vacuum, a Nigerian network advertising erroneous BGP routes may have limited impact on the United States. But China Telecom?s extensive US. presence ampli?ed that error when China Telecom forwarded that misinformation to US. peers and caused U.S. traf?c to detour through China. Once that traf?c went to China, it terminated at a China Telecom edge router, causing a massive denial of service to Google?s servicesm Industry observers noted that, despite past reports, China Telecom ?still? has not ?reined in their infrastructure for any type of ?ltering,? showing ?how inherently fragile BGP is being based on trust. Also this isn?t new.?185 China Telecom?s is unreasonable given its public history of BGP incidents. China Telecom?s US. presence also allows China to disrupt US. Internet traf?c for political purposes. ODNI warned this year that China is ?capable of using cyber attacks against 99186 systems in the United States to censor or suppress viewpoints it deems politically sensitive. One example is China Telecom?s seeming involvement in the ?Great Cannon? denial of service ?32 Exhibit 72 at EB-1535, supra note 156. ?83 Exhibit 71 at EB-1530, supra note 156. 184 See id. 185 Exhibit 101 at EB-2099, Dan Goodin, Google goes down after major BGP mishap routes tra?ic through China, Ars Technica (Nov. 13, 2018), technology/201 8/ 1 1/major-bgp-mishap-takes-down- goo china/. ?86 Exhibit 8 at EB-353, supra note 4. 50 CONFIDENTIAL INFORMATION attacksm According to an April 2015 paper published by the University of Toronto?s Citizen Lab, China Telecom?s network was used to insert malicious code onto computers in the United States visiting Chinese sites.?88 The computers were then reportedly co-opted to carry out the ?Great Cannon? distributed denial of service attack on GitHub and GreatFire.org.189 The Great Cannon attack speci?cally targeted materials on GitHub and GreatF ire that provided technologies for users who wished to circumvent Chinese government censorship, including the Chinese-language version of the New York Times.190 E. China Telecom?s lack of trustworthiness limits the Executive Branch?s ability to conduct statutorily authorized law enforcement and national security missions, and to protect information about targets and classi?ed sources and missions (Factors 13, 14)191 The Executive Branch agencies believe that China Telecom?s lack of trustworthiness and vulnerability to Chinese government exploitation, in?uence, and control would limit their ability to conduct statutorily authorized law enforcement and national security missions. The US. '87 Exhibit 104 at EB-2119, B. Marczak et al, Research Brief: China?s Great Cannon, The Citizen Lab (Apr. 2015), content/uploads/2009/ O/ChinasGreatCannonpdf. 188 '89 Id.; see also Exhibit 105 at EB-2134, James Grif?ths, When Chinese hackers declared war on the rest of us, MIT Technology Review (Jan. 10, 2019), of-us/. '90 Exhibit 104 at EB-2123, supra note 187; Exhibit 105 at EB-2135, supra note 189. Factor 13 considers whether the Executive Branch will be able to continue to conduct its statutorily authorized law enforcement and national security missions, which may include issuance of legal process for the production of information or provision of technical assistance. Factor 14 considers whether the con?dentiality requirements that protect information about the targets of lawful surveillance and classi?ed sources and methods will continue to be effective. 51 CONFIDENTIAL INFORMATION REDACTEDH government would not be able to work effectively with China Telecom to identify and disrupt unlawful activities or to assist in investigating unlawful conduct as the US. government currently does with trusted communications providers. These efforts rely on a baseline level of trust between the government and telecommunications carriers. These carriers must be willing to share accurate information with the US. government and to cooperate fully in investigations. The government must be able to trust that the information it provides to carriers will be kept in con?dence and used by the carrier solely for the purpose of protecting its networks. In certain instances, however, China Telecom?s indirect ownership and control by the Chinese government may result in particular sensitivities that could impair China Telecom?s compliance with lawful U.S. process that seeks information transmitted using networks connected to China. In other instances, US. authorities may have particular sensitivities that could limit sharing of information with China Telecom due to concerns that its Parent Entity and other Chinese af?liates would become aware of US. authorities? investigative interests in information related to China Telecom?s services. Because China Telecom is ultimately owned by the Chinese government, the US. government cannot trust China Telecom to identify, disrupt, or provide assistance for investigations into unlawful activity sponsored by the Chinese government. Given these facts, the Executive Branch, through Team Telecom, cannot rely on China Telecom?s assistance to conduct statutorily authorized law enforcement and national security missions, such as serving legal process or receiving technical assistance in the prosecution thereof, and cannot trust that China Telecom will protect information about classi?ed or otherwise sensitive sources and missions. 52 CONFIDENTIAL INFORMATION The Executive Branch does not recommend further mitigation The Executive Branch does not recommend ?irther mitigation because the underlying foundation of trust that is needed for a mitigation agreement to adequately address national security and law enforcement concerns is not present here.192 China Telecom has proven to be an untrustworthy and unwilling partner in the Executive Branch?s mitigation efforts under the existing LOA, a three-page document with only ?ve key provisions: 1) To make U.S. records available in the United States in response to lawful U.S. process; (2) To take all practicable measures to prevent unauthorized access to U.S. records; (3) Not to disclose or permit access to U.S. records or U.S. law enforcement demands in response to foreign government request, unless certain safeguards are met, and to notify U.S. authorities if foreign government requests are received; (4) To maintain a U.S. point of contact for accepting and overseeing compliance with U.S. law enforcement demands made pursuant to lawful process; and (5) To notify DOJ, FBI, and DHS of material changes to China Telecom?s services, or of any action requiring notice or application to the FCC. 193 China Telecom has breached at least two of the ?ve LOA provisions, including provisions (2) and (5). As stated in the LOA, breaching any of these conditions provides independent grounds '92 See China Mobile Order, 34 FCC Rcd. at 3380 11 38 acknowledge the Executive Branch?s established role in monitoring and enforcing compliance with mitigation agreements and, therefore, we conclude that it is appropriate to defer to what we believe to be a reasonable assertion of the Executive Branch agencies that mitigation is not an adequate option '93 Exhibit 1 at EB-1-3, supra note 23. 53 CONFIDENTIAL INFORMATION for revoking or terminating China Telecom?s Section 214 authorizations.194 First, China Telecom, as required by the LOA, failed to take ?all practicable measures" to prevent unauthorized access to US. records. 194 Id. at EB-3 (?The Company agrees that, in the event the commitments set forth in this are breached, . . . the DOJ, FBI, or DHS may request that the FCC . . . revoke, [or] cancel . . . any relevant license, permit or other authorization granted by the FCC to the Company?). 195 Business Con?dential Exhibit 119 at EB-2745, supra note 72; see also Business Con?dential Exhibit 124 at EB-2775-76, supra note 93. 197 Business Con?dential Exhibit 102 at EB-2103, supra note 89; see also Business Con?dential Exhibit 109 at EB-2170, Letter from Morgan Lewis to DOJ National Security Division (Mar. 27, 2019); Business Con?dential Exhibit 103 at EB-2107, supra note 67; Business Con?dential Exhibit 119 at EB-2745, supra note 72; Business Con?dential Exhibit 124 at EB-2774, supra note 93. 54 CONFIDENTIAL INFORMATION Second, China Telecom failed to inform the FBI, DOJ and DHS at least twice in 2010 when it ?led notices to the FCC.199 China Telecom?s failure to comply with two of the ?ve provisions in a modest. three- page LOA, or to propose additional mitigation when confronted with these breaches, demonstrates that China Telecom should not be trusted to comply with more stringent mitigation measures. Even if China Telecom had proposed mitigation measures, they would likely be insuf?cient to address newly discovered risks in today?s rapidly evolving threat environment. China Telecom has also demonstrated an unwillingness to cooperate with mitigation monitoring. Despite regular compliance monitoring, the US. government can never have full visibility into all of a company?s activities and must rely on the private party to adhere rigorously and scrupulously to mitigation agreements and to self-report instances of non-compliance. The ?93 Business Con?dential Exhibit 103 at EB-2107, supra note 67; Business Con?dential Exhibit 119 at supra note 72. ?99 Business Con?dential Exhibit 103 at EB-2108-2109, supra note 67 (citing FCC ?le numbers SPC-NEW-20100326-00007 and SPC-NEW-20100314-00006). 200 Id. at Business Con?dential Exhibit 119 at EB-2745-2746, supra note 72; Business Con?dential Exhibit 124 at EB-2774, supra note 93. 55 CONFIDENTIAL INFORMATION US. government cannot rely on China Telecom to do so. In response to a Team Telecom request for cybersecurity policies, China Telecom delayed for six months before it provided an improperly redacted document. When the redaction was ?nally removed, China Telecom?s underlying motivation could not have been more clear: China Telecom wished? Because China Telecom failed to comply with its LOA and has signaled its unwillingness to enter into a more effective agreement, the Executive Branch does not recommend further mitigation. VI. Conclusion The Executive Branch recommends revocation and termination of China Telecom?s existing international Section 214 authorizations to operate as an international common carrier. The present or future public convenience and necessity do not require China Telecom?s international common carrier services in the current national security environment. Instead, China Telecom?s operations in the United States now pose substantial and unacceptable risks to US. national security and law enforcement concerns. 201 Business Con?dential Exhibit 37 at EB-655, supra note 65 (emphasis added). 56 CONFIDENTIAL INFORMATION Although the information set forth above is independently suf?cient to justify recommendation of revocation and termination, the Executive Branch has also provided additional relevant information in the classi?ed annex. Respe tfully submitted: 2&1? D. Smith hi Counsel National Telecommunications and Information Administration US. Department of Commerce Rm 4713 14th Street and Constitution Ave., NW. Washington, DC. 20230 (202) 482-1816 April 9, 2020 57 CONFIDENTIAL INFORMATION CERTIFICATE OF SERVICE 1, Kathy Smith, hereby certify that consistent with 47 CPR. 1.47 I have served a copy of the foregoing by certi?ed mail this 9th day of April, 2020 to the following: Andrew Lipman Catherine Wang Ulises Pin Morgan Lewis 1111 Ave, NW Washington, DC 20004 andrewlipman@morganlewis.com catherine.wang@morganlewis.com ulises.pin@morganlewis.com COUNSEL FOR CHINA TELECOM (AMERICAS) CORP. Luis Fiallo Vice President China Telecom (Americas) Corp. 607 Hemdon Parkway, No. 201 Hemdon, VA 20170 (703) 787-0088 ext. 18 (703) 787-0086 Res ectfully submitted: ef Counsel 58 CONFIDENTIAL INFORMATION Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. 20554 In the Matter of CHINA TELECOM (AMERICAS) File Nos. CORPORATION f/k/a CHINA TELECOM (USA) ITC-214-20020716-00371 CORPORATION Executive Branch Recommendation to the Federal Communications Commission to Revoke and Terminate China Telecom?s International Section 214 Common Carrier Authorizations INDEX OF EXHIBITS Ex. Business I Deserip?on Start No. Con?dential . Page l. 1 July 17, 2007 Letter of Assurance from Yi-jun Tan to DOJ, FBI and DHS 2. China Telecom (USA) Corporation Stock Purchase EB-4 Agreement (June 15, 2007) 3. Responses of China Telecom (USA) Corporation to EB-ll Combined Questions for FCC Applicants (May 11, 2007) 4. China Telecom Corp. Ltd., Annual Report Form 20-F EB-26 (Apr. 27, 2018) 5. China Telecom Americas, Solutions, EB-295 (accessed Feb. 4, 2019) 6. Compiled list of China Telecom?s U.S. PoPs (Points of EB-296 Presence), Colocation facilities and Cloud Exchanges and screenshots of Global Data Center Map, (accessed Feb. 1, 2019) 7. Unclassi?ed Statement for the Record, Annual Threat EB-3 32 Assessment, Senate Select Committee on Intelligence, Director of National Intelligence John D. Negroponte (Jan. 11, 2007) 1 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH Ex. No. Business Con?dential Description Start Page Statement for the record, Worldwide Threat Assessment of the US. Intelligence Community, Senate Select Committee on Intelligence, Director of National Intelligence Daniel R. Coats (Jan. 29, 2019). EB-347 General AQs China Telecom Americas, (accessed Feb. 26, 2019) EB-389 10. International Authorizations Granted, Public Notice, Report No. TEL-01179, DA No. 07-3632 at 3 (Aug. 16, 2007) EB-393 11. International Authorizations Granted, Public Notice, Report No. TEL-00567, DA No. 02-2060 (Aug. 22, 2002) EB-398 12. International Authorizations Granted, Public Notice, Report No. TEL-00423, DA No. 01-1794 (July 26, 2001) EB-407 13. Federal Reserve Foreign Exchange Rates, RMB to USD, 0/hist/dat00)c h.htm (accessed Feb. 26, 2019) EB-412 14. Screenshot, Global Data Center Map, (accessed Feb. 26, 2019) EB-522 15.- Intentionally blank EB-523 to EB- 525 l6. lntemational Private Leased Circuit from China Telecom Americas, China Telecom Americas, content/uploads/2018/ (accessed Feb. 12, 2019) EB-526 17. lntemational Ethernet Private Line from China Telecom Americas, China Telecom Americas, (accessed Feb. 12, 2019) EB-528 18. lntemational Private Lines, China Telecom, (accessed Mar. 4, 2019) EB-530 19. China Telecom Virtual Private LAN service, content/uploads/201 8/ 1 (accessed Feb. 26, 2019) EB-533 2 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 20. China Telecom Americas MPLS VPN, networking/mpls-vpn/ (accessed Feb. 26, 2019) EB-535 21. China Telecom Americas Software De?ned WAN, (last visited Feb. 26, 2019) EB-539 22. China Telecom Americas, CTExcel, (accessed Feb. 26, 2019) EB-542 23. Press Release, China Telecom has big US plan, (Jan. 15, 2016). EB-546 24. How is CTExcel?s mobile plan the best for international students, Quora.com, (accessed Feb. 13, 2019) EB-549 25. Managed WAN China Telecom Americas, services/managed-wan/ (accessed Feb. 28, 2019) EB-553 26. China Telecom Americas, ICT Services, content/uploads/201 8/ 1 (accessed Feb. 12, 2019) EB-556 27. Public Cloud Exchange, China Telecom Americas, (accessed Mar. 1, 2019) EB-55 8 28. Colocation Services, China Telecom Americas, data-centers/idc-colocation/ (accessed Mar. 1, 2019) 29. Cloud Infrastructure, China Telecom Americas, (accessed Mar. 1, 2019) EB-565 30. Managed CPE China Telecom Americas, services/managed-cpe/ (accessed Mar. 1, 2019) EB-569 31. Managed Security, China Telecom Americas, spervices/managed-security/ (accessed Mar. 1, 2019) EB-572 32. June 13, 2018 Letter from DOJ National Security Division to China Telecom. EB-576 33. Aug. 30, 2018 E-mail from Morgan Lewis to DOJ National Security Division EB-578 3 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 34. Sept. 18, 2018 E-mail from Morgan Lewis to DOJ National Security Division EB-581 35. Nov. 26, 2018 E-mail from Morgan Lewis to DOJ National Security Division EB-585 36. Dec. 6, 2018 Letter from Morgan Lewis to DOJ National Security Division with attachments EB-589 37. January 24, 2019 e-mail from Morgan Lewis to DOJ National Security Division EB-655 38. Developing a Trusted Security Strategy for China, China Telecom Americas, strategy-for-china/ (accessed Mar. 23, 2019) EB-658 39. Privacy Policy, China Telecom Americas, (accessed Mar. 23, 2019) EB-661 40. Fair Trade Comm ?n v. Ruby Corp. et al., Case No. 16- cv-2438, Dkt. No. l, Complaint at 1] 31, 43-47 (D.D.C. ?led Dec. 14, 2016) EB-668 41. Fair Trade Comm ?n v. Ruby Corp. et al., Case No. 16- cv-2438, Dkt. 9, Stipulated Order for Permanent Injunction and Other Equitable Relief (D.D.C. Dec. 19, 2016) EB-684 42. Screenshot, Financial, China Telecom Americas, (accessed Feb. 15, 2019) EB-699 43. Site Map, China Telecom Americas, cached July 2, 2017, 70702035054/ (accessed Apr. 2, 201 9) EB-700 Intentionally blank EB-703 45. Intentionally blank 46. Intentionally blank 47. Intentionally blank EB-731 48. China Telecom Corp. Ltd., Annual Report (Form 20-F) (Apr. 27, 2018), Ex. (Articles of Association of China Telecom Corp. Ltd. as of Jan. 4, 2018) EB-732 49. China Telecom Corp. Ltd., Annual Report (Form 20-F) (Apr. 28, 2016), Ex. 1.1 (Articles of Association of China Telecom Corp. Ltd. as of May 27, 2015) EB-798 50. The CEO of China Telecom is the latest Chinese executive to go ?missing,? Business Insider, 5- 12 (Feb. 28, 2015) EB-864 4 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 51. Translation: Cybersecurity Law of the People?s Republic of China (Effective June 1, 2017), peoples-republic-china/ EB-866 52. Intentionally blank EB-890 53. China: New Regulation on Policy Cybersecurity Supervision and Inspection Powers issued, Library of Congress, (Nov. 13, 2018) 54. China?s New Cybersecurity Measures Allow State Policy to Remotely Access Company Systems, Recorded Future Blog, cybersecurity-measures/ (Feb. 8, 2019) EB-903 55. Intentionally blank EB-913 56. China Releases New Regulation on Cybersecurity Inspection, Inside Privacy, (Oct. 23, 2018) EB-918 57. National Cyber Strategy of the United States of America, White House at p.2, content/uploads/201 (September 2018) EB-922 58. China?s Non-traditional Espionage Against the United States: The Threat and Potential Policy Responses, Hearing Before the S. Comm. On the Judiciary, 115th Cong. (Dec. 12, 2018) (statement of John C. Demers, Assistant Attorney General, National Security Division, US. Department of Justice) EB-962 59. China?s Non-traditional Espionage Against the United States: The Threat and Potential Policy Responses at p. 1, Hearing Before the S. Comm. On the Judiciary, 115th Cong. (Dec. 12, 2018) (statement of Christopher Krebs, Director, Cybersecurity and Infrastructure Security Agency, US. Department of Homeland Security) EB-972 60. Findings of the Investigation into China?s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation under Section 301 of the Trade Act of 1974, Of?ce of the US. Trade Representative, NAL.PDF (Mar. 22, 2018) EB-978 5 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION 61. Update Concerning China?s Acts, Policies and Practices Related to Technology Transfer, Intellectual Property, and Innovation at pp. 10-22, 3 01 Investigations/301 %20Report%20Update.pdf (Nov. 20, 2018) BB- 1 193 62. Signi?cant Cyber Incidents, Center for Strategic and International Studies, cybersecurity (accessed Mar. 4, 2019) EB- 1246 63. List of Signi?cant Cyber Incidents Since 2006, Center for Strategic and International Studies, prod.s3.amazonaws.com/s3fs? public/1 9021 (accessed Mar. 4, 2019) EB- 1261 64. Interactive Chart, Signi?cant Cyber Incidents, CSIS Technology Policy Program, bar/index.html (accessed Mar. 4, 2019) EB- 1296 65. Annual Report to Congress, Military and Security Developments Involving the People?s Republic of China 2018, Of?ce of the Secretary of Defense, 8/Aug/16/2001955282/-1/- 1/1/201 (Aug. 16, 2018) EB- 1297 66. Press Release, U.S. Department of Justice, Chinese Intelligence Of?cer Charged with Economic Espionage Involving Theft of Trade Secrets ?'om Leading U.S. Aviation Companies, trade-secrets-leading (Oct. 10, 2018) EB- 1442 67. Press Release, U.S. Department of Justice, Chinese Intelligence Of?cers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years, conspired-steal (Oct. 30, 2018) EB- 1444 68. Press Release, U.S. Department of Justice, PRC State- Owned Company, Taiwan Company, and Three Individuals Charged with Economic Espionage, charged-economic?espionage (Nov. 1, 2018) EB- 1446 6 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 69. Press Release, US. Department of Justice, Two Chinese EB- Hackers Associated with the Ministry of State Security 1448 Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Con?dential Business Information, computer-intrusion (Dec. 20, 2018) 70. Mandiant, Exposing One of China?s Cyber EB- Espionage Units, 1451 (Feb. 19, 2013) 71. lntemet Vulnerability Takes Down Goo gle, Thousand EB- Eyes Blog, 1527 (Nov. 12, 2018) 72. Press Release, China Telecom Corp. Ltd., Statement EB- Regarding the Unfounded Report on China Telecom 1535 Being Alleged ?Hijacking Internet Traf?c,? 8 122.htm (accessed Jan. 23, 2019) 73. 2010 Report to Congress, U.S.-China Economic and EB- Security Review Commission at 243-44 (November 1536 2010) 74. Chinese ISP hijacks the Internet, EB- 1 860 intemet/ (Apr. 8, 2010) 75. Demchak, C. and Shavitt, Y, China?s Maxim Leave No EB- Access Point Unexploited: the Hidden Story of China 1866 Telecom?s BGP Hijacking, Military Cyber Affairs, Vol. 3: Iss. 1, Article 7 (2018) 76. acebook?s detour through China and Korea, EB- 877 korea/ (Mar. 26, 2011) 77. D. Madory, China Telecom?s Internet Traf?c EB- Misdirection, VantagePoint Blog, 1880 misdirection/ (Nov. 5, 2018) 78. Jan. 23, 2019 E-mail from Morgan Lewis to EB- National Security Division 1888 79. China Telecom, PeeringDB, EB- (accessed Feb. 8, 1894 2019) 7 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION 80. FCC IBFS Search Results for ?China Telecom,? EB- gov/myibfs/quickSearch.do? sortBy=c 1 897 (accessed Mar. 7, 2019) 81. Global Network, China Telecom Americas, EB- 899 (accessed Mar. 11, 2019) 82. Foreign Economic Espionage in Cyberspace, National EB- Counterintelligence and Security Center, 1903 newsroom/item/ 1 8 89-201 8-forei gn-economic-espionage- in-cyberspace (July 26, 2018). 83. Company Overview, China Telecom Americas, EB- 1 923 overview/ (accessed Mar. 12, 2019) 84. Xiruo Zhao, LinkedIn, EB- 61 a9bb7/ 1 927 (accessed Mar. 12, 2019) 85. Of?ce Locations, China Telecom Americas, EB- (accessed 1936 Mar. 13, 2019) 86. A. Robachevsky, 14,000 Incidents: a 2017 Routing EB- Security Year in Review, 1940 (Jan. 9, 2018) 87. China Telecom hijack of US Dept. of Energy route continuing into 6th day, 1948 twitter. com/ internetintcl/status/ 1 08046650929262 1829 (Jan. 2, 2019) 88. Possible BGP hijack, EB- (Dec. 28, 2018) 1951 89. K. Lougheed et al, A Border Gateway Protocol, RFC EB- 1105 (Jun. 1989) 1952 90. Christopher Wray, Keeping our Financial Systems EB- Secure: a Whole-of-Society Approach, Ninth Annual 1970 Financial Crimes and Cybersecurity Symposium, (Nov. 1, 2018) 91. Sept. 17, 2018 E-mail from China Telecom to EB- National Security Division 1979 92. Oct. 1, 2018 Letter from Morgan Lewis to National EB- Security Division 1983 8 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 93.- Press Release, Dept. of Justice, U.S. Charges Five EB- Chinese Military Hackers for Cyber Espionage Against 1986 U.S. Corporations and a Labor Organization for Commercial Advantage, First Time Criminal Charges are Filed Against Known State Actors for Hacking, corporations-and-labor (May 19, 2014) 94. China Telecom Americas, CPNI Certi?cation (Mar. 1, EB- 201 8), 1990 01 2018 SIGNED.PDF 95. China Telecom Americas, CPNI Certi?cation (Feb. 28, EB- 2019L 1995 gov/ 1022838222643 019.pdf 96. Mar. 21, 2019 Letter from National Security EB- Division to Morgan Lewis 2000 97. United States v. Xu, No. 18-cr-43, Indictment (S.D. Ohio EB- Apr. 4, 2018) 2004 98. United States v. Zhang, No. l3-cr-3 132, Indictment (S.D. EB- Cal. Oct. 25, 2018) 2020 99. United States v. United Microelectronics Corp., No. 18- EB- cr-465, Indictment (N .D. Cal. Sept. 27, 2018) 2041 100. United States v. Zhu, No. 18-cr-891, Indictment EB- (S.D.N.Y. Dec. 17, 2018) 2071 101. Google goes down after major BGP mishap routes traf?c EB- through China, Ars Technica, 2094 technology/201 8/1 1/major-bgp-mishap-takes-down- (Nov. 13, 2018) 102. Mar. 21, 2019 Letter from National Security EB- Division to Morgan Lewis 2103 103. Apr. 4, 2019 Letter from Morgan Lewis to National EB- Security Division 2107 104. B. Marczak et a1, Research Brief, China?s Great Cannon, EB- The Citizen Lab, 2115 content/uploads/2009/ 1 0/ChinasGreatCannon.pdf (April 2015) 9 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION REDACTEDH 105. J. Grif?ths, When Chinese hackers declared war on the EB- rest of us, MIT Technology Review, 2134 (Jan. 1 0, 2019) 106. Screenshot of EB- 2141 (June 1,2018) 107. April 18, 2019 Letter from Morgan Lewis to DOJ EB- National Security Division 2142 108. Trans-Paci?c Submarine Cable Systems, Submarine EB- Networks, 2150 paci?c/ (April 19, 2019). 109. March 27, 2019 Letter from Morgan Lewis to DOJ EB- National Security Division 2170 110. Federal Trade Comm v. Worldwide Corp., EB- CA No. 13-cv-1887, Dkt. No. 282-1 (Dec. 9, 2015) 2171 1 1 1. Network Operator Participants, Mutually Agreed Norms EB- for Routing Security, 2189 (accessed May 1, 2019) 112. China Telecom Corp. Ltd., Annual Report (Form 20-F), EB- 191255/0001 2207 19312519125555/d648641d20?htm (?led on Apr. 29, 2019) 1 13. Full text of resolution on amendment to CPC EB- Constitution, State Council of the People?s Republic of 2379 China, 7/ 1 0/24/ content 281475919837140.htm (Oct. 24, 2017) 114. Constitution of the Communist Party of China, Revised EB- and adopted at the 19th National Congress, Article 33, 23 84 (Oct. 24, 201 7). 1 15. Of?ce of the Secretary of Defense, Annual Report to BB- Congress: Military and Security Developments Involving 2412 the People?s Republic of China (May 2, 2019) 116. US. Trade Representative, 2018 Report to Congress on EB- China?s WTO Compliance (Feb. 2019). 2548 1 17. Intentionally blank EB- 2731 10 INDEX OF EXHIBITS CONFIDENTIAL INFORMATION 118. China Law Translate, National Intelligence Law of the EB- P.R.C. (2017), 2735 intelligence-law/ (accessed May 29, 2019). 119. May 29, 2019 Letter from National Security EB- Division to Morgan Lewis. 2745 120. Beijing?s New National Intelligence Law, Lawfare Blog, EB- 2747 (July 20, 2017). 121. Doug Madory, Large European Routing Leak Sends EB- Traf?c Through China Telecom, Oracle Blog (June 6, 2751 201 9), telecom 122. Archana Kesavan, WhatsApp Disruption: Just One EB- of Broader Route Leak, ThousandEyes Blog 2761 (June 7, 2019), 123. Dan Goodin, BGP event sends European mobile tra?ic EB- through China elecom for 2 hours, Ars Technica (June 2768 8, 2019), technolo gy/ 20 1 124. June 14, 2019 Letter from Morgan Lewis to EB- National Security Division 2774 125. January 11, 2016 Letter from China Telecom to EB- National Security Division, DHS and FBI 2781 11 INDEX OF EXHIBITS