Georgetown Law
Technology Review

Smart cloud computing, driverless vehicles, and wireless-sensor networks are all examples of technologies that have two things in common: Internet of Things (IoT) protocols and artificial intelligence (AI), both fields of innovation set to be the epicenter of telecommunication innovation in 2018. Since they are classified as emerging technologies, deals involving these innovations and a Chinese partner might also put companies under the scrutiny of a little-known U.S. regulatory body, thanks to pending legislation.

The Foreign Investment Risk Review Modernization Act (FIRRMA), proposed in late 2017, is currently in the hearing stage and may soon become regulatory reality.1Foreign Investment Risk Review Modernization Act of 2017, H.R. 4311, 115th Cong. (2017). The Act would significantly expand the power of the Committee on Foreign Investment in the United States (CFIUS), along with the Department of Commerce and the Office of the United States Trade Representative, to vet and veto foreign investment deals that might threaten national security, with a new focus on deals affecting critical technology.2164 Cong. Rec. 856; Rod Hunter, Protecting US Critical Technology and Infrastructure, LEXOLOGY (Nov. 9, 2017), https://www.lexology.com/library/detail.aspx?g=79ee28f7-bb73-4f09-a063-9dc736a24ad2. The bill will also increase the capacity of CFIUS to review transactions, likely resulting in a greater number of investigations each year.3Foreign Investment Risk Review Modernization Act of 2017, H.R. 4311, 115th Cong. (2017). If CFIUS expresses concern with a deal, the parties are required to either reach a mitigation agreement with CFIUS, terminate the deal, or refile for review at a later time.4Id. FIRRMA presents two key challenges for U.S. tech companies considering telecom deals with Chinese firms given the unique security concerns surrounding U.S. technology deals involving China.

First, the bill’s focus on protecting critical and emerging technology—including artificial intelligence, robotics, and other communications-related innovations—increases the risk of CFIUS reviewing smaller transactions.5Meisner, Stefan et al., Increased Scrutiny of Foreign Investment in the United States Creates Deal Risk, MCDERMOTT, WILL & EMERY, (Feb. 21, 2018) https://www.mwe.com/en/thought-leadership/publications/2018/02/increased-scrutiny-of-foreign-investment-us; David J. Lavan et al., Proposed Bill Expands, Strengthens CFIUS Review, Makes Some Filings Mandatory and Adds a New Regulatory Hurdle in Domestic Transactions Involving Foreign Investors, DINSMORE & SHOHL LLP, (Jan. 9, 2018) http://www.dinsmore.com/publications/proposed-bill-expands-strengthens-cfius-review-makes-some-filings-mandatory-and-adds-a-new-regulatory-hurdle-in-domestic-transactions-involving-foreign-investors/; Proposed Legislation Would Expand CFIUS’ Jurisdiction to Review Foreign Investment in the United States, BAKER BOTTS LLP, (Nov. 20, 2017) http://bbprodtm.trafficmanager.net/ideas/publications/2017/11/proposed-legislation-would-substantially. The bill proposes an expansion of CFIUS’s scope of review that could include tech transfers, joint ventures, and even licensing deals. This change could subject deals ranging from Silicon Valley start-up buyouts to Kickstarter IoT projects to the kind of vetting currently faced only by multinational corporations in large M&A transactions, such as the current pending deal between Ant Financial Services Group, a Chinese company, and MoneyGram International, Inc., a U.S.-based company.6Michele Nash-Hoff, How Could We Stop Chinese Investors from Buying US Companies?, INDUSTRY WEEK (Jan. 31, 2018), http://www.industryweek.com/economy/how-could-we-stop-chinese-investors-buying-us-companies. While only large transactions, $500 million for state-owned enterprise transactions and $1 billion for other deals, would be subject to mandatory reporting, the bill gives CFIUS authority to investigate other unreported deals.7H.R. 4311, 115th Cong. (2017). In recent years, when CFIUS reviewed deals involving Chinese investors, nearly every deal that CFIUS approved faced mitigation requirements in order to receive approval.8CFIUS Reconstructed: The Foreign Investment Risk Review Modernization Act of 2017, LATHAM & WATKINS (Dec. 21, 2017), https://m.lw.com/thoughtLeadership/CFIUS-reconstructed-foreign-investment-risk-modernization-act-2017.

Second, the prevalence of State ownership in Chinese enterprises increases the risk that CFIUS will review China telecom deals.9Ana Swanson, Targeting China’s Purchases, Congress Proposes Tougher Reviews of Foreign Investments, N.Y. TIMES (Nov. 8, 2017), https://nyti.ms/2jbnmpF. The bill would expand CFIUS’s power beyond reviewing deals that would allow a “foreign person” to gain control of a U.S. business to scrutinizing transactions that allow foreign persons to gain mere access to nonpublic technical information.10Hunter, supra note 1. Regulators have frequently expressed concerns over China’s acquisition of U.S.-developed technologies and the potential for China to overtake the United States’ technological capacity.11164 Cong. Rec. 856. Therefore, regulators are likely to scrutinize deals that could potentially give the Chinese state control of technologies impacting national security, particularly commercial technologies modifiable for military use. Recent Chinese cybersecurity legislation compounds these concerns: new Chinese laws that subject virtual private network (VPN) usage and encryption software to strict regulation and limitations pose new risks to data security in China. The new laws require most foreign enterprises to use State-approved internet service providers and Chinese-manufactured encryption software, potentially exposing data to interception by the state.12Dana Heide & Sha Hua, German Firms Hit by China’s Internet Crackdown, HANDELSBLATT GLOBAL (Feb. 1, 2018), https://global.handelsblatt.com/companies/german-firms-hit-by-chinas-crackdown-internet-vpn-882328. Additionally, U.S. lawmakers remain deeply concerned about unfair Chinese technology transfer practices.13David Barboza, How This U.S. Tech Giant Is Backing China’s Tech Ambitions, N.Y. TIMES (Aug. 4, 2017), https://www.nytimes.com/2017/08/04/technology/qualcomm-china-trump-tech-trade.html. U.S. technology companies, especially small start-up ventures, should exercise good practices to protect their intellectual property rights to avoid losing control of their technology to Chinese manufacturers.

In January 2018, an Australian college student noticed that he could use his fitness-tracking wearable, an inexpensive device used for tracking time and distance while jogging, to determine the location of military bases using the GPS heat map data.14Liz Sly, U.S. Soldiers Are Revealing Sensitive and Dangerous Information by Jogging, WASH. POST (Jan. 29, 2018), https://www.washingtonpost.com/world/a-map-showing-the-users-of-fitness-devices-lets-the-world-see-where-us-soldiers-are-and-what-they-are-doing/2018/01/28/86915662-0441-11e8-aa61-f3391373867e_story.html; John Christie, Are We Protected? Wearables and the Fourth Amendment, GEO. L. TECH. REV. (Mar. 2018), https://georgetownlawtechreview.org/are-we-protected-wearables-and-the-fourth-amendment/GLTR-03-2018/. This stunning discovery emphasized a larger problem—even the most innocuous technologies can contain hidden national security implications. For government policymakers, big data means big risk. Since data protection and intellectual property rights vary by country, U.S. lawmakers see deals that handover information about U.S. emerging technologies to foreign-owned companies as increasingly risky. FIRRMA attempts to address these concerns by increasing the scope and power of CFIUS. For tech companies dealing with Chinese businesses, the proposed legislation may present new barriers to closing deals.