Protecting Submarine Cable Data
Team Telecom Expanding its Toolkit to Include New Mitigation Measures
As published in the March Issue of SubTel Forum Magazine
By Andrew D. Lipman, Ulises R. Pin and Leetal Weiss
March 31, 2022
Data is shaping into the currency of the 21st century. As global demand for data continues to grow at an extraordinary rate, a changing geopolitical climate and increased focus on cybersecurity and national security concerns, including ownership of critical infrastructure, will continue to impact submarine cable transactions and developments in the coming years. With over four billion current Internet users, significant amounts of data are being sent and received. Given their capacity, speed and security, submarine cables carry over 99% of all international communications and remain the preferred medium for transporting Internet traffic.
The United States government is deeply concerned by the risk to United States persons’ data (including individuals, companies, and government entities) and is focusing time and resources on national security reviews of foreign investments to ensure data transmitted from submarine cables is not susceptible to foreign adversaries. As part of this process, the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (more commonly and affectionately known as “Team Telecom”) is entering into mitigation agreements with submarine cable operators to minimize the risks posed when data transits through a submarine cable and, more recently, when data exits the submarine cable and requiring companies to pursue diversification of interconnection points.
Overview of the United States National Security Review Process for Submarine Cable Systems
The Federal Communications Commission (“FCC” or “Commission”) regulates submarine cable landings in the United States. Operators of submarine cables must obtain an FCC license pursuant to the Submarine Cable Landing License Act of 1921 and Section 1.767 of the FCC’s Rules. Although in theory Team Telecom only reviews applications for new submarine cable landing licenses (including applications to assign, transfer, or modify said licenses), if (1) the submarine cable system will connect the United States to a foreign point, or (2) the submarine cable system will have an aggregate direct or indirect foreign ownership of 10% or more; in practice, however, Team Telecom has recently scrutinized even 100% American projects.
Team Telecom was created through Executive Order 13913 issued in April 2020 (the “Executive Order”) and is formed by the Secretary of Defense, Secretary of Homeland Security, and Attorney General (Department of Justice) who serves as chair and aggressively uses Team Telecom to advance national security objectives. In addition, the President may also designate the head of any executive agency or department, or any Assistant to the President as a member of Team Telecom. Advisors to Team Telecom include the Secretaries of State, Treasury, and Commerce, the Directors of National Intelligence and the Office of Management and Budget, the United States Trade Representative, the General Services Administrator, the Assistants to the President for National Security Affairs and Economic Policy, the Director of the Office of Science and Technology Policy, and the Chair of the Council of Economic Advisers.
The Team Telecom process is well established and must be completed in accordance with the Executive Order. Once a submarine cable application is filed with the Commission, FCC staff routinely sends submarine cable applications to Team Telecom. Team Telecom generally notifies the FCC during the public notice period that it plans to review the application for national security issues. In that case, the application is taken out of FCC processing and FCC staff will suspend further Commission action until it hears back from Team Telecom that all potential national security issues related to the submarine cable have been resolved.
As an initial step in the Team Telecom review process, the Committee generally requests that applicants answer certain threshold questions (referred to as “triage questions”). Team Telecom has made publicly available standardized triage questions covering five general categories: (1) corporate structure and shareholder information of the applicant(s); (2) relationships with foreign entities; (3) financial conditions and circumstances; (4) compliance with applicable laws and regulations; and (5) business and operational information, including services to be provided and network infrastructure. As part of these questions, Team Telecom seeks detailed information about the submarine cable’s existing equipment type, storage and security of network data, encryption key usage, and persons and entities with access to the applicant’s network and data.
In conducting its analysis of national security risks, Team Telecom considers two broad areas: (a) the nature of the proposed network, including the security of the data running through it, and (b) the identity of the applicant(s), including the degree of foreign government control over such persons. This is a highly fact-based evaluation process, where Team Telecom conducts a background check on the shareholders and managers of the applicant company(ies) and evaluates any vulnerabilities or concerns with the operations of the network and the data running through it.
Under the Executive Order, Team Telecom’s national security review must be completed within 120 days after the initial questions are deemed complete by Team Telecom (i.e., a “start the clock” order). However, we note that in practice, it takes several weeks (if not months) for Team Telecom to start the clock, as Team Telecom generally asks multiple rounds of questions before it starts the review clock.
In its initial determination, Team Telecom may find that: (1) granting the license or transfer of license poses no risk to United States national security or law enforcement interests; (2) that any such risks raised could be effectively addressed through standard mitigation measures recommended by Team Telecom; or (3) a secondary assessment is needed, which cannot take longer than 210 days, because the risks cannot be allayed by standard mitigation measures. Team Telecom’s review often results in the second option – required standard mitigation measures which can take the form of letters of assurances or network security agreements as a condition for FCC approval. These mitigation agreements are viewed as critical to protect data traversing the submarine cable, facilitating surveillance programs conducted by United States national security and law enforcement agencies, as well as for preventing foreign governments and foreign adversaries from gaining visibility into the United States’ telecommunications systems.
Team Telecom Mitigation Agreements Requirements for Submarine Cable System Operators
Generally, Team Telecom does not micromanage how submarine cable system operators secure network data. Instead, Team Telecom focuses on encouraging submarine cable system operators to implement the highest levels of industry standards. Upon a review of eleven publicly available mitigation agreements that Team Telecom entered into with submarine cable operators between January 2020 to December 2021, all eleven mitigation agreements required, among other things, that the applicants: (1) take measures to prevent unauthorized logical access to the submarine cable system; (2) submit for Team Telecom’s review and approval a policy setting forth logical security measures; (3) physically secure the submarine cable system; (4) submit for Team Telecom’s review and approval a policy setting forth the submarine cable’s physical security measures; (5) implement and submit for Team Telecom’s review and approval a policy for screening personnel; and (6) protect the resiliency of the submarine cable system. In addition, seven of the eleven mitigation agreements also included a mitigation term that required the applicants to promptly be able to disable or interrupt traffic on the submarine cable system. The mitigation agreements also included various other security-related measures, including obligations to report breaches, provisions for both Team Telecom’s compliance monitoring and third-party auditing, requirements for changes in control and foreign influence, responsibilities to hire security officers and security directors, and reviews/approvals of principal equipment by Team Telecom.
The mitigation requirements are obligations companies are legally required to undertake or should undertake in order to secure submarine cable systems. While companies can establish the details of their policies for themselves, policies for logical and physical security must be submitted for Team Telecom’s approval, and Team Telecom could choose to reject a policy that it deems inadequate. Similarly, if a company fails to take steps Team Telecom views as necessary to meet what the mitigation agreements anticipate, Team Telecom can go back to the mitigation negotiating table and request more detailed measures.
Finally, we note that Team Telecom is deeply concerned with how data traversing through submarine cable systems will put United States data at risk overseas, specifically in Asia. Team Telecom is even concerned if a submarine cable is not directly connecting the United States to a jurisdiction of concern, such as China or Hong Kong. For example, in a recent national security agreement for a cable connecting the United States to points different than Hong Kong or Mainland China, Team Telecom required the licensees to pursue diversification of interconnection points other than Hong Kong and has suggested that applicants seek interconnection points in Asia, that include but are not limited to Indonesia, Philippines, Thailand, Singapore, and Vietnam, in order to minimize the amount of data transferring over the submarine cable to areas of national security concerns. These restrictions ultimately allow Team Telecom to minimize data that is routed indirectly to China.
 Mr. Lipman is a partner and Chair of the Telecommunications Media and Technology Group at Morgan, Lewis & Bockius, LLP in Washington, DC. Mr. Pin is a partner and Ms. Weiss is an associate in the group.
About the Authors:
Andrew D. Lipman is Partner at Morgan Lewis. Andrew practices in most aspects of communications law and related ?elds, including regulatory, transactional, litigation, legislative, and land use. Andy’s clients in the private and public sectors include those in the areas of local, long distance, and international telephone common carriage; Internet services and technologies; conventional and emerging wireless services; satellite services; broadcasting; competitive video services; telecommunications equipment manufacturing; and other high-technology applications. Additionally, he manages privatizations of telecommunications carriers in Europe, Asia, and Latin America.
To open the US local telephone market to competition, Andy has been involved in most new legal and regulatory policies at the Federal Communications Commission, at state public service commissions, in Congress, and before courts. He helped shape crucial provisions of the Telecommunications Act of 1996 and used similar approaches to promote the opening of foreign markets. He also obtained one of the ?rst competitive local service and interconnection agreements in continental Europe and the ?rst competitive ?ber network application in Japan. Andy’s practice includes strategic analysis of companies’ telecom user agreements, renegotiating existing agreements, and negotiating new, more favorable telecom user agreements.
For nearly a decade, Andy served as senior vice president, legal and regulatory a?airs, for MFS Communications, the nation’s largest competitive local services provider. One of the founders of MFS, Andy helped guide the company from startup to its eventual sale for $14.4 billion to WorldCom.
Frequently writing and speaking on telecommunications, Andy’s work encompasses more than 170 articles and ?ve books, including two Dow Jones books on telecommunications. He occasionally appears on National Public Radio, C-SPAN, Bloomberg News Network, and ABC News, and he served on the editorial advisory boards of Phillips Publishing Company, Internet Law and Regulation, Telecommunications Alert, Telecommunications Reports, Telecommunications Regulatory Monitor, and The Satellite Compendium.
Andy served as general counsel to the International Teleconferencing Association and as legislative/regulatory counsel to the International Satellite Users Association. He sits on the board of directors of ?ve public companies trading on the NYSE, NASDAQ, and Toronto Stock Exchange. Additionally, he co-founded the Association of Local Telecommunication Services (ALTS)—the national trade association for competitive telecommunications carriers—and served as its ?rst chairman.
Prior to joining Morgan Lewis, Andy was a partner in the corporate practice of another international law ?rm, where he was also a member of the executive board and leader of the telecommunications, media and technology practice. Before entering private practice, he participated in the legal honors program at the US Department of Transportation and served in the O?ce of the Secretary of Transportation. He also served as an extern law clerk to Judge Raymond Sullivan of the California Supreme Court.
Ulises R. Pin is Partner at Morgan Lewis. Ulises represents US and foreign communications and technology companies on corporate, ?nancial, and regulatory matters. He also advises private equity ?rms, venture capital funds, and ?nancial institutions on investments in the telecommunications, media, and technology (TMT) sectors. Ulises represents clients before the Federal Communications Commission and government agencies in Mexico, Latin America, Europe, and Asia. He has experience in cross-border transactions with particular emphasis on foreign investment and national security issues, including securing approvals by the Committee on Foreign Investment in the United States (CFIUS).
Ulises’s practice covers all sectors of the TMT market, including wireline, wireless and international communications, infrastructure projects (land and submarine networks), satellite services, internet services, and emerging technologies. He counsels on complex cross-border transactions, including mergers, acquisitions, and divestitures; public o?erings; joint ventures; and private and public equity investments. He also represents public and private companies in international corporate and ?nance transactions across industries, including technology, energy, retail, and real estate. Additionally, Ulises drafts and negotiates telecommunications and technology contracts on behalf of hyperscalers, telecommunications operators, equipment manufacturers, and large telecommunications users.
Ulises frequently counsels clients on foreign investment, national security, export controls, international trade, and embargo issues before CFIUS, the O?ce of Foreign Assets Control (OFAC) of the Department of Treasury, and the Departments of Commerce, State, Defense, Homeland Security, and Justice. In this area, he has substantial experience negotiating complex mitigation agreements.
He has also represented institutional, high-yield, and distressed debt investors in complex workout and insolvency matters in domestic and cross-border ?nancial restructurings.
Ulises is a member of the Morgan Lewis CFIUS working group. He is a native Spanish speaker.
Leetal Weiss is ASSOCIATE at Morgan Lewis. Leetal advises telecommunications and technology clients on regulatory, compliance, corporate, and litigation matters before the Federal Communications Commission and State Public Utility Commissions. Prior to joining Morgan Lewis, Leetal participated in Georgetown Law’s Communications and Technology Clinic, where she actively advised clients on various matters.
While at Georgetown University Law Center, Leetal interned at Verizon, the Electronic Privacy Information Center, and the Federal Aviation Administration. She served as the senior online content editor of the Georgetown Journal of International Law and case comments editor of the Georgetown Law Technology Review.
Leetal graduated magna cum laude from California State University – Channel Islands with a Bachelor’s degree in Communications. She was a member of the Omega Alpha Communications Honor Society and Gamma Beta Phi Honor Society.