Last month, Congress signed into law an appropriations bill that requires four federal agencies to conduct an FBI-assisted security assessment when purchasing computers and other IT gear manufactured in China. Predictably, China came out in strong opposition to the provision — meant to shield the Justice Department, Department of Commerce, NASA, and the NSF against cyber espionage — and now Silicon Valley is taking issue with the restrictions. A number of industry trade associations have banded together and authored a letter to leaders on Capitol Hill voicing their concern. "Fundamentally, product security is a function of how a product is made, used, and maintained, not by whom or where it is made," the document reads.
Among those groups is the Information Technology Industry Council, which represents IBM, Lenovo, and other hardware vendors. It bluntly states that sound cybersecurity policy has "drifted off course" thanks to the provision. In the letter (also undersigned by the US Chamber of Commerce), companies warn that requiring risk assessments for every purchase will bog down the speed with which government agencies can upgrade equipment — leaving them vulnerable to the latest fast-hatching security exploits. Retaliation is a potential worry for tech companies; the trade groups warn that China (and worse yet, other countries) could easily demand similar reviews for items imported from the United States. The tech firms are hoping that lawmakers will "review the security implications and competitive impact" of the provision as it currently stands, and ideally come up with a less clumsy solution. More importantly, they're urging Congress not to include similar language in future legislation.