Tag: PRC

Public Urged to Use Encryption for Mobile Phone Messaging and Calls

On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the Guide’s best practices to strengthen visibility and strengthen network devices against exploitation by reported hackers, including those hackers affiliated with the People’s Republic of China (PRC). The fifth group member, the United Kingdom, released a statement supportive of the joint guide but stated it had alternate methods of mitigating cyber risks for its telecom providers.

In November 2024, the Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement to update the public on its investigation into the previously reported PRC-affiliated hacks on multiple telecommunications companies’ networks. The FBI and CISA reported that these hacks appeared to focus on cell phone activity of individuals involved in political or government activity and copies of law enforcement informational requests subject to court orders. However, at the time of the update, these U.S. agencies and members of Congress have underscored the broad and significant nature of this breach. At least one elected official stated that the hacks potentially expose unencrypted cell phone conversations with someone in America to the hackers.

In particular, the Guide recommends adopting actions that quickly identify anomalous behavior, vulnerabilities, and threats and respond to a cyber incident. It also guides telecoms and businesses to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points. One of the Guide’s recommended best practices attracting media attention is ensuring that mobile phone messaging and call traffic is fully end-to-end encrypted to the maximum extent possible. Without fully end-to-end encrypted messaging and calls, the content of calls and messages always has the potential to be intercepted. Android to Android messaging and iPhone to iPhone messaging is fully end-to-end encrypted but messaging from an Android to an iPhone is not currently end-to-end encrypted. Google and Apple recommend using a fully encrypted messaging app to better protect the content of messages from hackers.

The FBI and CISA are continuing to investigate the hacks and will update the public as the investigation permits. In the interim, telecom providers and companies are encouraged to adopt the Guide’s best practices and to report any suspicious activity to their local FBI field office or the FBI’s Internet Crime Complaint Center. Cyber incidents may also be reported to CISA.

Copyright © 2024 Robinson & Cole LLP. All rights reserved.
For more on Mobile Phones, visit the NLR Communications Media Internet section

Uyghur Forced Labor Prevention Act Takes Effect: What Importers Need to Know

The Uyghur Forced Labor Prevention Act (UFLPA) is in effect as of June 21, 2022. Congress passed the Act in December 2021 to increase enforcement of longstanding U.S. policy prohibiting the importation of goods, or components thereof, made with forced labor and to create a “rebuttable presumption” that merchandise from the Xinjiang Uyghur Autonomous Region (XUAR) or by an entity on the UFLPA Entity List is made with forced labor and thereby prohibited from entry into the United States. The rebuttable presumption applies to downstream products that incorporate inputs from XUAR, regardless of where the finished products are manufactured, including goods from outside XUAR in the People’s Republic of China (PRC), or in third countries. There is no de minimis provision in the law – any prohibited content, no matter how small, will make a product subject to the rebuttable presumption made by the law. If an importer can demonstrate by “clear and convincing” evidence that the goods were not produced wholly or in part by forced labor, U.S. Customs and Border Protection (CBP) will grant an “exception” to the presumption. The UFLPA provides for increased detentions and seizures of merchandise and potential civil and criminal penalties. See prior GT Alerts on the UFLPA.

Pursuant to the UFLPA, a multi-agency task force chaired by the Department of Homeland Security was mandated to develop a strategy for the Act’s implementation. On June 17, in anticipation of the June 21 effective date, DHS released the “Strategy to Prevent the Importation of Goods Mined, Produced, or Manufactured with Forced Labor in the People’s Republic of China” (Enforcement Strategy), which includes:

  • An assessment of risk of importing goods mined, produced, or manufactured, wholly or in part, in the PRC; according to the strategy, complex supply chains that touch XUAR are “highly susceptible to contamination by goods made using forced labor.”
  • list of entities affiliated with forced labor; therefore, their products are subject to the presumption that their goods are prohibited from entry. The Entity list will be updated multiple times per year and will be publicly available.
  • A list of high priority sectors and products including apparel and textiles, cotton and cotton products, polysilicon, and tomato products. Other products listed include footwear, nails, electronics, and toys.
  • Guidance to importers advising that companies need heightened due diligence to ensure compliance with UFLPA and to identify potential supply chain exposure to Xinjiang. Supply chain tracing is the general method to demonstrate that goods are free of inputs from Xinjiang, but CBP expects that barriers to supply chain tracing may make it difficult for importers to be compliant and has stated that third-party audits alone are insufficient to demonstrate due diligence.

Should CBP detain goods on suspicion of being made wholly or in part with forced labor, the importer has options. It can re-export the goods (up until CBP seizes them); it can abandon the goods; it can seek an “exception” for the goods, to get them released from CBP custody; it can also provide information to CBP demonstrating that the goods are not subject in any way to the Act. The evidence and documentation needed for the latter two must be “clear and convincing.”

It should be noted that in order to obtain an “exception” for goods that have been detained, an importer must meet all three of the following requirements:

  • Provide clear and convincing evidence that the detained goods were not made in whole or in part with forced labor, or were sourced from entities on the Entity List.
  • Fully and substantively respond to any questions from CBP.
  • Show that it has complied with all of the requirements set out in the Enforcement Strategy and CBP’s Operational Guidance (i.e., due diligence, supply chain tracing and management, etc.).

The Enforcement Strategy document provides importers with guidance in the following three areas:

  • Due diligence, effective supply chain tracing, and supply chain management measures to ensure that no goods violating the Act enter the importer’s supply chain.
  • The type, nature, and extent of evidence that demonstrates that goods originating in China were not mined (or grown), produced, or manufactured wholly or in part in Xinjiang.
  • The type, nature, and extent of evidence that demonstrates goods originating in China, including goods detained under Section 307 of the Tariff Act, were not mined (or grown), produced, or manufactured wholly or in part with forced labor.

CBP has made it clear that should there be a detention, participants in the Customs and Trade Partnership Against Terrorism program (C-TPAT) will be prioritized for review of submissions to rebut the presumption that the merchandise was made with forced labor.

Importers may wish to plan for contingencies should CBP detain imported merchandise, map complex supply chains and review purchase agreements and supplier codes of conduct.

Article By Laura Siegel Rabinowitz and Donald S. Stein of Greenberg Traurig, LLP

For more legislative legal news, click here to visit the National Law Review.

©2022 Greenberg Traurig, LLP. All rights reserved.