What To Know About The ROUTERS Act, Now Awaiting US Senate Action
Politicians continue to scrutinize some foreign-made technology.
The U.S. House of Representatives unanimously passed the ROUTERS Act on Sept. 9.
The proposed legislation, which stands for “Removing Our Unsecure Technologies to Ensure Reliability and Security Act” and now in the hands of the U.S. Senate, would "conduct a study of the national security risks posed by consumer routers, modems, and devices that combine a modem and router, and for other purposes," according to the language of the bill.
The bill, sponsored by Ohio Rep. Bob Latta, a Republican, does not specify any particular technology company.
But criticism of one particular company has been bubbling up. A letter this past August sent to Commerce Secretary Gina Raimondo from the House's Select Committee on the Chinese Communist Party urged looking into TP-Link devices.
The letter dated August 13, read in part, "We write to respectfully request that you investigate TP-Link Technologies Co., Ltd. (TP-Link) and its affiliates under the Department of Commerce’s (Commerce) information and communication technology services (ICTS) authorities, pursuant to Executive Order 13873.1 TP-Link is a technology company based in the People’s Republic of China (PRC) that manufactures Wi-Fi routers, Wi-Fi devices, and mesh Wi-Fi network devices, along with hardware and software components and other products. TP-Link’s products account for a substantial part of the U.S. market for Wi-Fi routers and related devices."
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” the letter also read.
MES Computing contacted Latta's office for comment but has yet to hear back. His office did issue a press release earlier this month.
"As communist China seeks to undermine our people, workforce, and nation, House Republicans are working to curtail their malign influence," Latta said in the news release. “We now urge Senate leadership to take up our solution to protect Americans and send it to the President's desk to be signed into law."
In a statement to MES Computing, TP-Link Systems Inc. commented on the legislation:
"It is our understanding that the ROUTERS Act is not intended to single out one company.
In fact, TP-Link Systems Inc. products undergo extensive testing to ensure data and privacy are handled with the highest level of security. The company is dedicated to maintaining rigorous standards.”
A spokesperson for the company also stated: "We represent U.S.-based TP-Link Systems Inc. and not China-based TP-LINK Technologies. TP-Link Systems is not affiliated with TP-LINK Technologies, and we do not represent TP-LINK Technologies" and that its U.S. products are manufactured in Vietnam.
John Terrill, CSO at IoT firm Phosphorus, which provides a platform that monitors and manages IoT devices, questioned Congress' focus on routers. Security issues aren't exclusive to Wi-Fi devices but also smart fridges, printers, door controllers and other IoT devices, he said.
Phosphorus’ platform actively scans IoT devices on a network. "But what's kind of unique about this is we're not just looking for vulnerabilities," he said. The platform can also manage firmware updates, passwords and has other capabilities.
"Our customer base [falls] into two groups. One, [is] device forward ... manufacturing, oil and gas, pharmaceutical."
"But that second bucket, I think, is the one where people aren't thinking about this enough, and that's media, it's tech, it's financial services, it's law firms, where we send everybody home for a pandemic, and then you just kind of assume, well, if the devices that were in the office, you know, if we didn't need the office, then we don't need the device, right? And that's not true. When you go back in the office, the general counsel still uses their printer, the CEO still has a phone ... the board is still going to sit in a boardroom with a bunch of conferencing equipment .... there are still door controllers for getting into the office and cameras that are watching that are looking out on the floor, there's still that stuff there. In fact, the numbers that we see with customers is roughly three to five times the number of IoT devices as you have people," he said.
MES Computing contacted Senate Majority Leader Chuck Schumer's office to inquire when the Senate plans to vote on the ROUTERS Act and is awaiting a response.