[House Document 117-6]
[From the U.S. Government Publishing Office]
117th Congress, 1st Session--------------------HOUSE DOUCUMENT 117-6
======================================================================
ADDITIONAL STEPS TO THE NATIONAL EMERGENCY WITH RESPECT TO THE
INFORMATION AND COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAIN
__________
MESSAGE
from
THEPRESIDENTOFTHEUNITEDSTATES
transmitting
AN EXECUTIVE ORDER DECLARING ADDITIONAL STEPS TO BE TAKEN CONCERNING
THE NATIONAL EMERGENCY WITH RESPECT TO THE INFORMATION AND
COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAIN DECLARED IN
EXECUTIVE ORDER 13873 OF MAY 15, 2019 (SECURING THE INFORMATION AND
COMMUNICATIONS TECHNOLOGY AND SERVICES SUPPLY CHAIN) TO DEAL WITH THE
THREAT POSED BY APPLICATIONS AND OTHER SOFTWARE DEVELOPED OR CONTROLLED
BY CHINESE COMPANIES, PURSUANT TO 50 U.S.C. 1703(b); PUBLIC LAW 95-223,
SEC. 204(b); (91 STAT. 1627) AND 50 U.S.C. 1641(b); PUBLIC LAW 94-412,
SEC. 401(b); (90 STAT. 1257)
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
January 6, 2021.--Message and accompanying papers referred to the
Committee on Foreign Affairs and ordered to be printed
To the Congress of the United States:
Pursuant to the International Emergency Economic Powers Act
(50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act
(50 U.S.C. 1601 et seq.), and section 301 of title 3, United
States Code, I hereby report that I have issued an Executive
Order declaring additional steps to be taken concerning the
national emergency with respect to the information and
communications technology and services supply chain declared in
Executive Order 13873 of May 15, 2019 (Securing the Information
and Communications Technology and Services Supply Chain) to
deal with the threat posed by applications and other software
developed or controlled by Chinese companies.
The pace and pervasiveness of the spread in the United
States of certain connected mobile and desktop applications and
other software developed or controlled by persons in the
People's Republic of China (PRC), to include Hong Kong and
Macau (China), continue to threaten the national security,
foreign policy, and economy of the United States. By accessing
personal electronic devices such as smartphones, tablets, and
computers, Chinese connected software applications can access
and capture vast swaths of information from users, including
sensitive personally identifiable information and private
information. The continuing activity of the PRC and the Chinese
Communist Party to steal or otherwise obtain United States
persons' data makes clear that there is an intent to use bulk
data collection to advance China's economic and national
security agenda. To deal with this threat, additional steps are
required against those who develop or control certain Chinese
connected software applications to protect our national
security.
The Executive Order prohibits certain future transactions,
as determined by the Secretary of Commerce (Secretary),
involving the following Chinese connected software
applications: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent
QQ, VMate, WeChat Pay, and WPS Office. The Secretary is also
directed to:
(i) continue to evaluate Chinese connected software
applications that may pose an unacceptable risk to the
national security, foreign policy, or economy of the
United States, and to take appropriate action in
accordance with Executive Order 13873; and
(ii) in consultation with the Attorney General and
the Director of National Intelligence, provide a report
to the Assistant to the President for National Security
Affairs with recommendations to prevent the sale or
transfer of United States user data to, or access of
such data by, foreign adversaries, including through
the establishment of regulations and policies to
identify, control, and license the export of such data.
I have delegated to the Secretary, in consultation with the
Secretary of the Treasury and the Attorney General, the
authority to take such actions, including adopting appropriate
rules and regulations, and employing all other powers granted
to the President by IEEPA, as may be necessary to implement the
Executive Order. The heads of all executive departments and
agencies are directed to take all appropriate measures within
their authority to implement the provisions of the Executive
Order.
I am enclosing a copy of the Executive Order I have issued.
Donald J. Trump.
The White House, January 5, 2021.
Executive Order
----------
Addressing the Threat Posed by Applications and Other Software
Developed or Controlled by Chinese Companies
By the authority vested in me as President by the
Constitution and the laws of the United States of America,
including the International Emergency Economic Powers Act (50
U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50
U.S.C. 1601 et seq.), and section 301 of title 3, United States
Code,
I, DONALD J. TRUMP, President of the United States of
America, find that additional steps must be taken to deal with
the national emergency with respect to the information and
communications technology and services supply chain declared in
Executive Order 13873 of May 15, 2019 (Securing the Information
and Communications Technology and Services Supply Chain).
Specifically, the pace and pervasiveness of the spread in the
United States of certain connected mobile and desktop
applications and other software developed or controlled by
persons in the People's Republic of China, to include Hong Kong
and Macau (China), continue to threaten the national security,
foreign policy, and economy of the United States. At this time,
action must be taken to address the threat posed by these
Chinese connected software applications.
By accessing personal electronic devices such as
smartphones, tablets, and computers, Chinese connected software
applications can access and capture vast swaths of information
from users, including sensitive personally identifiable
information and private information. This data collection
threatens to provide the Government of the People's Republic of
China (PRC) and the Chinese Communist Party (CCP) with access
to Americans' personal and proprietary information--which would
permit China to track the locations of Federal employees and
contractors, and build dossiers of personal information.
The continuing activity of the PRC and the CCP to steal or
otherwise obtain United States persons' data makes clear that
there is an intent to use bulk data collection to advance
China's economic and national security agenda. For example, the
2014 cyber intrusions of the Office of Personnel Management of
security clearance records of more than 21 million people were
orchestrated by Chinese agents. In 2015, a Chinese hacking
group breached the United States health insurance company
Anthem, affecting more than 78 million Americans. And the
Department of Justice indicted members of the Chinese military
for the 2017 Equifax cyber intrusion that compromised the
personal information of almost half of all Americans.
In light of these risks, many executive departments and
agencies (agencies) have prohibited the use of Chinese
connected software applications and other dangerous software on
Federal Government computers and mobile phones. These
prohibitions, however, are not enough given the nature of the
threat from Chinese connected software applications. In fact,
the Government of India has banned the use of more than 200
Chinese connected software applications throughout the country;
in a statement, India's Ministry of Electronics and Information
Technology asserted that the applications were ``stealing and
surreptitiously transmitting users' data in an unauthorized
manner to servers which have locations outside India.''
The United States has assessed that a number of Chinese
connected software applications automatically capture vast
swaths of information from millions of users in the United
States, including sensitive personally identifiable information
and private information, which would allow the PRC and CCP
access to Americans' personal and proprietary information.
The United States must take aggressive action against those
who develop or control Chinese connected software applications
to protect our national security.
Accordingly, I hereby order:
Section 1. (a) The following actions shall be prohibited
beginning 45 days after the date of this order, to the extent
permitted under applicable law: any transaction by any person,
or with respect to any property, subject to the jurisdiction of
the United States, with persons that develop or control the
following Chinese connected software applications, or with
their subsidiaries, as those transactions and persons are
identified by the Secretary of Commerce (Secretary) under
subsection (e) of this section: Alipay, CamScanner, QQ Wallet,
SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office.
(b) The Secretary is directed to continue to evaluate
Chinese connected software applications that may pose an
unacceptable risk to the national security, foreign policy, or
economy of the United States, and to take appropriate action in
accordance with Executive Order 13873.
(c) Not later than 45 days after the date of this order,
the Secretary, in consultation with the Attorney General and
the Director of National Intelligence, shall provide a report
to the Assistant to the President for National Security Affairs
with recommendations to prevent the sale or transfer of United
States user data to, or access of such data by, foreign
adversaries, including through the establishment of regulations
and policies to identify, control, and license the export of
such data.
(d) The prohibitions in subsection (a) of this section
apply except to the extent provided by statutes, or in
regulations, orders, directives, or licenses that may be issued
pursuant to this order, and notwithstanding any contract
entered into or any license or permit granted before the date
of this order.
(e) Not earlier than 45 days after the date of this order,
the Secretary shall identify the transactions and persons that
develop or control the Chinese connected software applications
subject to subsection (a) of this section.
Sec. 2. (a) Any transaction by a United States person or
within the United States that evades or avoids, has the purpose
of evading or avoiding, causes a violation of, or attempts to
violate the prohibition set forth in this order is prohibited.
(b) Any conspiracy formed to violate any of the
prohibitions set forth in this order is prohibited.
Sec. 3. For the purposes of this order:
(a) the term ``connected software application'' means
software, a software program, or group of software programs,
designed to be used by an end user on an end-point computing
device and designed to collect, process, or transmit data via
the Internet as an integral part of its functionality.
(b) the term ``entity'' means a government or
instrumentality of such government, partnership, association,
trust, joint venture, corporation, group, subgroup, or other
organization, including an international organization;
(c) the term ``person'' means an individual or entity;
(d) the term ``personally identifiable information'' (PII)
is information that, when used alone or with other relevant
data, can identify an individual. PII may contain direct
identifiers (e.g., passport information) that can identify a
person uniquely, or quasi-identifiers (e.g., race) that can be
combined with other quasi-identifiers (e.g., date of birth) to
successfully recognize an individual.
(e) the term ``United States person'' means any United
States citizen, permanent resident alien, entity organized
under the laws of the United States or any jurisdiction within
the United States (including foreign branches), or any person
in the United States.
Sec. 4. (a) The Secretary, in consultation with the
Secretary of the Treasury and the Attorney General, is hereby
authorized to take such actions, including adopting rules and
regulations, and to employ all powers granted to me by IEEPA,
as may be necessary to implement this order. All agencies shall
take all appropriate measures within their authority to
implement this order.
(b) The heads of agencies shall provide, in their
discretion and to the extent permitted by law, such resources,
information, and assistance to the Department of Commerce as
required to implement this order, including the assignment of
staff to the Department of Commerce to perform the duties
described in this order.
Sec. 5. Severability. If any provision of this order, or
the application of any provision to any person or circumstance,
is held to be invalid, the remainder of this order and the
application of its other provisions to any other persons or
circumstances shall not be affected thereby.
Sec. 6. General Provisions. (a) Nothing in this order shall
be construed to impair or otherwise affect:
(i) the authority granted by law to an executive
department, agency, or the head thereof; or
(ii) the functions of the Director of the Office of
Management and Budget relating to budgetary,
administrative, or legislative proposals.
(b) This order shall be implemented consistent with
applicable law and subject to the availability of
appropriations.
(c) This order is not intended to, and does not, create any
right or benefit, substantive or procedural, enforceable at law
or in equity by any party against the United States, its
departments, agencies, or entities, its officers, employees, or
agents, or any other person.
Donald J. Trump.
The White House, January 5, 2021.
[all]