Recently passed legislation that restricts information technology purchases by several U.S. government agencies, a decision that could hurt firms such as Lenovo, is drawing fire from the private sector.

The U.S. Chamber of Commerce and several high-tech industry groups have written to Congress protesting the move.

A letter sent by the groups went to Capitol Hill on Thursday.

Signing on were:

  • BSA | The Software Alliance
  • Emergency Committee for American Trade (ECAT)
  • Information Technology Industry Council (ITI)
  • Semiconductor Industry Association (SIA)
  • Software & Information Industry Association (SIIA)
  • TechAmerica
  • Technology CEO Council
  • Telecommunications Industry Association (TIA)
  • U.S. Chamber of Commerce
  • U.S. Council for International Business (USCIB)
  • U.S. Information Technology Office (USITO)

The groups “are writing to express our concern with language” in the recently passed appropriations bill since it “will bar the Departments of Commerce and Justice, the National Aeronautics and Space Administration, and the National Science Foundation from acquiring information technology (IT) systems unless ‘the head of the entity, in consultation with the Federal Bureau of Investigation or other appropriate Federal entity’ has made a risk assessment of potential ‘cyber-espionage or sabotage…associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People’s Republic of China.’

“Given the expedited manner in which this provision was enacted, we ask the Congress to review the security implications and competitive impact of this requirement, and consider a more constructive approach to this issue,” the groups said. “We also seek your support to ensure similar language is not included in other legislative vehicles.”

Lenovo, which operates its executive headquarters in Morrisville but bases most operations in China, has said it also is reviewing the legislation, which President Obama signed into law on March 26.

“We understand and share Congress’ concern about the security of the U.S. government’s IT infrastructure,” the groups added.
“The IT assessment requirements in Section 516, however, set a troubling and counterproductive precedent that could have significant international repercussions and put U.S.-based global IT companies at a competitive disadvantage in global markets. Fundamentally, product security is a function of how a product is made, used, and maintained, not by whom or where it is made. Geographic-based restrictions run the risk of creating a false sense of security when it comes to advancing our national cybersecurity interests. At a time when greater global cooperation and collaboration is essential to improve cybersecurity, geographic-based restrictions in any form risk undermining the advancement of global best practices and standards on cybersecurity.”

The groups say the legislation could trigger a chain reaction of negative consequences, including:

  • “Impede the U.S. government’s ability to protect itself through use of the latest cutting-edge IT products. The requirement to assess every IT product purchase, absent any triggering threshold, will likely slow the federal acquisition process and put impacted federal agencies behind the security innovation curve because they would not be acquiring and using the latest security innovations.
  • “Put federal civilian agencies in conflict with the Department of Defense’s (DoD) cybersecurity procurement reforms. The recent Department of Defense Strategy for Operating in Cyberspacerecommended reforming the acquisition process, stating “DoD’s acquisition processes and regulations must match the technology development life cycle. With information technology, this means cycles of 12 to 36 months, not seven or eight years.”
  • “Fuel potential retaliation. The Chinese government may choose to retaliate against U.S.-based IT vendors by enacting a similar policy for screening IT system purchases in China.
  • “Encourage copycat legislation. Governments in other countries may seek to emulate this policy, harming U.S. IT vendors who wish to sell in those markets. Similar policies are already being pursued by some foreign governments. We are concerned this provision would severely undermine the U.S. government’s efforts to contain these policies.”

In the future, the groups “strongly” encouraged the government to have “a meaningful bilateral dialogue between the United States and China to address cybersecurity concerns in a manner consistent with best security and trade practices.”

Will Washington listen?

[LENOVO ARCHIVE: Check out eight years of Lenovo stories as reported in WRAL Tech Wire.]