FCC Bans Nearly All Wireless Routers Sold in the U.S.

This week, the Federal Communications Commission (FCC) effectively banned the sale of nearly all wireless routers in the U.S., in yet another example of the government making Americans’ consumer decisions for them.

Ninety-six percent of American adults use the internet, and 80 percent of them use wireless routers—devices that transmit a signal throughout your home via radio waves and allow you to get online without plugging into the wall.

In a Monday announcement, the FCC deemed “all consumer-grade routers produced in foreign countries” potentially unsafe. This followed a national security determination last week, in which members of executive branch agencies concluded that “routers produced in a foreign country, regardless of the nationality of the producer, pose an unacceptable risk to the national security of the United States and to the safety and security of U.S. persons.”

The Secure and Trusted Communications Networks Act of 2019 empowered the government “to prevent communications equipment or services that pose a national security risk from entering U.S. networks.” The law directed the FCC to “publish and maintain a list of such equipment or services,” and according to that agency, inclusion on the list “will prevent the marketing, sale, or operation of any such new ‘covered’ equipment within the United States.”

Since wireless routers transmit over radio frequencies, they must be authorized by the FCC to be sold in the U.S.; adding all new foreign-made routers to the “Covered List” means the FCC will not authorize those devices’ transmitters, effectively banning their sale or use.

The announcement specifies that this only applies to new consumer-grade devices and “does not prohibit the import, sale, or use of any existing device models the FCC previously authorized.” It also notes that manufacturers who apply for exemptions on new models can be “granted ‘Conditional Approval’ after finding that such device or devices do not pose such unacceptable risks.”

Perhaps unsurprisingly, the ban will likely make it more difficult for Americans to get wireless routers.

The problem is that banning all foreign-made routers means banning practically all routers. Most manufacturers, including the three largest, make their products overseas.

“The only routers I know of that are manufactured in the US are some Starlink Wi-Fi routers, which are primarily made in Texas,” Simon Hill writes at Wired. “Starlink is part of Elon Musk’s SpaceX company, but many of the components in these routers come from East Asia.” (The FCC notes that “a router produced in the United States is not considered ‘covered’ equipment solely because it contains one or more foreign-made components,” unless that foreign-made part is a transmitter.)

Besides, routers made overseas aren’t automatically unsafe—and by the same token, just because a router is made domestically, that doesn’t mean it’s safe.

It’s true, as the national security determination notes, that “compromised routers” can be—and have been—used to carry out cyberattacks. “Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes,” the report found. “Additionally, routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks which targeted critical American communications, energy, transportation, and water infrastructure.”

But this is not a reflection of where these products were made. “Almost without exception, the hardware and software that ships with most consumer-grade routers includes a number of default settings that need to be changed before the devices can be safely connected to the Internet,” cybersecurity journalist Brian Krebs wrote in November. It’s only within the past few years, he adds, that manufacturers began “forcing users to perform basic hygiene—such as changing the default password and updating the internal firmware—before the devices can be used as a router.”

Even if every affected company moves production onshore, there’s no indication that anything will change. “It is not clear how simply moving production of routers domestically would make them safer,” Sean Hollister writes at The Verge. “In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by US companies, according to the Department of Justice. They were vulnerable because those US companies had stopped providing security updates to the specific targeted routers, which had been discontinued by those companies.”

Of course, this isn’t a total ban: The government can grant exemptions to certain products if the FCC deems them safe. But this could just as easily be an opportunity for corruption. Last year, President Donald Trump imposed tariffs on nearly every other country in the world, fancifully citing trade deficits as a threat to national security. But lobbyists got to work, and within weeks, the administration granted exemptions to firms in the automotive, energy, pharmaceutical, and semiconductor manufacturing industries.