Page:2020-06-09 PSI Staff Report - Threats to U.S. Communications Networks.pdf/68

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

the United States in 2014.[1] CTA also acknowledged that, "in 2015, CTA new customer information began to be ported onto a web-based platform located in China, with some existing customer data duplicated on this platform," although it eventually established a U.S-based data storage system.[2] Team Telecom, however, noted that CTA passed certain customer data to CTG staff "at overseas network operations centers to manage enterprise data services . . ."[3] and that CTA "store[d] [U.S.] customer data in the [United States] and Hong Kong."[4] Team Telecom also flagged that CTA relied on China Telecom's network operations centers located in Beijing and Shanghai.[5] CTA informed the Subcommittee that customer information has always "remained available in the United States," with CTA being able to access the information.[6]

According to records of the site visit, one Team Telecom official concluded that CTA appeared to be "generally in compliance" with the security agreement, despite finding that CTA was not CALEA compliant and had "limited capability" of assisting law enforcement.[7] Officials acknowledged that Team Telecom needed to review CTA's equipment lists for potential security risks and, if needed, pursue modifications to the security agreement.[8] DHS indicated to the Subcommittee that DOJ—as the lead of Team Telecom—did not send a feedback letter to CTA following the March 2017 site visit to request the equipment list.[9] Nevertheless, one official explained that, even if such documents had been received and risks were identified, Team Telecom had limited recourse to force a renegotiation of the security agreement.[10]

Team Telecom conducted a second site visit in April 2018.[11] During that visit, CTA confirmed that it had no substantive or material changes since the 2017 visit, with the exception of elimination of wholesale voice services, which was deemed no longer profitable.[12] Handouts provided during the visit indicate CTA

  1. TT-DOJ-500-06, at TT-DOJ-502.
  2. TT-DOJ-495-99, at TT-DOJ-499.
  3. Id.; DHS00473PSI-76, at DHS00475PSI.
  4. TT-DOJ-500-06, at TT-DOJ-502.
  5. Id.
  6. Letter from Morgan, Lewis & Bockius LLP, counsel to CTA, to the Subcommittee (June 2, 2020) (on file with the Subcommittee).
  7. TT-DOJ-500-06, at TT-DOJ-502-03.
  8. See TT-DOJ-495-99, at TT-DOJ-496.
  9. See Email from the Dep't of Homeland Sec. to the Subcommittee (Feb. 14, 2020) (on file with the Subcommittee).
  10. Briefing with the Dep't of Homeland Sec. (Feb. 7, 2020); Email from the Dep't of Homeland Sec. to the Subcommittee (June 4, 2020) (on file with the Subcommittee).
  11. See generally DHS00477PSI-99; TT-DOJ-507-20.
  12. DHS00477PSI-99, at DHS00478PSI; TT-DOJ-507-20, at TT-DOJ-508.

64

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:2020-06-09_PSI_Staff_Report_-_Threats_to_U.S._Communications_Networks.pdf/68&oldid=14501188"