Flatirons

Tuesday, February 26, 2008

National Security and Chinese Foreign Direct Investment


The Committee on Foreign Investment in the United States (CFIUS) is composed of twelve executive agencies tasked with reviewing cross-border mergers and acquisitions that may pose risks to American national security. As reported widely in the United States, Bain Capital recently backed off an attempt to sell 3Com to Huawei, a Chinese manufacturer of telecommunications equipment, in large part because of CFIUS-related concerns.

As the Times reported, "[t]he snag was that 3Com makes antihacking computer software for the military, among other things, and Huawei Technologies has ties to the Chinese military." Evidently, "[t]he concern in Washington was that the Chinese company would be able to alter the electronic equipment and computer software sold to the military in a way that made it less than 100 percent effective." So, Bain and 3Com opted to kill the proposed merger, at least in the form initially proposed.

But today Huawei probably got what it wanted, at least in some form. According to JRJ, Huawei is going to form a joint venture with Symantec, the U.S. security software vendor. Evidently the "joint venture will be engaged in network security and storage appliance R&D, sales and service." Granted, Symantec and 3Com are in different businesses, and the joint venture will be based in China, but in some respects the issues are the same: a Chinese company with links to the People's Liberation Army could gain access to security systems and software that protect the critical infrastructure of the United States. Thank goodness that, unlike 3Com, Symantec doesn't sell computer security systems to the Pentagon, right? Oh, but it does.

I'm not sure of the exact details, but I am guessing that Huawei opted for a joint venture with Symantec at least in part to avoid triggering the CFIUS process that killed the 3Com deal. The CFIUS process, governed by section 271 of the Defense Production Act, excluded joint ventures until 2000, when some new regulations came into effect. Those new regulations, found at 31 C.F.R. § 800.301 (b)(5), apply the CFIUS process to joint ventures if (a) a U.S. person contributes an existing identifiable business concern to a joint venture and (b) a foreign interest would gain control over the business by means of the joint venture. (For more on this process, see this PDF.) Arguably, Huawei will not gain control over Symantec because Symantec is contributing $150 million in capital and some "leading enterprise storage and security software licenses" in exchange for a 49% stake in the company, at least initially. But who needs control if all you want is access to intellectual property?

To be sure, the CFIUS process is not the only hurdle that foreign investors must clear to acquire companies with knowledge of U.S. critical infrastructure. Moreover, I realize that the Symantec deal does not necessarily mean that Huawei was just looking for a way to get access to computer security expertise. But I think it's pretty clear that the attorneys for Huawei did their client a great service, and that the timing of the Huawei-Symantec joint venture is pretty suspect.

In other news, I managed to order take-out tonight entirely in Chinese. Woo hoo!

No comments: