(Credit: Zooey Liao/PCMag/Getty Images)
The FCC’s recent decision to ban foreign-made routers fits into a broader pattern in which complex, hard-to-define risks get simplified into something tangible and easy to point out to the populace. We’ve seen this play out across the tech landscape, with Starlink dishes taking on geopolitical weight in the Ukraine war, lawmakers thrusting 3D printers into the ghost gun debate, and the banning of all new foreign-made drones widely used by police, EMS, and firefighters.
In each of these cases, a device—a lump of plastic and wires with a plug—is the focal point for a much larger concern. In the case of the router ban, that concern is the threat of bad foreign actors. Routers are simply the latest devices to shift from set-it-and-forget-it infrastructure to something we’re now being asked to see, question, and walk on the other side of the electronic street from.
That shift doesn't reflect reality, though. Modern tech supply chains don’t neatly follow political boundary lines. Despite years of reshoring efforts, like the federal government buying 10% of Intel, China still leads in critical sectors like solar energy, batteries, electric vehicles, robotics, and drones, with a manufacturing depth that can’t be replicated quickly. Policy can move quickly. Supply chains can’t. When policies and chains fall out of sync, perception often fills the gap. Fear can drive decisions—like what consumers buy or don't buy—faster than infrastructure can adapt.
(Credit: Joseph Maldonado)The result is that Wi-Fi routers, which are both relatively cheap and critical for modern life, are now being treated as nefarious liabilities. The air in the room tingles the same way it did when that Chinese weather balloon drifted over the US, the firing upon it with an F-35 rocket after following it from the west to east coast imbuing public opinion the same way this ban does. Dramatic. Consequential. Patriotic, even.
The Ban Is All Bark, No Bite
The FCC claims that “malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft…," adding that "foreign-made routers were also involved in the Volt, Flax, and Salt Typhoon cyberattacks targeting vital US infrastructure.”
But is there any evidence to support the idea that foreign-made devices are less secure than their American counterparts? Everyone builds on the same silicon brains, with most routers—whether designed in the US or abroad—running on chipsets from Qualcomm, Broadcom, or MediaTek. Edge cases exist, but even those have supply chains that are just as diverse. The label on my SpaceX Starlink V3 router says it was made in Amsterdam. But the chips come from the Taiwanese firm WNC, whose supply chain is ever-diversifying, motivated by geopolitical concerns. If my router were assembled in Texas, like some Starlink routers are, would it not be considered foreign anymore? Who decides, and how transparent are the judges?
Router firmware often shares common roots in Linux-based operating systems. Manufacturers reuse code, modify the UI, and slap their branding on it. So all routers, by their very nature, have huge attack surfaces. They are Wi-Fi radios. They have WAN interfaces, LAN switching, VPNs, firewalls, and cloud management features. Every aspect of these simple-on-the-surface devices is a door that bad actors could force open. There’s no evidence that an American router could have prevented previous cyberattacks any more than a foreign-made one.
Caught in the crossfire are powerful routers from the likes of Asus, that consistently top benchmark tests. The Asus RT-BE96U looks like something that crawled out of Area 51, regenerated, and beamed signals back to Alpha Centauri—and just happens to blanket your house with strong Wi-Fi 7 signals. If this was intended to be an electronic wolf in sheep’s clothing, Asus could have pulled some punches in the design language and the extensive feature list. But it didn’t make a "just as good as” product. Asus and other foreign companies like TP-Link simply make really good routers.
What Are We Trying to Protect, Exactly?
We tend to move fastest against the threats we can point to, and slowest against the ones already built into the systems we rely on, that the establishment has invested in. I’m suspicious of edicts and legislation that rail against technology from China, which, as I’ve noted in prior articles, is just better across the board in nearly every measurable aspect. Being told to trust the people who promised us that the NSA wasn’t building databases on US citizens—to trust that these amazing machines are doing nefarious things without proof—is a hard pill to swallow, and one that could have tremendous economic consequences in a market like routers.
(Credit: Joseph Maldonado)Ultimately, I don't trust the FCC to tell me routers (or drones, for that matter) are unsafe, any more than I would trust a referee whose son is playing in the game. I bought my DJI Neo 2 on eBay from a South Korean seller right after the drone ban went into effect. It’s a marvelous piece of engineering, and I don't hesitate to fly it out of fears that a foreign spy is watching videos of me flying in my backyard, having scraped my footage through a firmware backdoor.
When excellent-performing, cost-effective hardware becomes the boogeyman in your home, it’s a slippery slope. Is it about safety, or throttling someone who's just better at something? When fear points outward but evidence points inward, we’re not defending the network—we’re defending the narrative.