The Secret System Behind Every Call You Make Is About to Change Hands
Also, did the Chinese government just hack it?
Low on time? Listen to a 13m podcast discussion summarizing this article:
I. Introduction
Every phone call you make and text you send passes through an invisible system so critical that the FBI queries it millions of times annually. Most Americans have never heard of it. But this “ultimate little black book”–a system that maps not just phone numbers, but traces the patterns of number ownership and manages important parts of our daily communications–is about to vanish behind layers of private ownership and regulatory resistance.
August 2024’s quiet announcement that Koch Equity Development (described by Bloomberg as, “a private investment arm of Koch Inc.”, which recently rebranded earlier this year from Koch Industries Inc. to simply, Koch Inc.) would acquire iconectiv (formerly Telcordia) for $1 billion barely made headlines outside of industry publications. The deal appeared, at surface level, to be about phone number portability–the system that lets consumers keep their numbers when switching carriers.
The reality is far more concerning.
This investigation reveals how America's most sensitive telecommunications infrastructure could soon be controlled by a private conglomerate that is simultaneously fighting to weaken federal regulatory authority.
The transition comes at a particularly troubling moment: the current owner, Ericsson, is selling two months after emerging from federal probation, having paid over $1 billion in penalties for bribery and concealing misconduct from U.S. authorities.
What's at stake extends far beyond convenience services for consumers.
This system:
Contains routing data for every phone number in North America
Processes millions of law enforcement queries annually using a separate “shadow database” specifically for sensitive government operations
Requires staffers to hold security clearances
Through examination of press releases, news articles, historical documents, regulatory filings, and parallel cases of data transfers, my investigation uncovers a disturbing pattern: one which challenges fundamental assumptions about how we protect both critical national security assets and the intimate details of Americans' lives in an era of unchecked M&A activities and private equity consolidation.
The scale of this infrastructure is staggering.
When the September 11 attacks destroyed AT&T's World Trade Center switch, this system had to rapidly reroute 50,000 Wall Street phone numbers. Today, it handles routing for hundreds of millions of phone numbers across the U.S. and Canada, serving thousands of carriers.
Yet even these statistics obscure the system's true significance. My research reveals how this seemingly routine private equity deal could:
Transfer control of America's telecommunications backbone to a massively powerful political entity which is actively fighting federal oversight
Create unprecedented concentration of sensitive data and systems under private control and a single point of vulnerability for U.S. telecommunications routing
Remove crucial transparency and accountability requirements that have historically protected, and should protect national security interests
Follow a documented pattern where critical infrastructure is less accountable to the government and the public
The full implications of this transfer become clear only when examining parallel cases–and the surprising connections between key players in those deals and Koch's current acquisition plans.
II. Understanding NPAC's Critical Role
Every day, in offices across the United States, FBI agents and intelligence officers make thousands of queries to a database system that most Americans don't know exists. In 2008, The Washington Post referred to it as “The Ultimate Little Black Book”, saying that this system managing routing data for every phone number in North America was the “most significant cog in the communications network that most Americans have never heard of”.
In 2014, the Post reported that FBI agents and intelligence officers queried the Number Portability Administration Center (“NPAC”) four million times annually. This figure has likely grown substantially over the past decade as telecommunications usage has expanded.
NPAC’s deeper significance lies not in its consumer-facing role, but in its critical function providing an important “source of truth” to help support law enforcement, intelligence operations, and national security.
The sensitivity of this query database may have prompted House Intelligence Committee Chairman Mike Rogers and Ranking Member Dutch Ruppersberger to warn the FCC in 2014 about “the inherent national security issues involved in this database”. As the Post noted in 2014, if numbers are scrambled or erased, “havoc” could ensue. However, the committee's primary concern wasn't service disruption, but rather a more insidious threat: that foreign governments might hack the system to identify which of their agents were under U.S. surveillance.
As I will demonstrate, this is no theoretical concern.
The system processes millions of law enforcement queries annually, each potentially revealing sensitive investigation details. To protect this information, engineers developed what they call a “shadow database”–a separate, more tightly controlled infrastructure specifically for law enforcement data. Even the development of this system requires special clearance; historically, sensitive portions of the code could only be written by U.S. citizens.
As you will soon learn, the House committee’s concerns about foreign control would eventually prove prescient.
III. Evolution of NPAC Control
The story of how this critical system came to be up for sale begins with the breakup of the Bell System. In 1997, when the telecommunications industry needed a neutral party to manage number portability, the government turned to Lockheed Martin, a defense contractor with experience handling sensitive national security infrastructure. The system would eventually move to Neustar, a Lockheed Martin spin-off, which operated it for 18 years.
When the FCC decided to transfer the contract to iconectiv (then known as Telcordia) in 2015, the transition took nearly three years. This wasn't necessarily due to bureaucratic delay, instead possibly reflecting the painstaking process of transferring control of what the FCC calls a “critical system” supporting “effective public safety services and law enforcement and national security operations.”
The FCC's public requirements for this transition hinted at the system's sensitivity. Beyond technical specifications, iconectiv had to implement a special Code of Conduct, establish a Voting Trust Agreement to ensure impartial operation, and undergo continuous security auditing. The commission demanded “robust enforcement tools” and established “a rigorous audit program that monitors for and ensures compliance” throughout the contract term.
The significance of Koch's iconectiv acquisition becomes clearer when viewed alongside its existing telecommunications holdings. Through its 2021 acquisition of TNS, Koch already controls crucial telecommunications infrastructure including toll-free numbers, short codes, and carrier interconnection services. Adding iconectiv's number portability system would give Koch unprecedented control over America's telecommunications backbone–from how calls are routed to how law enforcement tracks phone numbers.
In 2009, Transaction Network Services (TNS) acquired a communications division of VeriSign, gaining control of what the Washington Post called “the largest database not owned by phone giants,” containing 145 million names and phone numbers.
While TNS later sold some caller authentication “assets” (Read: Data–historical information about number ownership which allows the company to provide data services) to Neustar in 2015, it retained significant telecommunications infrastructure and data assets. Through subsequent acquisitions and development, TNS built itself into a major player in carrier infrastructure, processing billions of calls and managing critical telecommunications data.
TNS's role in this story extends far beyond its 2009 acquisition of VeriSign's communications division, which, at first, seems disconnected from everything else I’ve written here thus far–but wait! Today, TNS operates several crucial pieces of America's telecommunications infrastructure:
As administrator of the Toll-Free Number Registry (SMS/800), it controls the assignment and routing of all toll-free numbers in North America.
As the Common Short Code (CSC) Administrator, it manages the five- and six-digit numbers used for everything from mobile banking to emergency alerts.
Through its SS7 network services, it provides essential network interoperability that enables calls and messages to flow between different carriers.
Koch Equity Development recognized TNS's strategic value, acquiring TNS in 2021.
Meanwhile, in addition to having the Local Number Portability Administrator (LNPA) role for the United States through which iconectiv manages “the country’s only authorized source of number portability data” and “largest database of ported telephone numbers in the world”, iconectiv is also the Secure Telephone Identity Policy Administrator (STI-PA) of the nation's robocall prevention system (STIR/SHAKEN), and was awarded the role of carrying out policy decisions within that system in 2019, including such sensitive processes as key revocation. Additionally, iconectiv was recently re-awarded the contract to manage the FCC’s Telecommunications Relay Services (TRS) Numbering Directory, which supports the routing of calls for individuals who are hard of hearing or require speech communications assistance.
And now, with Koch's proposed acquisition of iconectiv, a troubling pattern of infrastructure consolidation emerges: a single private entity could soon control not just NPAC's phone number portability system, but also the infrastructure routing all our calls, defending against robocalls, managing toll-free numbers, short code messaging, caller ID, and performing other critical carrier interconnection services.
A remarkable portion of America's telecommunications infrastructure will be controlled by a single private entity.
IV. From Somewhat-Accountable to Not-Really
It is possible this privatized concentration of data and infrastructure would be unprecedented in modern American telecommunications history.
Consider the scope: In 2014, The Washington Post reported:
The Number Portability Administration Center, or NPAC, handles the routing of all calls and texts for more than 650 million U.S. and Canadian phone numbers for more than 2,000 carriers. If numbers are scrambled or erased, havoc could ensue.
The FBI and other law enforcement agencies query the database every day, or 4 million times a year, in the course of criminal and intelligence investigations to determine which phone company provides the service for a particular number.
–Ellen Nakashima, Washington Post, August 9, 2014
While I haven’t been able to find more recent public figures, these decade-old statistics give a sense of the system's scale and its critical role in law enforcement operations. Meanwhile, TNS maintains detailed records of call patterns and subscriber information for nearly half or more of all U.S. phone numbers. The STIR/SHAKEN system verifies the authenticity of calls across the network. Each of these systems alone holds immeasurably sensitive data; combined, they provide comprehensive visibility into American communications infrastructure.
“The database contains the data for routing, rating, and billing telephone calls to telephone numbers that are no longer assigned to the telecommunication carrier that originally received the central office prefix or thousands-block allocation,” explains the FCC's technical documentation.
Yet this understates the reality, and is difficult to understand.
Let me translate more clearly: These systems together would give their owner visibility into not just where calls are going, but who is making them, whether they're authentic, and which ones law enforcement is interested in. This article is not intended to be an exhaustive discussion of risks inherent to such systems, but rest assured–there are many.
With that said, the pending Koch acquisition introduces new risks.
Under Lockheed Martin, then Neustar, the system operated within frameworks designed for handling sensitive national security infrastructure.
The Washington Post’s 2008 reporting reveals why this mattered: during the September 11, 2001 attacks, the system had to rapidly reroute 50,000 Wall Street phone numbers when the World Trade Center's AT&T switch was destroyed. Such crisis operations require both technical capability and careful security protocols to prevent exploitation during moments of vulnerability.
But perhaps most concerning is the concentration of data about law enforcement operations. That same 2008 Washington Post investigation revealed that this database isn't just about routing calls–it provides a comprehensive map of telecommunications infrastructure that, if compromised, could reveal sensitive government and corporate operations through their communications patterns. When the FBI requested direct database access, they wanted daily updates of all FBI record requests–an ask which was reportedly denied because it would have created a single point of compromise for this sensitive data, highlighting my previous statement.
The transition to private ownership removes the few existing oversight mechanisms. As a public company, Ericsson is required to report significant security incidents to shareholders and the SEC, and operates under strict European data protection laws requiring the maintenance of rigorous compliance programs–all mechanisms which ultimately failed to be effective.
Koch Equity Development, as a private entity, faces no such requirements. This matters because, as the House Intelligence Committee leaders noted, the system needs protection from both “outsider and insider threats–a task traditionally partly accomplished through public company governance structures and regulatory oversight.
These concerns echo broader counterintelligence principles: critical infrastructure is most vulnerable during ownership transitions, private entities can be compromised without public disclosure requirements, and concentrated data creates attractive intelligence targets. What was originally designed as a secure system under defense contractor oversight is now becoming private infrastructure without traditional national security governance frameworks.
V. A Question of Timing
While much of this article thus far has focused on Koch's acquisition of iconectiv, equally significant questions surround Ericsson's decision to sell. The Swedish telecommunications giant's recent regulatory troubles and the timing of this sale–announced weeks after completing federal probation in June 2024–provide crucial context for understanding this transaction's national security implications.
In 2019, Ericsson was held accountable to what the Department of Justice called a years-long campaign of corruption, agreeing to pay over $1 billion in penalties for maintaining secret slush funds in China, Djibouti, Indonesia, and Vietnam while using intermediaries to bribe government officials across these jurisdictions. The U.S. government's findings revealed a systematic pattern of corruption and concealment.
More troubling still, in March 2023, the company faced an additional $206 million fine for failing to disclose allegations of corrupt conduct, including additional misconduct in Djibouti and China, and hiding their operations and evidence of misconduct in Iraq. The company's pattern of deception extended to violating the terms of its 2019 deferred prosecution agreement, which required it to cooperate with the investigation and disclose all relevant information. They admitted they did not disclose all information, which the government said harmed their ability to bring particular executives to justice for their involvement.
This second penalty came with an extension of their probation through June 2024–meaning Ericsson's announcement of the iconectiv sale comes on the heels of their emergence from federal supervision.
As such, the timing of the iconectiv sale raises critical questions about the transfer of America's telecommunications routing infrastructure. Under normal circumstances, a parent company's past corruption issues might not directly affect a highly regulated subsidiary like iconectiv. But Ericsson's particular misconduct appears to strike at the heart of what the FCC's 2016 order mandated: “strict conditions to ensure reliability, security, and competitive neutrality.”
Consider the implications: The company currently responsible for some of America's most sensitive telecommunications infrastructure and data has faced recent Justice Department scrutiny for concealing misconduct. The same corporate governance that failed to prevent these violations currently oversees iconectiv's critical national security systems. While there's no evidence that Ericsson's misconduct directly affected iconectiv's operations, the parent company's pattern of behavior raises significant concerns about transparency and oversight.
This context makes the impending shift to Koch's private ownership even more significant.
We're not simply moving from foreign public company oversight to private control–we're doing so at a moment when the current owner faces serious questions about its ability to maintain the transparency required for critical infrastructure operation. Each transition creates a control gap–a period in which normal oversight mechanisms may be significantly weakened as both the divesting and acquiring companies navigate the transaction.
VI. A History of Weakened Safeguards
When the FCC approved iconectiv (then Telcordia) as the Local Number Portability Administrator in 2016, the decision marked a troubling inflection point in NPAC's governance. While the commission established what appeared to be stringent requirements, including “effective public safety services” and “robust enforcement tools”, the selection process itself revealed deep flaws in how America protects its critical telecommunications infrastructure.
Neustar's protests went far beyond typical incumbent complaints. They filed a lawsuit. The company declared the process “substantially defective” and warned of “substantial transition risks and cost to the industry and the consumers it serves.” They formally challenged a bizarre extension of the RFP deadline that came after Neustar had already submitted its bid, arguing this unfairly benefited competitors who couldn't meet the original deadline. More concerning, Neustar raised alarms that portions of its confidential bid might have been inadvertently disclosed to competitors and suggested certain bidders may have gained advantages through undisclosed communications with the governance board or regulators.
According to industry publication RCR Wireless News,
The firm [Neustar] continued to voice its displeasure with the process in its latest quarterly results conference call, with current President and CEO Lisa Hooks noting the decision was “another data point in a bizarre and arcane process that continues to give short shrift to the important issues involving critical U.S. telecommunications infrastructure.”
In hindsight, these weren't entirely the complaints of a losing bidder.
Under then-FCC Chairman Tom Wheeler, a former lobbyist who had headed both the National Cable & Telecommunications Association and Cellular Telecommunications & Internet Association, the FCC had failed to include national security requirements in the initial bid specifications, a grievous error which betrayed the lack of care given to the selection process. The commission appeared to prioritize Telcordia's lower bid price over security concerns, despite the risks of foreign ownership.
The consequences began to become clear in 2016, when a whistleblower lawsuit revealed that Telcordia had employed non-U.S. citizens, including a Chinese national, for NPAC software development–violating an explicit agreement to use only U.S.-based personnel and code. While the FCC ordered a code rewrite, the incident highlighted fundamental flaws in the oversight process.
VII. A Pattern of Failed Oversight
The bombshell October 2024 revelations from The Wall Street Journal about Chinese state hackers penetrating America's telecommunications infrastructure have thus far been under-discussed.
An Advanced Persistent Threat (APT) group dubbed “Salt Typhoon” has been discovered as maintaining persistent access “for months or longer” to systems tracking federal wiretap requests across at least ten telecommunications companies, including AT&T, Verizon, and Lumen.
The breach is considered so serious that the White House has established an emergency multiagency team to coordinate response.
“The U.S. government, the companies themselves and security firms that are helping investigate the intrusions still do not know how the attacker first penetrated the companies’ networks. That lack of a clear entry point is making it difficult to kick the attacker out, several people familiar with the matter said.”
–WSJ, U.S. Wiretap Systems Targeted in China-Linked Hack, Oct 5, 2024
This catastrophic security breach has occurred despite–or perhaps because of–existing oversight mechanisms.
These frameworks has obviously proved inadequate to prevent what officials describe as a “historically significant and worrisome” compromise. The hackers reportedly gained access to both wiretap monitoring systems and general internet traffic, with affected companies potentially receiving national security exemptions from having to disclose the breaches to shareholders.
“Companies are generally required to disclose material cyber intrusions to securities regulators within a short time, but in rare cases, federal authorities can grant them an exemption from doing so on national security grounds.”
–WSJ, U.S. Wiretap Systems Targeted in China-Linked Hack, Oct 5, 2024
The timing of these revelations is particularly troubling.
This massive security failure comes to light just as Ericsson, fresh off federal probation, seeks to transfer iconectiv to Koch's private control. The transition would move NPAC from a demonstrably flawed oversight regime under a foreign public company to one with even fewer accountability mechanisms, which might even be touted by a few folks in the future as some sort of a positive thing because the buyer is a domestic firm.
Consider these implications: The same carefully designed “shadow database” system(s) that telecommunications carriers created to protect law enforcement queries has potentially been compromised.
Now, similar critical telecommunications infrastructure faces transfer to a private entity actively fighting to weaken federal regulatory authority–creating a disclosure blind spot potentially even more opaque than the current regime which failed to detect this historically-awful breach, and has sought to keep its details and implications under wraps thus far.
While the Salt Typhoon breach reveals the vulnerabilities in our current oversight system, the historical pattern of how sensitive infrastructure changes hands provides equally troubling warnings. Recent attempts to acquire other critical information assets offer a preview of what might happen to NPAC under private control.
VIII. Parallels of Foreign Capture
When an $800 million deal to sell Forbes collapsed under the scrutiny of The Committee on Foreign Investment in the United States (CFIUS) last November, it revealed a pattern that should concern anyone watching Koch's bid for iconectiv. The Washington Post obtained five audio recordings where Russian tycoon Magomed Musaev, who controls Forbes' Russian language edition, claimed he was the real buyer behind the deal. In a separate video, Musaev described the American tech executive Austin Russell as merely the “face” of the transaction while insisting his own involvement remain hidden.
Now, according to recent Axios reporting, Koch Equity Development is pursuing Forbes again–this time partnering with Indian-born entrepreneur Divyank Turakhia.
In 2016, Turakhia sold Media.net, the company he had founded and subsequently sold out of Dubai which managed over $450 million in annual advertising revenue–90% sourced from the U.S. market–for $900 million to Beijing Miteno Communication Technology.
This deal was touted by Forbes as the “Third-Largest Ever AdTech Deal”.
The acquiring self-described “consortium” claimed to be excited about the technology the company had developed, but this author suspects it was Media.net’s data assets which were the true acquisition target. Within two years, Beijing Miteno, which had originally conducted its IPO and gone public in 2010, began a precipitous stock decline, had changed its name to Beijing Shuzhi Technology, and by 2022 had delisted entirely from the Shenzhen Stock Exchange–though rather than disappearing, the renamed entity seems to have simply shifted to private operations, continuing to make occasional M&A deals while operating beyond public scrutiny. I was not able to locate CV details for the company’s CEO beyond his work there, and their website–never really fleshed out–is permanently down.
The name change and delisting represent classic signs of corporate obscurement–the process of acquiring sensitive assets under one corporate identity, then burying them within restructured entities that attract less attention. This pattern becomes particularly significant when examining the subsequent activities of Media.net's former owner, Turakhia.
After selling his company's vast trove of U.S. user data to Chinese interests, Turakhia appeared in an informational Foreign Agents Registration Act (FARA) filing as an advisor to the UAE's artificial intelligence initiatives. Now, according to an Axios report, he's potentially partnering with Koch Equity Development to acquire Forbes and its valuable market intelligence platform, which now comprises the majority of the company’s revenue.
The parallel between these cases is striking.
The Beijing Miteno/Shuzhi case illustrates how public company structures can serve as temporary vehicles for sensitive technology and data transfers. The initial public listing provides transparency and legitimacy for the acquisition. The subsequent renaming and shift to private ownership then shields the acquired assets from ongoing scrutiny. This evolution from public to private control, accompanied by deliberate corporate obscurement, could eventually mirror the proposed transformation of iconectiv under Koch ownership.
As Senators Cotton and Rubio warned Treasury Secretary Yellen last year about the failed Forbes sale, U.S. figures appeared to be “masquerading as the lead buyer” while serving as “a conduit for larger foreign investors.” In fact, they suggested in their letter the attempt to purchase Forbes was a joint venture by the Chinese Communist Party and the Kremlin.
Now, as Koch pursues both Forbes and iconectiv, the choice of Turakhia as a potential partner in the Forbes bid should raise questions with federal investigators and regulators about a broader pattern of critical infrastructure transfers.
However, the stakes with NPAC appear to be significantly higher.
While Media.net handled advertising data comprising detailed Internet surveillance dossiers, NPAC manages country-level routing and processes millions of annual law enforcement queries. The combination of such sensitive infrastructure with the kind of upcoming corporate restructuring presented in this article is likely to create severe counterintelligence concerns.
Recent scrutiny of technology transfers provides a framework for understanding these risks. When CFIUS reviews foreign acquisitions, it looks for patterns where critical infrastructure might be obscured through corporate restructuring. Yet domestic private acquisitions like Koch's bid for iconectiv often escape this level of pattern analysis, even when they raise similar oversight concerns.
As regulators examine Koch's bid for iconectiv, they face a crucial question: how to prevent America's critical telecommunications infrastructure from disappearing behind the same kind of corporate restructuring that has repeatedly obscured valuable data assets from oversight. The parallels between these cases suggest that traditional regulatory frameworks, designed for straightforward corporate transactions, are inadequate for detecting and preventing sophisticated attempts to shield sensitive infrastructure from public accountability.
This upcoming transition represents something more than just a change in ownership–it risks following a documented pattern where critical national infrastructure becomes progressively harder to monitor and regulate. The telecommunications routing system that law enforcement queries millions of times annually could, like Media.net's advertising data before it, vanish into an ecosystem of private holdings.
But the erosion of NPAC's oversight framework through privatization represents only half the challenge. Even as Koch Equity Development seeks to acquire this sensitive national security infrastructure, its parent company is actively working to dismantle the very regulatory apparatus that would help ensure its responsible operation. Understanding Koch's broader campaign against federal oversight provides crucial context for evaluating its pursuit of America's telecommunications routing system.
IX. Koch’s Opposition to Federal Regulation
Koch, a behemoth in the American corporate landscape, has a “complex” (generously speaking) relationship with regulatory bodies which stretches back decades. This relationship is characterized by both ideological opposition to government oversight and a practical history of regulatory entanglements. The company has long supported libertarian or right-learning think tanks like the Heritage Foundation and Cato Institute, advocating for reduced governmental authority over business practices, even as it seeks control of infrastructure explicitly designed for government access.
Koch has been embroiled in significant regulatory challenges, facing hundreds of cases and paying over $1 billion in fines and settlements since 2000. These include a variety of environmental violations, labor disputes, and safety regulations, underscoring the paradox of a company seeking to minimize oversight while frequently going toe-to-toe with regulatory agencies and simultaneously conducting and attempting buyouts of companies which handle critical telecom infrastructure.
This duality comes into sharper focus in the context of recent legal battles, such as the challenge to the Chevron doctrine, which has historically empowered federal agencies to interpret ambiguous laws in favor of regulatory enforcement. The Koch network’s involvement in the overturning of Chevron Deference reveals a strategic effort to reshape the landscape of federal regulation which seeks to limit the government's capacity to impose checks on corporate actions.
This combination of ideological opposition to federal oversight and practical experience with regulatory enforcement makes Koch's bid for iconectiv particularly outlandish. The company would be acquiring an infrastructure explicitly designed for government access while simultaneously working to restrict federal agencies' regulatory authority over private business operations.
X. Intervention Required to Prevent Another Security Crisis
This confluence of Ericsson's legal troubles and Koch's bid for iconectiv creates a “perfect storm” for regulatory scrutiny. The FCC's usual playbook for evaluating NPAC transitions needs significant expansion to address these unique circumstances.
Consider the last major transition in 2015, when iconectiv (then Telcordia) won the contract from Neustar. The FCC's primary concerns centered on cost savings, expanding access to more vendors, and technical capability. But today's situation demands a more nuanced approach. Not only must regulators evaluate Koch's fitness as a private owner, they must also ensure that Ericsson's compliance issues haven't compromised any of iconectiv's critical systems during its stewardship.
The Justice Department's recent experience with Ericsson provides a lesson.
As revealed in the 2023 settlement, traditional compliance mechanisms failed to catch significant violations. The company's ability to conceal misconduct until after its original deferred prosecution agreement suggests that even intense regulatory scrutiny can miss crucial issues. This raises urgent questions about the adequacy of current oversight mechanisms for critical infrastructure.
That is why I believe the iconectiv acquisition demands coordinated scrutiny from multiple federal authorities before closing:
The FBI and intelligence community must thoroughly assess this ownership change's impact on investigation security. As detailed in Section II, law enforcement queries this system millions of times annually through a specially-designed “shadow database.” With the system's ability to reveal sensitive investigation patterns, the Bureau must evaluate whether private ownership could compromise ongoing operations or create new vulnerabilities in this critical investigative tool.
The Department of Justice should leverage its recent experience with Ericsson to ensure stronger oversight. As Section V revealed, Ericsson concealed misconduct even while under federal supervision, leading to $206 million in additional penalties. Before approving any transfer, the DOJ must determine whether Ericsson's pattern of deception affected iconectiv's operations and establish stronger compliance mechanisms for the new owner.
CFIUS should examine not just the direct transfer from Ericsson to Koch, but the broader pattern of sensitive infrastructure transfers. Section VIII's analysis of Media.net's evolution from a U.S.-focused advertising platform to an obscured Chinese asset demonstrates how domestic acquisitions can become vehicles for foreign access to sensitive systems. The committee must ensure this critical telecommunications infrastructure doesn't follow a similar path of decreasing transparency.
The FCC needs to fundamentally rethink its oversight approach. The regulatory framework described in Section III was designed for public companies with SEC reporting requirements and shareholder accountability. Koch's private ownership demands new monitoring mechanisms. The commission's previous experience with iconectiv's transition, including the whistleblower revelations about unauthorized foreign developers, proves that traditional oversight methods are insufficient.
Congress, particularly the House Intelligence Committee, must revisit its 2014 warnings about NPAC's “inherent national security issues”, this time addressing the specific challenges of private ownership. As Section IX detailed, Koch's active campaign against federal regulatory authority creates unprecedented risks. When a company fighting to dismantle agency oversight seeks control of infrastructure explicitly designed for government access, Congress must establish new protective frameworks.
Time is not on the side of regulators in this case, as the deal is scheduled to close in January 2025. Once NPAC transitions to private control, existing oversight mechanisms will be reduced or lost.
These systems which route and maintain the stability of America's telecommunications require coordinated regulatory intervention now—before critical national security infrastructure becomes just another private equity asset beyond public scrutiny.
Thank you for reading my work.