US Congress Passes Bill Banning Dahua and Hikvision

By: IPVM Team, Published on Aug 02, 2018

The bill banning US government use of Dahua and Hikvision products has been passed by both chambers of Congress (House vote [link no longer available], Senate vote). The US President has voiced support of this bill and is expected to be signed into law.

UPDATE: The Bill and Ban have now been signed into law.

How It Passed

In May, this ban was introduced as an amendment to the House version of the NDAA defense appropriations bill. However, at that time, the Senate did not include such a ban, raising hopes by Dahua and Hikvision that the ban would be removed in the reconciliation process. However, reconciliation included the ban and both the House and Senate easily passed the bill with the ban.

Bill Ban

The reconciled bill is 1,360 pages covering a vast array of government regulations including the bans of Dahua and Hikvision for US government usage. The relevant section (p322 to 323) is:

Possible Expansion

One important possible expansion of the ban is a new clause calling out 'critical infrastructure' and 'national security purposes':

It is not clear if the bill bans use of Dahua and Hikvision in those areas but, if it did, it would significantly increase the impact as many non-governmental organizations could fall under those categories (utilities, banks, etc.)

Ban Starts 1 Year After Enacted

The bill says this 'prohibition' will start one year after it is enacted, which would put that in H2 2019:

However, in practice, the ban is immediate given the elimination clause.

Remove Existing Dahua and Hikvision Systems

Compounding the problem for Dahua and Hikvision, the bill includes a directive to 'phase-out' and 'eliminate' the use of existing equipment:

Overall, Dahua and Hikvision equipment is a distinct minority of US government video surveillance but there is a non-trivial amount deployed that could be a boon for system integrators and rival video surveillance manufacturers.

*** **** ******* ** government *** ** ***** and ********* ******** *** been ****** ** **** chambers ** ******** (***** vote [**** ** ****** available],****** ****). ***** ********* *** ****** support ** **** ******* ** ******** ** be ****** **** ***.

******:*** **** *** *** have *** **** ****** into ***.

How ** ******

** ***, **** *** was********** ** ** ********* ** the ***** ********* *** **** ******* appropriations ****. *******, ** that ****, *** ****** did *** ******* **** a ***, ******* ***** by ***** *** ********* that *** *** ***** be ******* ** *** reconciliation *******. *******, ************** included *** *** *** both *** ***** *** Senate ****** ****** *** bill **** *** ***.

Bill ***

************* **** ** *,*** ***** covering* **** ***** ** government *********** ********* *** **** of ***** *** ********* for ** ********** *****. The ******** ******* (**** to ***) **:

Possible *********

*** ********* ******** ********* of *** *** ** a *** ****** ******* out '******** **************' *** 'national ******** ********':

** ** *** ***** if *** **** **** use ** ***** *** Hikvision ** ***** ***** but, ** ** ***, it ***** ************* ******** the ****** ** **** non-governmental ************* ***** **** under ***** ********** (*********, banks, ***.)

Ban Starts * **** ***** *******

*** **** **** **** 'prohibition' **** ***** *** year ***** ** ** enacted, ***** ***** *** that ** ** ****:

*******, ** ********, *** *** is ********* ***** *** elimination ******.

Remove ******** ***** *** ********* *******

*********** *** ******* *** Dahua *** *********, *** bill ******** * ********* to '*****-***' *** '*********' the *** ** ******** equipment:

*******, ***** *** ********* equipment ** * ******** minority ** ** ********** video ************ *** ***** is * ***-******* ****** deployed **** ***** ** a **** *** ****** integrators *** ***** ***** surveillance *************.

[***************]

Impact *******

*** ****** ** ******* being ****. ********* *** '********' / ******* ***** USA ************ *** ** *** ASIS *** ****, ****** ******* ********* and********** ***** ******** ***** *** ***** bill *** ****** ** May. ****, *****'* **** ** ******** business *** *******.

White ***** / *** ******** *** ** ***** ****

*** ******** ***** ******* of *** **** *** a ****** **** ********* 'white ***** **********' *** products '*** ******* ******** to * *********'. *** final **** **** *** have **** *******. ** ****** the *********** **** ***** allow ***** ** ********* to ******** ** **** to *** ** ********** simply ** ********, *.*., the *********, **** ** UTC ****** (******** **** *********** ****).

*******, *** **** ******* to ********* '********' ** ***** ** Hikvision ** **** ** their '**********' ** **** **, e.g., ********* **** ***** label ** ********* ******** ** Dahua ** *********, ** would, *********, ** ***** to ***** **** *** ban **** *** ***** to *****, ** *** equipment ***** ***** ** 'produced' ** ***** ** Hikvision *** **** ** their '*********'.

Vote / ****

Comments (47)

I'm beginning to wonder if Congress has seen a credible threat to infrastructure security. I'm not referring to the typical "cold war" mentality we see from not wanting to do business with the Chinese because they're the Chinese. But because the government has seen code or other hard evidence that something nefarious is going on within Hikvision cameras. 

They have several creditable threats known and documented. I can assure you.

Are there practical examples of the Chinese government using these vulnerabilities?

This Facebook commenter has an interesting marketing strategy to sell Dahua and Hikvision:

What being sold through GSA?

I'll presume that even though Kenny is half joking he's also correct with his statement that the lionshare of Hikvision and Dahua sales won't be directly affected by this correct?  The bigger questions are will Integrators/dealers make a change by replacing them with others?  Will this knowledge trickle down to the end user?  Will they care?  

Also, does this make room for another / others to increase their share if they position themselves correctly?

Look forward to your thoughts!

Gerald Spradlin (G4 Technology)
End users simply aren't aware and most resellers and installation companies are not informing potential customers/victims when they market Dahua and Hikvision.

I'll say this...
end users do CARE when they are made aware. I frequent a local franchise here in Cincinnati Ohio and on a recent visit noticed brand new Hikvision IP cameras had been installed. I contacted management, sent appropriate links, and literally the very next day the franchise concealed the Hikvision logo. 

I realize the humor there but on a subsequent visit, the cameras were removed and replaced. If enough industry insiders alert end users, franchisees, corporations of the recent government ban, and send appropriate links for the former Mirai and other serious issues with Dahua and Hik, NO INSTALLER would risk their reputation installing those two brands.

If decision makers are in this for a long term business success story, they simply have no choice but to stop buying Dahua and Hik. For those that roll their eyes? If the issue is NOT an issue, then advertise the government ban exists instead of concealing it and see how your sales revenue performs. Your customers are going to become aware sooner or later, you might as well take the plunge before its too late.

Thanks Gerald for your thoughts to my questions!

Struggle with this consistently, you would believe that if educated no integrator would risk their reputation installing "those brands" and you would also believe that no end user would risk allowing these to be installed but it happens constantly.

The vertical market we are seeing this in most is mixed-use residential facilities.  Where the bottom line is key, value is "engineered" out and decisions are made by architectural firms that don't care because they can ultimately walk away in the end.

In fact in the past we posted on Linkedin RE: HIKVision and always receive push back responses from some of our local regional competitors angry with us "confusing" the market.  We just shake our heads.  What else can you do?

Another Facebook commenter: here is spam king Longse finding the bright side of the bill for Dahua and Hikvision:

Am I crazy or is it inevitable that Longse will start a new spam campaign marketing themselves as the 'safe' alternative to Dahua and Hikvision?

Hard to see how this does not imact OEMs, particularly given change in bill language you report.

It BETTER affect OEMs... so many people hiding a Hik/DH unit behind their own brand/logo, and the customer has no idea. Some even claim they're American... the audacity!

Too true! I have had reps from both LTS and IC Realtime try this stunt and it infuriates me. I harshly correct them and even then still they persist for a little bit until I tell them with finality that they are either intentionally lying to me or are too ignorant to know the truth.

Most recently had this experience with LTS, a new rep named Michael called me last week. Told him straight up “I will not use Hikvision” his response “We have our own brand tool” too which I said “Yes, rebranded/private labeled Hikvision” and he has the audacity to reply “No it is our brand, not Hikvision” had to tell him firmly that their brand is OEM Hikvision cameras with LTS logos on them... at which point he said “Okay, bye”

Which is exactly why I refuse to purchase the Ella product from IC Realtime, even though they have way more marketing and branding than Camio... I cannot partner with a company that is constantly spreading falsehoods. I told Carter Maslan about the experience I had dealing with IC when researching Ella (besides claiming the Dahua OEMs are their own camera designs, they also claimed Camio does not work with security cameras only web cams and cell phones LOL).

David, this is how I imagine the LTS sales script works:

Does customer want Hikvision products?

- No: Tell them we have our own brand

- Yes: Them them we have the exact same product as Hikvision but lower cost.

Yeah that wouldn’t surprise me. I can only imagine the sales training they did after the bill passed last week.

”So I am sure many of you heard about Congress passing the bill banning Hikvision and Dahua...”

Room full of blank stares.

”In case anyone asks about it, just remind them that we also manufacture our own line of LTS cameras that are exempt from the ban.”

One hand goes up, “But aren’t our cameras manufactured by Hikvision?”

”You’re fired. Any other questions?”

e.g., Honeywell puts their label on equipment produced by Dahua or Hikvision

But they don't just relabel the products, they heavily customize the firmware to make it their own. (/SARCASM).

You joke but that could be their defense. It's almost always nonsense, e.g., here is how ADI customized changed colors from Hikvision's firmware:

Maybe they will try that technique but it is a risky one. Note to OEMs reading this, if that is your approach, we will plan to call it out.

I'm really intrigued by the Disagree vote on this one. Does someone actually think that Honeywell is doing anything significant with their firmware? Or maybe you just missed the /SARCASM tag?

I hope no one actually, truly, thinks that Honeywell is doing anything significant with their firmware --- But to maintain a large Honeywell customer on Honeywell cameras, we have seen integrators say almost anything. 

we have seen integrators say almost anything.

This is where 'ignorance is bliss' and plausible deniability come in. When you see things like that (and here is an example just this week - "IVPM Is A Self Proclaimed Garbage Heap"), typically it's because they don't know, are unwilling to spend even a little time verifying themselves and happy to take the word of manufacturer salespeople to further their own sales.

I have seen it played both ways by unethical integrators. There are the ones who deny deny deny, and there are the ones who over exaggerate. I literally had a client (HoA) who was told by another bidder that “Dahua and Hikvision are now illegal”. Mind you this was a couple weeks ago when the defense bill first passed through congress.

I explained to the client that the cameras are not contraband, just that due to legimate cybersecurity concerns can no longer be used in Federal buildings, which I feel is a good thing.

This is a for a standalone system, local recording only, and there is an option I presented for Axis that is 20% more and slightly lower resolution.

Oh the competitor also said that they had to have Cat6 because Cat5e is not good enough for his 4MP cameras...??? So I educated the client a bit about cabling and bandwidth. At the end of the day with little surprise I found out the other bidder is over 3 times our bid (over 40K compared to our 12-15K bid for 11 cameras and 2 recorders).

Seems to be more of an effort aligned with the Trump "Trade War" than actual protection of US government facilities. These companies sell OEM version of the camera that run their standard FW with a bit of rebranding dress-up in the GUI but essentially no different that a standard Hik or Dauha camera. Are these OEM products also banned? Seems narrow and short sighted only aimed at the big Chinese brands to make a political statement rather than protect infrastructure critical to national security. Don't get me wrong, I like the bill but it could have gone further if the true goal was to protect the country.

Are these OEM products also banned?

While the bill does not mention 'OEM' or 'white label' by name, it is a reasonable interpretation to believe they are covered.

As we noted in the post:

The bill applies to equipment 'produced' by Dahua or Hikvision as well as their 'affiliates' so even if, e.g., Honeywell puts their label on equipment produced by Dahua or Hikvision, it would, minimally, be risky to claim that the ban does not apply to those, as the equipment would still be 'produced' by Dahua or Hikvision and sold by their 'affiliate'.

The wording in the bill infers that these products are a security risk but I don’t see wording that really describes what the security risk is exactly.  Perhaps the Bill doesn’t need to explain that but I don’t want to assume. 

If someone really knows what drove this could they let me/us know? 

To be clear – I am asking about what the bill sponsors learned about specifically that got them to add Hikvision and Dahua? 

I know about all the issues related to these two manufacturers, so I don’t need someone to say that was it, unless that is the real answer, i.e. that someone in the industry got the ear of the bill sponsors etc.

OR, do we know that someone within the federal government literally brought these two manufacturers to our law makers attention because of specific incidences that were egregious that went above other typical Chinese manufacturers.

OR, are we saying this is only a political move, as some have suggested this is just part of the China tariff war that is ongoing and growing.

Would be great to know so that we can take advantage of this information and use it to inform our customers more effectively.

If someone really knows what drove this could they let me/us know?

Greg, the amendment was sponsored by Congresswoman Vicki Hartzler, whose district includes Fort Leonard Wood, a base that was using Hikvision cameras and was called out by the WSJ last year.

What happened that it survived reconciliation and Hikvison spending $140,000 over the last few months to defeat it, has not been disclosed.

Getting put on the GSA Schedule using a loophole and submitting the software for DIACAP might also have been an issue HIK on GSA

Referring to the physical security surveillance of critical infrastructure, does this ban extend to the projects funded by the Government only, or by the commercial entities as well that own critical infrastructure like utilities and chemical plants?

 

 

Good question, #4.

There is a section in the bill that says agencies may not fund nor provide grants to covered products, e.g., Dahua and Hikvision:

Would this be banned?

Asking for a friend, (J.D.) ;)

... so hypothetically what if you have been installing these cameras on military bases for the last few years?  Asking for a friend.

Stock update: Both Dahua and Hikvision stocks have been hurt by recent US government actions, Dahua more so.

Dahua was down 6% overnight and is now almost down 50% from its peak earlier this year:

Hikvision was down ~4% overnight and is down ~28% from its peak earlier this year but still higher priced than it was a year ago ($31.91 now vs $28.01 a year ago):

Both are still richly priced relative to Western video surveillance manufacturers.

Both Dahua and Hikvision stocks were down 5.89% today / overnight, adding to the previous day's fall.

Maken Willie IPVM famous. 

Still waiting on similar announcements from:

 

We might be waiting a while...

Do you think this will spark any innovation on the camera side of things?  With +100 plus companies OEMing them with basically the same cameras and different firmware which are going to have to look at other options I would think we might see some new camera innovation out of this.  yes/no?

 

NOTICE: This comment has been moved to its own discussion: Do You Think The US Government Ban Will Spark Any Innovation On The Camera Side Of Things?

Looks like that HikVision Source Code Transparency Center only for government agencies just became a white elephant... 

So if this is really a security issue, and given the modular nature of camera components, and the overall Chinese manufacturing base, then how can other Chinese manufacturers be overlooked? 

And then let's take this a step further.  What are the requirements for a US company to manufacture there? 

While focusing on market leaders might be efficient on getting to the most Chinese camera/lenses/lighting/storage/etc. units it still leaves a lot of thing still open. 

Does beg the question: Does GSA say no Chinese made IT products period?

 

Does beg the question: Does GSA say no Chinese made IT products period?

No Chinese made products are allowed on the GSA. This is covered here - Hikvision Removed From US GSA Sales

then how can other Chinese manufacturers be overlooked?

In practice, 99% of Chinese manufacturer video surveillance that might be used by the US government is from Dahua and Hikvision. Part of it is simply that they dominate the Chinese domestic market and, related to that, have the money to market heavily overseas.

Thanks John, so maybe a new thread but what about other physical security products made in China?

Sure, you can start it in the discussion group or I can create it for you (title? "Should the US government ban all Chinese manufacturers for US government use?" or?)

"Where are the boundaries with the GSA banning Chinese products?" Would be my phrasing.

The boundaries of the GSA banning Chinese products is clear. There are no exceptions on the GSA for products made in China (that's well-established law, i.e., the PRC is not a TAA designated country).

Now, GSA is a subset of government purchasing. Products not from TAA designated countries can still be bought just not on a GSA contract.

Sal, can you clarify? Does that make sense?

Thanks John, appreciate you confirming this.  It pretty much has always been the case for infosec and physical access, so I guess this is a lot about closing a gap that should not have gotten by in the first place.  The GSA Approved Products List for physical security has, as you point out, pretty clear provisions on source of manufacture, it seems that these are example of (video surveillance) security systems skirting rules already in place for things like PACS basically due to the absence of domestic (or trading partner country) approved sources.

going main stream

see youtube link

 

Read this IPVM report for free.

This article is part of IPVM's 6,435 reports, 865 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

White House Proposes Blacklist of Dahua, Hikvision Users on Feb 04, 2020
The White House is proposing to blacklist Hikvision and Dahua users from...
NDAA Blacklist Delay Amendment Fails on Jul 24, 2020
The Blacklist Clause, which bans Hikvision/Dahua/Huawei users from doing...
Bosch Dropping Dahua on Feb 13, 2020
Bosch has confirmed to IPVM that it is in the process of dropping Dahua, over...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
Axis Discontinues Companion Hardware, Fully NDAA Compliant on Feb 03, 2020
Axis will be fully NDAA compliant, as the company has confirmed to IPVM it is...
Hikvision And Dahua Now Blocked From Conforming ONVIF Products on Apr 03, 2020
Dahua and Hikvision, sanctioned for human rights abuses, are now blocked from...
UK ICO Approves Unconsented Facial Recognition At Security Conferences on Feb 05, 2020
The UK's data protection agency has declined IPVM's GDPR complaint against...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
"ONVIF Has Chosen Not To Enforce Their Copyright." on Mar 11, 2020
ONVIF has taken a bold and highly unconventional approach, telling IPVM,...
Trade Groups Request NDAA Blacklist Delay Citing Coronavirus on Apr 06, 2020
Two trade groups representing government contractors have asked Congress to...
Hikvision Admits Minority Recognition, Now Claims Canceled on Jul 23, 2020
For the first time, Hikvision has directly addressed its minority recognition...
IC Realtime Moving Away From China Manufacturing on Jul 23, 2020
IC Realtime is promising "real change". The company historically has sold...
Hikvision USA Refuses [Now In], Dahua USA Drives Forward With "Coronavirus Cameras" on Apr 07, 2020
Both have been federally banned, both sanctioned for human rights abuses but...

Recent Reports

SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Exposing Fever Tablet Suppliers and 40+ Relabelers on Aug 05, 2020
IPVM has found 40+ USA and EU companies relabeling fever tablets designed,...
Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 200 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...