Hello, this is Hamamoto from TIMEWELL. Today I want to introduce some tech-related developments.
The smart TV sitting in your living room right now. From the moment you turn it on, there is a possibility that it is recording everything displayed on the screen and transmitting that data to external parties. And the destination of that transmission may be somewhere within reach of the Chinese government.
In December 2025, Texas sued five smart TV manufacturers — Samsung, Sony, LG, Hisense, and TCL — simultaneously. The grounds: "illegally spying on Texans." Then in February 2026, the scope of lawsuits expanded to include TP-Link, the dominant Wi-Fi router maker, along with a drone manufacturer, a baby monitor company, and an e-commerce app maker, dragging ten companies with Chinese ties into court in just a few months.
This is not a conspiracy theory. The Texas Attorney General filed official complaints, courts issued restraining orders on data collection, and the federal government was considering banning the products from sale — that is how far things have progressed. When I first saw this news, I thought "surely that's an overreaction." But the more I researched, the heavier the accumulation of facts became.
Drawing on information made public by the U.S. side, I want to lay out what is happening right now.
The Extraordinary Situation of Five Companies Sued in One Week
On Monday, February 17, 2026, Texas Attorney General Ken Paxton sued TP-Link, the dominant Wi-Fi router maker [1]. The next day, drone maker Anzu Robotics; on Wednesday, baby monitor company Lorex; Thursday, e-commerce giant Temu; Friday, Shein. Five companies in five business days. And the industries were completely different — the only thing they had in common was "ties to the Chinese Communist Party" [2].
Paxton said this at a press conference:
"This week, our office is initiating a coordinated series of actions against companies aligned with the CCP. We do so to send a clear message that Texas and America will always come first." [1]
While taking the form of a consumer protection lawsuit, this is essentially a declaration of national security war. The argument is not that individual products are defective — it is that "the very fact that companies connected to China are entering American homes is a threat."
What deserves attention here is that Paxton had been investigating TP-Link since October 2025 [1]. Furthermore, Texas Governor Greg Abbott updated the state's prohibited technology list to remove TP-Link products from devices used by state employees. In other words, these lawsuits were not a spontaneous performance — they were a carefully planned offensive launched after months of preparation.
How to solve export compliance challenges?
Learn about TRAFEED (formerly ZEROCK ExCHECK) features and implementation benefits in our materials.
TP-Link Routers Called "Weapons of Modern Warfare"
The most shocking of the five cases was the substance of the TP-Link lawsuit. The complaint describes TP-Link Wi-Fi routers as "weapons of modern warfare" [2].
A router is the gateway to a home network. Banking credentials, work emails, medical records, communications from a child's school. Every piece of data in the house passes through the router. If a foreign adversary can control that gateway, this is not a matter of product vulnerabilities in the ordinary sense.
Texas raised two main concerns.
The first was the concealment of origin. TP-Link labeled its products "Made in Vietnam," but sourced nearly all components from China and had its core business operations inside China [2]. Texas's argument is that merely assembling the final product in Vietnam makes it essentially a Chinese product in substance.
Why is being "made in China" such a serious problem? The key is China's National Intelligence Law, enacted in 2017. Article 7 reads:
Any organization or citizen shall support, assist, and cooperate with state intelligence activities in accordance with the law, and shall maintain the secrecy of state intelligence activities known to them [3]
In other words, Chinese companies cannot refuse if the government says "hand over the data." That is what the law requires. Given that TP-Link's supply chain and business operations are rooted in China, it is understandable that it would be considered within the scope of that law.
The second was the fact that TP-Link products had actually been used in state-sponsored cyberattacks. In October 2024, Microsoft disclosed that the Chinese state-sponsored hacker group "Storm-0940" had been operating a botnet called "Quad7" consisting of compromised TP-Link routers [4]. This botnet was used as a launchpad for password spray attacks — attacks that systematically try commonly used passwords against large numbers of accounts — targeting services such as Microsoft 365.
The specific method worked like this. Hackers first exploited vulnerabilities in TP-Link routers to enable remote control. They then used those routers as "relay points" to attempt passwords against target Microsoft 365 accounts. Because the attack originated from ordinary home routers, the target company's security systems had difficulty distinguishing it from normal traffic. Moreover, by attempting only a few logins per account per day, the attack was also designed to avoid brute-force detection [4].
CISA, the U.S. Cybersecurity and Infrastructure Security Agency, has added at least six TP-Link product vulnerabilities to its "Known Exploited Vulnerabilities Catalog" [5]. Not "vulnerabilities were found" — "vulnerabilities that were actually exploited in attacks." That is what makes this so serious.
TP-Link has denied the allegations, stating that it is "an independent company headquartered in Singapore, and not under the jurisdiction of the Chinese government" [18]. But Texas has not backed down from its position that the focus should be on the actual supply chain and business operations, not the registered legal domicile.
The Day Smart TVs Become "Surveillance Cameras"
Two months before the TP-Link lawsuit, in December 2025, litigation over smart TVs also emerged. Attorney General Paxton sued five companies: Sony, Samsung, LG, Hisense, and TCL [6].
The technology at issue was something called "ACR" — Automatic Content Recognition. It is a system that recognizes in real time what is being displayed on the TV screen and collects that as viewing data, reportedly capable of capturing not only live broadcasts and streaming content but also the screens of game consoles and Blu-ray players connected via HDMI.
The manufacturers explain that it is "used for personalizing advertisements and recommending programs," but Texas sees it differently. Without giving consumers any proper explanation, these companies are recording everything people watch in their living rooms and selling that data. According to the Texas complaint, ACR ships with the feature enabled by default, and unless a user consciously turns it off, the TV continuously collects data for as long as it is on [6].
The Chinese companies Hisense and TCL were singled out as particularly problematic. Given the existence of the National Intelligence Law, the risk that viewing data collected by these companies could reach the Chinese government cannot be denied. Texas won a court order temporarily restraining Hisense from collecting ACR data within the state [7]. A similar order was also issued against Samsung [8].
As an aside, after reading this news I opened the settings screen on my home television. Sure enough, ACR-related settings were on by default. Many people are probably in the same situation. If you have a memory of skimming through a long terms-of-service agreement when you bought your TV, I recommend checking your settings once.
On the drone and baby monitor front: Anzu Robotics' drone was described in the complaint as "a 21st-century Trojan horse that is simply a green repaint of DJI's Mavic 3" [2]. DJI is a drone manufacturer designated by the U.S. Department of Defense as a "Chinese military company," and restrictions on its sale within the U.S. are under discussion. Texas's claim is that Anzu Robotics was selling a rebranded version as "an American company's product." Lorex's baby monitors were found to contain components from an organization also designated as a Chinese military company [2]. A camera filming a sleeping child with military company components inside. It sounds like a joke, but it is a fact stated in the complaint.
| Company Sued | Product | Texas's Claim |
|---|---|---|
| TP-Link | Wi-Fi routers | Concealed Chinese ties. Has a documented track record of being exploited as a botnet relay point |
| Hisense, TCL | Smart TVs | Unauthorized collection of viewing data via ACR technology. Risk of data disclosure to Chinese government under National Intelligence Law |
| Anzu Robotics | Drones | Rebranded DJI products. Risk of collecting geospatial information and video footage |
| Lorex | Baby monitors | Use of components from an organization designated as a Chinese military company |
| Temu, Shein | E-commerce apps | Spyware-like data collection. Large-scale acquisition of personal and financial information |
Hacker Groups Named "Typhoon" Are Hollowing Out America
Behind Texas's aggressive action lies already-ongoing, serious cyberattacks. "Salt Typhoon" and "Volt Typhoon." Both are hacker groups believed to have China's Ministry of State Security behind them, and both are shaking America to its foundations.
Salt Typhoon came to light in September 2024. It was revealed that the group had been inside the networks of nine major U.S. telecommunications carriers — including AT&T, Verizon, and T-Mobile — for at least one to two years [9].
Their methods were sophisticated. They penetrated the core of the telecommunications network and even accessed CALEA — the system used by law enforcement to conduct legal wiretaps based on court orders [10]. CALEA is the system that carriers are required to install to enable legally authorized communications intercepts at law enforcement's request. In short, Chinese hackers were using the very "backdoor" that the government created for criminal investigations to conduct their own surveillance.
Call metadata for over one million users, primarily in the Washington D.C. metropolitan area, was stolen — call times and dates, originating and destination phone numbers, IP addresses. Reports suggest that then-presidential candidate Donald Trump and vice-presidential candidate JD Vance may have also been among those wiretapped [11]. During a presidential election, the communications of candidates may have been completely exposed to a foreign intelligence agency. The weight of that possibility is incalculable.
As of August 2025, the FBI announced that Salt Typhoon had infiltrated over 200 organizations across more than 80 countries [12]. The damage is not confined to the United States.
If Salt Typhoon is about "eavesdropping," Volt Typhoon's purpose is far more ominous: preparation for destruction.
Volt Typhoon has infiltrated critical American infrastructure — the power grid, water systems, and telecommunications networks — and has been lying dormant there for extended periods [13]. Its purpose is analyzed as being able to paralyze infrastructure to disrupt U.S. military mobilization and logistics if tensions between the U.S. and China escalate into military conflict over Taiwan or a similar contingency. Infrastructure around U.S. military bases, particularly in Guam, has been heavily targeted.
Their technique is called "living off the land" — rather than using specialized malware, they exploit legitimate management tools already built into the system, making detection extremely difficult. By using standard tools present on any Windows machine, such as PowerShell and WMI, to move laterally, what appears in logs is indistinguishable from normal administrative work. In September 2024, the FBI announced it had neutralized one of the associated botnets [14], but that was only the tip of the iceberg.
In February 2026, cybersecurity firm Dragos issued a shocking warning in its annual report. Volt Typhoon continued its activities throughout 2025 and is still embedded in U.S. infrastructure. The company's CEO, Rob Lee, stated:
"They are very active. They are embedded in our infrastructure and continue to keep themselves aware of the situation." "Some of the compromised positions that exist in US and NATO countries, we will never find." [15]
"We will never find." How should we receive the gravity of a situation where a security expert says this so definitively?
| Hacker Group | Purpose | Primary Targets | Methods and Impact |
|---|---|---|---|
| Salt Typhoon | Intelligence gathering and espionage | Telecommunications carriers, government officials | Exploited legal wiretap systems to steal call records and content |
| Volt Typhoon | Preparing for destruction in a contingency | Power, water, telecommunications infrastructure | Long-term dormancy using legitimate tools. Ready to paralyze infrastructure in a crisis |
This is why Texas is on edge about home routers and televisions. Even if each device is small, if they are bundled together into a botnet, they can become a foothold for state-sponsored attacks like Volt Typhoon. Infiltrating homes can be the first step toward infiltrating national infrastructure.
The Federal Government Couldn't Move. Texas Didn't Wait.
Despite these threats becoming clear, the U.S. response as a whole has not been unified.
In the second half of 2025, following Microsoft's exposure of the Quad7 botnet, the Department of Commerce, the Department of Defense, and the Department of Justice each launched separate investigations into TP-Link. A federal sales ban seemed like only a matter of time [16]. TP-Link's U.S. market share was reported at approximately 65% by the Wall Street Journal [17], or 36.6% according to TP-Link itself [18]. Either way, it is a product of overwhelming presence that dominates the top results when you search "Wi-Fi router" on Amazon. Banning it would be drastic medicine, but the threat was recognized as sufficiently serious to warrant it.
But on February 12, 2026, the situation shifted. Reports emerged that the Trump administration had shelved the proposed TP-Link ban ahead of a summit meeting with Chinese President Xi Jinping [16]. The interpretation is that while security concerns were acknowledged, diplomatic considerations aimed at avoiding a full confrontation with China and gaining advantage in trade negotiations took precedence.
Honestly, this decision leaves me with mixed feelings. Balancing national security and diplomacy is genuinely difficult. But whether "shelving" was the appropriate choice while Salt Typhoon and Volt Typhoon continue to operate — that is a question that deserves scrutiny. At minimum, it should be clear that the federal government did not conclude "there is no problem." It is simply a matter of timing, using this as a diplomatic card.
Texas did not wait. Just five days after the federal government's shelving decision, on February 17, Attorney General Paxton filed his lawsuit against TP-Link [1]. Without waiting for the federal government's judgment, he launched his own fight using the Texas Deceptive Trade Practices Act — DTPA — under state law.
The DTPA is a law protecting consumers from unfair business practices, and it can impose fines of up to $250,000 per violation [19]. Texas has a track record of extracting massive settlements from Meta and Google. By framing national security threats as "deceptive acts against consumers," Texas has opened a path to pursuing China-linked companies through a separate channel from the federal government.
This dynamic is fascinating. National security is in principle a federal prerogative. Yet when the federal government cannot act, a state is pursuing the same objective through a different tool — consumer protection law. It is a rare and vivid example of American federalism's dynamism playing out in the security context. And there is every possibility this movement will spread to other states. If states follow Texas's lead, the federal government will eventually have no choice but to act.
Not Someone Else's Problem. What Japanese Companies Need to Think About Now
After reading this far, some may think: "But that's an American story." However, TP-Link routers are sold in Japan as a matter of course. Hisense televisions are popular for their cost performance. Temu and Shein apps are growing their download numbers in Japan too. The products that Texas has raised concerns about have already entered our daily lives.
There are things individuals can do. Reconsider your router's manufacturer. Turn off the ACR settings on your smart TV. Before buying an inexpensive smart device, check the manufacturer's background. Unglamorous as it is, these habits are the first step in protecting your privacy.
But the more urgent concern is action at the corporate level. For companies with overseas transactions and research institutions handling sensitive technology, managing the risks lurking in supply chains has become an issue that directly affects business continuity.
Your counterparty turned out to be a subsidiary of an organization on a sanctions list. Your joint research partner was connected to a group with military diversion risk. Checking these risks manually is too complex and the information updates too quickly. As revealed in the Texas lawsuits, situations where a product labeled "Made in Vietnam" is in substance a Chinese product do actually exist. We have entered an era where surface-level information alone is insufficient for judgment.
TRAFEED (formerly ZEROCK ExCHECK), the AI agent we at TIMEWELL provide, is designed precisely for this challenge. It automates background checks in security-related export management using AI, instantly cross-referencing counterparty information against METI regulatory lists and sanctions lists from around the world. Concern-level assessment takes just five seconds. Moreover, the AI presents the reasoning behind each determination along with the supporting sources, enabling the person responsible to reach a final judgment quickly.
We also have coverage for the U.S. EAR Affiliate Rule, which comes into full effect in November 2026. This new rule means that subsidiaries 50% or more owned by sanctioned entities also become subject to regulation, requiring deep tracking of counterparties' ownership relationships. TRAFEED also automates analysis of these complex relationships, preventing Japanese companies from unintentionally violating regulations.
The reality Texas has made clear is straightforward: the battlefield of national security is not only beyond national borders. It already exists within corporate supply chains and within home routers. Conventional manual checks cannot keep pace with this speed and complexity.
And to protect internal information assets from these security threats, it is also necessary to reconsider how internal data is managed and searched in the first place. Knowledge management using ZEROCK's GraphRAG technology structures information dispersed throughout an organization and makes visible "which information is connected to whom, and how." The ability of AI to understand context and handle information in an integrated way matters greatly when grasping the complex relationships within a supply chain.
References
[1] Texas Attorney General. (2026, February 17). Attorney General Paxton Sues TP Link for Allowing the CCP to Access Americans' Devices. https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-sues-tp-link-allowing-ccp-access-americans-devices-first-several-lawsuits
[2] Texas Policy Research. (2026, February 20). Texas Files Four Major Lawsuits Against CCP-Linked Companies. https://www.texaspolicyresearch.com/texas-files-four-major-lawsuits-against-ccp-linked-companies/
[3] China Law Translate. (2017). PRC National Intelligence Law. https://www.chinalawtranslate.com/en/national-intelligence-law-of-the-p-r-c-2017/
[4] Microsoft Security. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
[5] CISA. Known Exploited Vulnerabilities Catalog. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
[6] Texas Attorney General. (2025, December 15). Attorney General Paxton Sues Five Major TV Companies, Including Some with Ties to the CCP, for Spying on Texans. https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-sues-five-major-tv-companies-including-some-ties-ccp-spying-texans
[7] Texas Attorney General. (2025, December 17). Attorney General Ken Paxton Secures Court Order Stopping CCP-Aligned Smart TV Company from Spying on Texans. https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-secures-court-order-stopping-ccp-aligned-smart-tv-company-spying-texans
[8] Texas Attorney General. (2026, January 6). Attorney General Ken Paxton Secures Major Win, Stopping Samsung from Using Its Smart TVs to Illegally Spy. https://www.texasattorneygeneral.gov/news/releases/attorney-general-ken-paxton-secures-major-win-stopping-samsung-using-its-smart-tvs-illegally-spy
[9] Wikipedia. Salt Typhoon. https://en.wikipedia.org/wiki/Salt_Typhoon
[10] The Wall Street Journal. (2024, October 5). U.S. Wiretap Systems Targeted in China-Linked Hack. https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b
[11] Wikipedia. Salt Typhoon. https://en.wikipedia.org/wiki/Salt_Typhoon
[12] Nextgov. (2025, August 27). Salt Typhoon hackers targeted over 80 countries, FBI says. https://www.nextgov.com/cybersecurity/2025/08/salt-typhoon-hackers-targeted-over-80-countries-fbi-says/407719/
[13] CISA. (2023, May 24). PRC State-Sponsored Actor, Volt Typhoon, Compromises U.S. Critical Infrastructure. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
[14] FBI. (2024, September 18). FBI Director Announces Chinese Botnet Disruption at Aspen Cyber Summit. https://www.fbi.gov/news/stories/fbi-director-announces-chinese-botnet-disruption-exposes-flax-typhoon-hacker-group-s-true-identity-at-aspen-cyber-summit
[15] The Record. (2026, February 19). Researchers warn Volt Typhoon still embedded in US utilities. https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure
[16] 9to5Mac. (2026, February 18). Federal ban on TP-Link routers shelved, but Texas fights on. https://9to5mac.com/2026/02/18/federal-ban-on-tp-link-routers-shelved-but-texas-fights-on/
[17] The Wall Street Journal. (2024, December 18). U.S. Weighs Ban on Chinese-Made TP-Link Router in Homes. https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6
[18] TP-Link. (2025, March 5). TP-Link Systems Inc. Sets the Record Straight Regarding Inaccurate U.S. Market Share Data. https://www.tp-link.com/us/press/news/21656/
[19] IAPP. (2026, January 26). Automated content recognition technology takes privacy enforcement spotlight. https://iapp.org/news/a/automated-content-recognition-technology-takes-privacy-enforcement-spotlight