The letter highlights the widespread use of TP-Link routers, noting that the company produces a significant portion of global Wi-Fi products. As of 2023, 95% of Americans use Small Office/Home Office (SOHO) routers, making the potential impact of any security flaws significant. Notably, TP-Link routers are reportedly in use at U.S. military bases and by Department of Defense staff and their families. The letter specifically mentions organizations like the Army and Air Force Exchange Service and My Navy Exchange, which sell products to active-duty military personnel, retirees, reservists, veterans, Department of Defense civilians, and their families.

A significant concern raised in the letter is TP-Link's compliance with Chinese government regulations. The congressmen noted that companies like TP-Link are required by Chinese law to provide data to the People's Republic of China (PRC) government and comply with its national security demands. This compliance requirement potentially exposes users, including military personnel, to security risks.

The letter also references the threat posed by Chinese Advanced Persistent Threat (APT) groups, such as Volt Typhoon, emphasizing the potential for exploitation of vulnerabilities in TP-Link routers. The U.S. Commerce Department has the authority to restrict or ban products that pose a national security threat, as demonstrated by previous actions against companies like ZTE and Huawei.

While security vulnerabilities are not unique to TP-Link and have been found in products from various manufacturers, the potential risks associated with SOHO routers used by military personnel are particularly concerning. These devices, if compromised, could be exploited to access sensitive information.

The lawmakers have requested that the investigation be completed by the end of August. The outcome will determine whether any actions, including potential restrictions on TP-Link products, are warranted based on the findings of the Department of Commerce.