If only certain aspects of other states were more like certain aspects of Texas. For example, the willingness of the Texas government to combat threats from the People’s Republic of China.
Even as the federal government is unaccountably lowering its guard against suspect tech like TP-Link, Texas Attorney General Ken Paxton is suing the company, “alleging it allows China to hack into routers” (The Record, February 18, 2026).
Paxton alleges that TP-Link deceptively markets its products as protective of privacy and security when in reality they have been used by Chinese state-sponsored hacking groups to mount cyberattacks against the U.S.
His office cited a May 2023 report from Check Point Research, which alleged that Camaro Dragon hacking campaigns were enabled by TP-Link firmware vulnerabilities. Camaro Dragon is a Chinese state-sponsored hacking entity.
Because many of TP-Link’s parts are imported from China, the manufacturer is bound by that government’s national data laws, which require Chinese companies to support the country’s intelligence services by “divulging Americans’ data,” a Paxton press release said.
“With nearly all of its products’ parts imported from China, TP Link’s deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just illegal — it is also a national security threat that enables the secret surveillance and exploitation of Texas consumers,” the press release said.
A spokesperson for TP-Link said in a statement that the lawsuit is “without merit and will be proven false.”
Security expert Nakul Goenka says that he is “hard-pressed to see any scenario [where] any order by a Texas court would be respected in China.” The words seem to suggest that Paxton’s lawsuit, which aims to compel TP-Link to stop “hiding vulnerabilities” behind deceptive trade practices, will have little impact even if it succeeds.
Meanwhile, the governor’s office has been going after TP-Link on another front, prohibiting the use of TP-Link “on state-owned devices and networks.” Maybe every little bit helps. And maybe there are still other ways to impede or block TP-Link within the state.
Also, if enough states follow the lead of Texas—say, 49—maybe it won’t matter as much whether the Commerce Department and the White House keep dragging their heels when it comes to these threats.
But it will matter. Fortunately, alarms have been raised at the federal level as well. Just recently, Anny Vu of the Rubio-created Bureau of Emerging Threats told attendees at the Munich Cyber Security Conference that “we really need to move beyond reactive defense and set the risk calculus of adversaries in cyber space. To do that, we have to be proactive about disrupting adversaries by imposing real costs and consequences [on] malicious actors.”
Set the risk calculus? Well, whatever it takes.
Also see:
Industrial Cyber: “US lawmakers push to ban TP-Link over national security risks, surveillance concerns” (May 16, 2025)
