Wyden Law Would Give FCC Greater Power Over Telecom’s Lax Cybersecurity In Wake Of Ugly Salt Typhoon Hack
We’ve noted for decades that U.S. telecom security and privacy standards aren’t great. T-Mobile has been hacked so many times in the last five years it’s easy to lose count. AT&T not long ago had a breach impacting the data of 73 million users it initially tried to pretend hadn’t happened.
Telecoms have lobbied relentlessly to dismantle much in the way of corporate oversight, so when hacks or breaches or bad choices manifest, executives and companies alike routinely see little in the way of real, meaningful accountability. Which, of course, ensures nothing much changes.
This all came to a head recently with the Salt Typhoon hack, which involved 8 major U.S. telecom operators suffering a major intrusion by Chinese hackers. The hack, oddly getting far less attention than the TikTok moral panic did, was leveraged to help spy on U.S. political officials. It was so severe and extensive that the involved, unnamed telecoms have yet to fully remove the intruders from their networks:
“Right now, we do not believe any have fully removed the Chinese actors from these networks … so there is a risk of ongoing compromises to communications,” Anne Neuberger, deputy national security adviser, told reporters.”
This is par for the course for a country that’s literally too corrupt to pass even a baseline privacy law for the internet era, or hold telecom giants meaningfully accountable for much of anything. At best, telecoms have grown fat and comfortable with a paradigm that involves a tiny fine and wrist slap for their incompetence, assuming they get challenged over it at all.
Enter Senator Ron Wyden, who is proposing a new law that would require the FCC to take broader ownership of telecom cybersecurity.
His Secure American Communications Act would more clearly establish FCC authority to monitor telecoms for privacy and cybersecurity violations, require they conduct routine testing of their networks and systems, and contract outside independent auditors to make sure they’re doing a competent job. They’d also have to submit formal annual reviews to the FCC.
“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”
Of course the last thing AT&T, Verizon, Comcast, T-Mobile and Charter want is additional (or any) government oversight, so even if perfectly designed to minimize headaches and problems, the bill likely has zero real chance of passing a corrupt Congress.
Telecoms want to be able to exploit their regional monopolies to extract money from captive customers free from pesky government intervention. Which, as Wyden notes, is precisely how we got to this point. It’s the same reason the U.S. still doesn’t have even a basic internet-era privacy law after decades of endless scandal, fraud, hacks, and consumer data abuses. It’s corruption.
The real bummer is we’re not only going to not pass Wyden’s law, we’re going to do the exact opposite of what Wyden’s requesting. Trump’s incoming FCC boss Brendan Carr (R, AT&T) has professed to be super worried about all of this. But has not been subtle about his plan to obliterate whatever’s left of broadband consumer protection and FCC oversight of telecom.
Carr has never stood up to a telecom giant on any issue of substance during his entire seven year tenure at the FCC, and he’s not going to start now. Besides, there are more important things for him to focus on, like whining about TikTok, or using government power to threaten media companies critical of Trump, or bully tech giants away from limiting racist right wing propaganda on the internet.
At the same time, the Trump stocked Supreme Court, 5th, and 6th circuits are all in the process of neutering regulatory independence (which is why Wyden proposed this clearer law that won’t pass), and declaring FCC broadband consumer protection effectively illegal across a wide variety of subjects. That’s going to impact national security as much as it impacts consumer welfare.
The goal for corporate power was always to corrupt Congress to the point that real reforms can’t pass, then lobotomize regulatory independence and corporate oversight so they’re largely decorative. This was sold to you as some kind of good faith “rebalancing of institutional power” designed to “corral out of control regulators,” but it’s really just the ultimate manifestation of unchecked corruption.
The endless hacks and privacy scandals will join a rotating parade of problems across every industry that touches every corner of your lives, until the U.S. press and public finally realize corporate power may have taken things just a little too far with the whole “dismantling the federal regulatory state” thing. Which, with any luck, might occur by 2070… if it happens at all.