Senator Warren Says Key FCC Cybersecurity Advisory Council Panders to Industry
Credit to Author: Karl Bode| Date: Tue, 02 Jul 2019 12:18:22 +0000
Two lawmakers say a key panel designed to advise the FCC on cybersecurity and network reliability issues has long been dominated by industry insiders, skewing agency policy, harming consumers, and weakening overall network security.
In a letter sent this week to the FCC, Senator Elizabeth Warren and Rep. Pramila Jayapal accused the agency of turning a blind eye to the industry-heavy makeup of the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC), which advises Pai on everything from telecom network security threats to disaster recovery.
First constructed in 1992, the panel’s charter says it’s supposed to be comprised of a diverse makeup of individuals pulled from government, consumer advocacy groups, academia, tribal areas, and other sources in order to “balance the expertise and viewpoints that are necessary to effectively address the issues to be considered.”
But a recent study by the Project for Government Oversight (POGO) found that most assuredly wasn’t the case. The report found that of the council’s 22 current members, 13 were from the private sector, two were associated with industry lobbying and trade groups, six were from government agencies, and only one member represented the public interest.
“The agency is hampered by a lack of leadership on cybersecurity issues and a dearth of in-house technical expertise that all too often leaves it relying on security advice from the very companies it’s supposed to oversee,” the report noted.
For example, security flaws in Signaling System no. 7 (SS7), a protocol used by telecom companies to coordinate how they route texts and calls around the world, have long been exploited by intelligence agencies and criminals looking to spy on, or rob, wireless subscribers.
But the POGO report notes that instead of imposing tough guidelines to protect networks and prod carriers to action, the FCC proposed toothless and voluntary guidelines preferred by industry. The FCC has similarly refused to hold carriers accountable for everything from post hurricane recovery failures to the sector’s ongoing location data scandals.
“Having the FCC’s policy-making process rely on input from individuals employed by, or affiliated with, the corporations that it is tasked with overseeing is the very definition of regulatory capture,” Warren and Jayapal wrote. “The FCC should be working on behalf of American consumers, not giant telecommunications companies.”
The lawmakers urged Pai to provide a detailed explanation of how his agency selects council representatives, as well as access to “any communication related to CSRIC membership between you or any FCC employee” by July 12.
Matt Wood, general counsel of consumer group Free Press, told Motherboard that it only makes sense that industry should have a heavy representation on such panels, since they’re the ones usually implementing the security, reliability, and interoperability solutions. But too heavy of a representation results in policies that can harm overall security and the broader public, he said.
“The question isn’t whether industry reps should be here, but who else ought to be there with them,” Wood said.
The FCC did not respond to a Motherboard request for comment.
While the POGO investigation notes that CSRIC’s unbalanced makeup was also a problem under previous FCC leadership, Gigi Sohn, a lawyer and advisor for the Tom Wheeler FCC, told Motherboard that Wheeler’s staff at least tried to attain equilibrium in terms of council makeup.
“While the Wheeler FCC’s advisory committees were far from perfect, we took pains to ensure balance between public interest groups and industry, Republicans and Democrats, those with a more regulatory orientation and those with a more deregulatory orientation,” Sohn said.
She noted that’s been much less common under Pai’s leadership.
For example in 2017, Pai created a different advisory panel dubbed the Broadband Deployment and Advisory, Council, or BDAC. In his announcement, Pai proclaimed that this panel would be tasked with advising the FCC on how best to expand broadband coverage and close the “digital divide.”
But the panel soon found itself rocked by accusations of corruption and cronyism. A series of high profile resignations resulted in allegations that the council was little more than a rubber stamp for industry, and hadn’t done much of anything to further its stated goal. Worse, the former head of Pai’s panel was just sentenced to five years in prison for fraud.
“The Pai FCC has been particularly egregious in picking advisory committees tilted to its own worldview—heavy on industry representation, with real consumer and public interest representation almost non-existent,” Sohn said. “It’s no secret what the Chairman wants out of his advisory committees—a rubber stamp for his scorched earth, deregulatory, anti-consumer policy agenda.”
Wood agreed, noting the problem has gotten significantly worse under Pai.
“The Pai team has unceremoniously cut back on public interest representation across the board on these kinds of committees, swapping out potential critics of its policies for more cheerleaders,” Wood said.
This article originally appeared on VICE US.