Connect with us

Privacy

Lawmakers, Prosecutors and Big Tech Companies Spar at Senate Hearing Over Unlocking Encryption

Published

on

Photo of Senate hearing by Masha Abarinova

WASHINGTON, December 11, 2019 – Lawmakers remain concerned about law enforcement’s inability to access highly encrypted devices for investigations. Tuesday’s Senate Judiciary Committee hearing questioned some representatives from big tech on the matter.

This isn’t going to be a world where social media is a haven for child abusers and other criminals, said Committee Chairman Lindsey Graham, R-S.C. Big tech can be either the problem or the solution to this dilemma, but they need to take action on encryption. Otherwise, Graham said, these companies face repercussions from Congress.

When a crime is committed, said Ranking Member Dianne Feinstein, D-Calif., it is imperative that these devices be opened. The tech industry has a responsibility to respond to law enforcement’s concerns, she said, and that determines the degree of congressional action.

Sen. Dick Durbin, D-Ill., inquired about how encrypted information is affected under the Children’s Online Privacy Protection Act. Obtaining this information is not only about deterring hackers or foreign actors, he said, but it is about the government protecting children.

Because of Section 230 of the Communications Decency Act, said Sen. Richard Blumenthal, D-Conn., big tech uniquely enjoys immunity from legal action. Sen. Sheldon Whitehouse, D-R.I., added that these companies seem to profit off encryption, yet they are unwilling to take responsibility for the negative effects they might incur.

Representatives from tech companies included Erik Neuenschwander, manager of user privacy at Apple, and Jay Sullivan, product management director for privacy and integrity at Facebook’s Messenger. They emphasized that their respective companies are actively working to ensure safety and security across devices.

Encryption is one of the most important mechanisms a nation has in order to safeguard an increasingly interconnected future, Neuenschwander said. Currently, Apple doesn’t have the ability to retrieve encrypted information off a device. However, he said, that means malicious actors also do not have access to that personal data.

Neuenschwander also added that Apple works closely with law enforcement and government agencies, receiving thousands of requests. Apple’s team has also trained law enforcement officers in the U.S. and around the world on its security processes.

Most Facebook’s methods to combat malicious actors, Sullivan said, are behavioral and based off social interaction. Facebook does not sell or share minors’ data to third parties, and Facebook does not use private messages for targeted ads or other algorithms, he said.

End-to-end encryption is the best technology available to make messages safe and secure, Sullivan continued. If the United States rolls back its support for privacy and encryption, foreign application providers will fill that vacuum to provide the privacy and security that people demand.

Tech companies have no external incentive to mandate the regulation of encrypted devices, said Prof. Matt Tait, cyber security fellow at the Lyndon B. Johnson School of Public Affairs. Encryption hinders law enforcement in three ways: device searches, which are impacted by a user passcode, traditional wiretaps, which are impacted by end-to-end communications and cyber tips, where companies can alert law enforcement of known child abuse material.

Options exist for conducting wiretaps and retaining cyber tips without altering encryption, Tait said. Only device encryption is amenable to a “front door” access mechanism.

New York City District Attorney Cyrus Vance was also on the panel, and he reiterated that law enforcement has lost functionality due to encrypted devices.

Apple and Google have engineered their phones to no longer have the capacity to be unlocked without encryption, he said. Vance said officers can only access about half of the encrypted phones that come into the DA’s office.

Encrypted material should not go beyond the law when a judge signs a search warrant, Vance said. For their own private business interests, the Fourth Amendment grants a right to not only privacy but to anonymity.

Vance emphasized that law enforcement officials having access to the cloud is not a suitable substitute for lawful access to a device. The cloud only stores data that has been saved. Moreover, a user can opt not to backup particular data to the cloud. The device itself, he said, contains the most critical evidence.

Broadband Mapping & Data

Robocalls, Rip and Replace, Pole Attachments: More Notes From the FCC Oversight Hearing

Commissioners and House lawmakers discussed key topics at a contentious hearing.

Published

on

Screenshot of commissioners at the hearing Thursday.

WASHINGTON, December 1, 2023 – All five Federal Communications Commissioners took part in a lengthy and at times contentious House oversight hearing on Thursday.

Commissioners urged Congress to restore the FCC’s authority to action spectrum, which expired in March and left the nation’s airwaves in limbo, and to fund the Affordable Connectivity Program, the low-income internet subsidy set to dry up in April of next year. 

GOP lawmakers FCC Republicans also took the chance to slam efforts by the commission’s Democratic majority.

The discussion touched on other issues including robocall prevention, rip and replace funding, and pole attachments.

Robocalls

The commission has been taking action on preventing robocalls this year, kicking off an inquiry into using artificial intelligence to detect fraud, blocking call traffic from 20 providers for lax enforcement policies and issuing hundreds of millions in fines. In August the commission also expanded the STIR/SHAKEN regime – a set of measures to confirm caller identities – to all providers who handle call traffic.

FCC Chairwoman Jessica Rosenworcel asked multiple times for three Congressional actions she said would help the commission crack down on scam calls: a new definition for “autodialer,” the ability to collect fines, and access to Bank Secrecy Act information.

The Supreme Court limited the definition of autodialers in 2021 to devices that store or produce phone numbers with random or sequential number generators. That leaves the scope of the Telephone Consumer Protection Act, which guides the FCC’s authority, “stuck in the nineties,” according to Rosenworcel.

“A lot of scam artists are using technologies no longer covered” by the act, she said. “We can’t go after them.”

On collecting robocall fines, that authority currently rests with the Department of Justice, and Rosenworcel is not the first to tell Congress the agency’s enforcement has been lax. Industry groups at an October Senate hearing cited slow DOJ action as a major reason FCC fines on the issue often go uncollected.

The Bank Secrecy Act requires financial institutions to keep records on certain transactions to help law enforcement agencies track money laundering and other criminal activity. The FCC cannot access information governed by the act, which Rosenworcel said would help the commission go after repeat scammers.

“These scam artists set up one company, we shut them down, they go and set another one up,” she said.

Rip and replace

Commissioners urged Congress to fund the rip and replace program. Congress allocated $1.9 billion to reimburse broadband companies for replacing network equipment from Chinese companies deemed to be national security threats, mainly Huawei and ZTE.

The FCC was tasked with overseeing the program and found in 2022 that another $3 billion would be needed to get the work done. The Biden administration joined a chorus of lawmakers and broadband companies in calling for Congress to fill the gap, but legislation on the issue has yet to be passed.

“We’re providing 40 cents on the dollar to a lot of small and rural carriers,” said Rosenworcel. “They need more funds to get the job done.”

The commission has been granting extensions to providers unable to get the work done on time. In addition to supply chain issues, some small providers cite a lack of funding as the reason they’re unable to replace insecure equipment.

Pole attachments

Commissioners expressed a willingness to shift some of the burden of utility pole replacements off of broadband providers as they attach new equipment.

“If a pole is getting replaced,” Commissioner Brendan Carr said, “there’s probably a role for the FCC to say that the pole owner should bear somewhere north of the cost of $0.”

The commission has authority in 26 states over most pole attachment deals between utility pole owners and telecommunications companies looking to expand their networks. The issue of who pays for poles that need to be replaced to accommodate more communications equipment is contentious, with telecoms arguing utilities force them to pay for replacing already junk poles. 

After spending years sifting through thousands of comments, commissioners have apparently been persuaded. Rules up for a vote at the commission’s December meeting would limit the scenarios in which utilities could pass full replacement costs on to attachers.

Broadband funding map

Rosenworcel repeatedly asked lawmakers to work with the commission on ensuring its broadband funding map is kept up to date.

The FCC launched its funding map in May to keep track of the myriad federal broadband subsidy efforts and avoid funding the same areas multiple times. The Department of Agriculture, the FCC, and the Treasury Department each oversee separate broadband funding programs, in addition to the Commerce Department’s upcoming $42.5 billion broadband expansion effort.

The commission has signed memoranda of understanding with those agencies on providing data for the funding map, but Rosenworcel asked the subcommittee for help ensuring the agencies follow through and respond to FCC requests for their funding data. 

“If you could help us make sure those other agencies respond to us with data, you’ll see where there are problems, duplication, areas we haven’t reached,” she said.

Continue Reading

Cybersecurity

Cybersecurity Requirements in BEAD Could Shape Internet Security Regulation More Widely

The Broadband Equity, Access and Deployment program requires ISPs and states to submit comprehensive cybersecurity plans.

Published

on

WASHINGTON, November 2, 2023 – How states implement cybersecurity rules in the $42.5 billion Broadband Equity, Access and Deployment program could shape internet security regulations more widely, experts said during a virtual panel Wednesday.

The BEAD program, which will provide federal grants to states to disperse for broadband projects, requires providers to submit comprehensive cybersecurity plans based on standards from the National Institute of Standards and Technology. Panelists said flexibility in the plans allows customization but also establishes baseline expectations as critical infrastructure relies more on connected technology.

“I think the way that states and entities interpret these BEAD cybersecurity and supply chain requirements is really going to have a ripple effect across the whole community,” said Savannah Schaefer, an attorney of Wilkinson Barker Knauer, who advises clients on cybersecurity.

Federal Communications Commission rules are beginning to include similar mandates, meaning how states implement BEAD’s requirements could influence cybersecurity regulations more broadly, Schaefer said.

Melissa Newman, vice president of government Affairs at the Telecommunications Industry Association, said BEAD’s cybersecurity stipulations cite lengthy federal guidance documents providers must wade through. Her trade group developed a checklist to help companies understand the rules.

“You cannot be confident in the security of your networks and products without consideration of both cyber and supply chain security,” said Newman, TIA’s vice president of government affairs.

Supply chain management, knowing who provides equipment and software, is critical because cybersecurity threats can be embedded throughout a product’s lifecycle, she said.

Evan Rice, senior vice president of Guide Star, a division of CCI Systems, said providers should start by documenting current cyber practices, identifying gaps and making plans to address them. Cybersecurity must be incorporated holistically, from network construction to long-term operation, he said.

“Everyone understands that piece. The cybersecurity is the same. Once you build it, you have to operate it,” said Rice. Schaefer encouraged viewing BEAD as part of an ongoing process of shaping cybersecurity requirements.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 1, 2023 – Cybersecurity and BEAD

To qualify for funding under the Broadband Equity, Access and Deployment program, network operators must submit a comprehensive cybersecurity strategy in line with the National Institute of Standards and Technology’s cybersecurity framework. What impacts do these requirements have on broadband deployers, and what steps can they take to ensure compliance? How can operators strike the right balance between expanding their networks and safeguarding them against cyber threats?

Panelists

  • Evan Rice, Senior Vice President, Guide Star
  • Savannah Schaefer, Wilkinson Barker Knauer LLP
  • Melissa Newman, Vice President of Government Affairs, Telecommunications Industry Association
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Evan Rice is an experienced IT executive with a focus on cyber security and operational excellence. Evan currently serves as the Senior Vice President of Guide Star, a division of CCI Systems. Evan has been with CCI Systems since 2012, starting as a Data Services Professional then moving to the Vice President of Information Technology role prior to his current position at Guide Star.

As an Associate at Wilkinson Barker Knauer LLP, Savannah Schaefer advises clients on a range of issues pertaining to cybersecurity, supply chain risk management, and emerging technology. Prior to joining the firm, Savannah represented companies in the information and communications technology sector at two trade associations where she led development and advocacy of the associations’ cybersecurity and supply chain legal and policy positions. She has also served in leadership roles in the IT and Communications Sector Coordinating Councils and on the Department of Homeland Security’s ICT Supply Chain Risk Management Task Force.

Melissa Newman has over 25 years’ experience in government affairs for the telecommunications sector.  Prior to Melissa joining TIA as Vice President of Government Affairs, she worked at Transit Wireless heading the Legal and External Affairs departments; Wilkinson Barker Knauer, a premier telecommunications law firm in Washington, DC; CenturyLink (now Lumen) as Vice President, Federal Policy and Regulatory Affairs; and as Deputy Division Chief of the Policy Division in the Common Carrier Bureau of the FCC.

Breakfast Media LLC CEO Drew Clark has led the Broadband Breakfast community since 2008. An early proponent of better broadband, better lives, he initially founded the Broadband Census crowdsourcing campaign for broadband data. As Editor and Publisher, Clark presides over the leading media company advocating for higher-capacity internet everywhere through topical, timely and intelligent coverage. Clark also served as head of the Partnership for a Connected Illinois, a state broadband initiative.

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook.

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

Cybersecurity

White Houses Asks Congress to Fill Rip and Replace Funding Gap

The $3 billion shortfall was first flagged by the FCC in July 2022.

Published

on

Photo of Joe Biden and Jill Biden in 2019 by Gage Skidmore.

WASHINGTON, October 26, 2023 – The Joe Biden administration is asking Congress to fill the $3 billion gap in the Federal Communications Commission’s rip and replace program, among other domestic needs.

The ask came Wednesday as part of a $55.9 billion request for domestic aid, including disaster relief and child care subsidies. Also in the White House’s request was $6 billion to continue the Affordable Connectivity Program, the monthly internet subsidy that’s set to dry up in April 2024 without additional funding.

In 2020, Congress required broadband providers to replace equipment from some Chinese companies, including Huawei and ZTE, citing concerns that it could be used for espionage. The effort was funded with $1.9 billion to reimburse companies for the cost of switching out gear.

But in July 2022 the FCC, which oversees the program, said broadband providers would need $4.98 billion to get the work done. There have since been repeated calls from lawmakers and industry to shore up the fund. Bills have been introduced in both the House and Senate to fill the $3 billion gap, but they have yet to be passed.

The deadline for approved companies to request reimbursement for rip and replace work passed on July 15. By default, companies have one year from the approval of that request to remove the Chinese equipment, but the commission has been granting deadline extensions as providers complain of funding troubles.

House Republicans managed to elect a speaker on the same day as the funding request, ending weeks of deadlock.

Continue Reading

Signup for Broadband Breakfast News



Broadband Breakfast Research Partner

Trending