Tech Groups See Flaws in Rosenworcel's Internet Security Plan

WASHINGTON, July 6, 2024 – A federal proposal to harden the Internet against cyber threats has significant flaws that could result in harm to the global communications network, according to two tech organizations that have decided to speak out.

The Internet Society and the Global Cyber Alliance have gone directly to the Federal Communications Commission with their concerns about a cybersecurity proposal by Chairwoman Jessica Rosenworcel that has gained bipartisan support within the agency.

Over the past ten days, Internet Society and GCA officials met virtually with top aides to three FCC commissioners, including Democrats Geoffrey Starks and Anna Gomez, and Republican Brendan Carr.

Rosenworcel's plan would require nine large U.S. Internet Service Providers to shore up the Border Gateway Protocol to secure Internet traffic originating from, or destined to, their networks. Rosenworcel is concerned that BGP has vulnerabilities that can be exploited by bad actors and cyber criminals, some based overseas.

In the FCC meetings, the Internet Society and GCA officials said Rosenworcel's plan could have a "potential harmful impact on the Internet," asserting that the plan's top-down approach could be exploited by governments that want to squelch the free speech rights of political opponents.

Rosenworcel's plan, they said, lacked an “appreciation of the global multistakeholder processes that manages the technical operation of the Internet" and that her approach would require other nations to adopt U.S. regulations, which could face resistance.

"That could encourage other nations to seek to impose their own regulations on the Internet. Over the years, a range of nations have proposed to impose top-down regulation of cybersecurity on the Internet, and in many cases those nations have defined 'cybersecurity' to include public dissent expressed over the Internet," the Internet Society and GCA said.

The groups also claimed that Rosenworcel’s plan could “significantly increase dangers of fragmentation of the global routing system and the Internet generally” and could have “harmful impacts on the ability of technical standards setting bodies to make progress to develop new protocols … to enhance routing security.”

The Internet Society was represented by Principal for U.S. Internet Policy and Advocacy John Morris and Internet Policy Director Ryan Polk and GCA by Chief Technology Officer Leslie Daigle.

The FCC's Notice of Proposed Rulemaking was adopted at the agency's June 6 meeting. A public comment period is expected to open shortly.

Ahead of the FCC’s June vote, NCTA – The Internet & Television Association, in its review of the draft NPRM, said it did not believe “prescriptive rules” were necessary but if the agency went forward, it should not apply the rules “to service providers that have achieved high levels of secure BGP deployment.”

NCTA members include Comcast Corp. and Charter Communications, the two largest ISPs in the country.

A co-founder of the Internet Society was Vint Cerf, a co-creator of the Transmission Control Protocol/Internet Protocol, which governs the connection of computer systems to the internet.

In her comments at the June meeting, Rosenworcel recalled asking Cerf a few months ago what he wished he had known at the dawn of the Internet.

“He told me he wished he had known the Internet would need more security,” she said.