The Federal Communications Commission voted 2-1 along party lines Thursday to repeal rules that required U.S. phone and Internet giants to meet certain minimum cybersecurity requirements.
The two FCC commissioners appointed by Trump, Chairman Brendan Carr and his Republican colleague Olivia Trusty, voted to withdraw rules requiring telecommunications carriers to “secure their networks from unlawful access or interception of communications.” The Biden administration had adopted these rules before leaving office earlier this year.
The FCC’s lone Democratic commissioner, Anna Gomez, disagreed. In one statement after the vote, Gomez called the overturned rules “the only meaningful effort this agency has made” since the discovery of a sprawling campaign by a Chinese-backed hacking group called Salt Typhoon that included hacking a number of U.S. phone and Internet companies.
Hackers broke into more than 200 telecoms, including AT&T, Verizon and Lumen, during the years-long campaign to conduct widespread surveillance of US officials. In some cases, the hackers targeted wiretapping systems that the US government previously required telecoms to install for law enforcement access.
The FCC’s move to change the rules sparked rebuke from senior lawmakers, including Sen. Gary Peters (D-MI), the ranking member of the Senate Homeland Security Committee. Peters said he was “disturbed” by the FCC’s attempt to roll back “basic cybersecurity safeguards” and warned that doing so would “leave the American people exposed.”
Sen. Mark Warner (D-VA), the ranking member of the Senate Intelligence Committee, said in a statement that the rule change “leaves us without a credible plan” to address key security holes exploited by Salt Typhoon and others.
For its part, NCTA, which represents the telecommunications industry, praised repealing the rules, calling them “regulatory and counterproductive regulations.”
However, Gomez cautioned that while cooperation with the telecommunications industry is valuable for cybersecurity, it is insufficient without enforcement.
“Toothless handshake agreements will not stop state-sponsored hackers from trying to infiltrate our networks,” Gomez said. “They won’t prevent the next breach. They don’t ensure that the weakest link in the chain is strengthened. If voluntary cooperation was enough, we wouldn’t be sitting here today in the wake of Salt Typhoon.”
