NEW @POGOBlog investigation out with @arstechnica about how industry influence at the FCC is compromising the security of our communications: arstechnica.com/features/2019/…
GET READY FOR A THREAD!
GET READY FOR A THREAD!
When major phone outages hit big cities including LA and DC in the early ‘90s, glitches in SS7, part of telephone software infrastructure, were to blame. But part of the supposed solution, a tech experts group chartered to advise the FCC called CSRIC, is now part of the problem.
As new innovation sped up, expertise within the FCC struggled to keep up and became more and more reliant on CSRIC for troubleshooting. But CSRIC’s membership is heavily skewed towards industry.
So the FCC was increasingly relying on a group of experts from the very companies the agency was supposed to be regulating to help it figure out how to set rules for new tech.
After @RepTedLieu let researchers track his phone via SS7 flaws for @60Minutes in 2016, the FCC turned to CSRIC yet again.
A VP at major telecom trade group CTIA was the lead editor on the CSRIC Working Group’s final report on the issue.
Emails POGO obtained via FOIA show he dismissed research about SS7 as hyperbolic and at times failed to incorporate edits from DHS experts.
Even though the working group quickly knew the technical fix, their final report didn’t recommend any actual rules, just non-binding best practices.
As an added bonus, the current leadership at the FCC doesn’t think his agency should play a major role in cybersecurity anyhow, despite its founding statute giving it authority to set rules related to security.
In a November letter to Sen. @RonWyden, @AjitPaiFCC said the FCC “plays a supporting role, as a partner with DHS, in identifying vulnerabilities and working with stakeholders to increase security and resiliency in communications network infrastructure.”
That lines up with common industry lobbying line, which former FCC Chairman (and former CTIA CEO) @tewheels says is basically a ploy to shift to oversight to agencies without the authority to set actual rules.
“The people and companies the FCC was charged with regulating wanted to see if they could get their jurisdiction moved to someone with less regulatory authority,”@tewheels told POGO.
If you want even more info about CSRIC, check out the investigation on POGO's site, which includes a side-bar focus on the group one former staffer called "The place to send issues you wanted to die.” pogo.org/investigation/…
And no matter where you read it, don't miss the fabulously spooky illustration from @cj_ostro 
• • •
Missing some Tweet in this thread? You can try to
force a refresh
