CTA Raises Red Flag as FCC OKs Security Rules 4-0
CTA raised concerns as FCC commissioners approved 4-0 Thursday an NPRM and notice of inquiry that would further clamp down on gear from companies deemed to pose a security risk in U.S. networks. Commissioners said several questions were added since a draft of the item circulated, as expected (see 2106090063).
The agency proposes to “insert itself into regulating device security, which is contrary to the FCC's legal authority and could have many unintended consequences,” said CTA President Gary Shapiro. “Our nation’s technology industry works closely with policymakers to ensure these devices are secure against emerging threats,” he said: “We urge the FCC to take more time to evaluate its role in security of devices and ensure a process that best promotes innovation and protects consumers.”
“There is broad bipartisan support for an effort to develop this kind of rulemaking,” responded acting Chairwoman Jessica Rosenworcel. Legislation would require the steps the FCC took Thursday, she said. Rosenworcel said commissioners are likely to vote at its July 13 meeting on final rules for a rip-and-replace program (see 2102170049) for equipment that isn't secure. “Shortly thereafter we’ll be able to get the program up and running,” she said.
Commissioner Brendan Carr told reporters he's familiar with the CTA concerns. “This will be a proceeding to allow them a full airing of those perspectives,” he said: “At this point, I’m not persuaded.” Carr also noted bipartisan support on Capitol Hill for a clampdown.
The NPRM seeks comment on whether to block authorization for communications equipment deemed to pose an unacceptable risk to national security and on whether it should revoke prior authorizations for equipment on the FCC’s “covered list” of providers that pose a security risk. The agency will ask whether to require applicants to participate in auctions to provide additional certifications tied to national security.
Pushback
The FCC rightly expands its focus beyond providers receiving USF support, Carr said. “This is a glaring loophole, and one that Huawei and others are using today,” he said: “It is the presence of this insecure equipment in our equipment that is the threat, not the source of funding used to purchase it.” Carr told reporters he expects “pushback” from Huawei and ZTE: “We’ve gotten pushback all along the way, including in litigation.”
“The FCC’s revision of the equipment evaluation and approval process to revoke authorization of equipment which previously satisfied FCC specifications is misguided and unnecessarily punitive,” emailed Glenn Schloss, vice president of Huawei Technologies USA. “Blocking the purchase of equipment, based on a ‘predictive judgment,’ related to country of origin or brand is without merit, discriminatory and will do nothing to protect the integrity of U.S. communications networks or supply chains,” he said. ZTE and the Chinese Embassy didn’t comment.
The FCC added questions on how the U.S. participates in standards-setting groups, Rosenworcel said. “These bodies can play a big role in shaping the growth of future technologies,” she said: “It is in our national interest to ensure that these organizations operate in a fair, impartial, balanced and consensus-based manner and in accordance with fundamental rules of due process.” Rosenworcel said the FCC has increased by 50% staff working on standards issues.
Questions were added asking how retailers can help the agency protect the integrity of the U.S. network and supply chain, said Commissioner Geoffrey Starks. The NPRM proposes to require that foreign applicants have a U.S.-registered agent for service of process so they can be held accountable, Starks said. “If you sell your equipment in the United States, the greatest free marketplace in the world, then you should also make yourself readily available to the FCC’s jurisdiction should we need to ask questions or hold you accountable,” he said.
The FCC added to the NOI at his request questions on RF fingerprinting, said Commissioner Nathan Simington. The technology “can play a central role in interdiction and enforcement of hacking and cybercrime,” he said. “RF fingerprinting uniquely identifies an individual wireless device similar to the unique identification enabled by a human fingerprint,” he said: “If we can identify specific devices … we can protect the security of wireless communications in an era of ever-increasing threats.”
Among other changes, the item now asks questions about the “outreach and education … for those that might not be as familiar with the rules and the changes that are teed up,” including by retailers, Office of Engineering and Technology acting Chief Ron Repasi told reporters.
EAS, WEA
Rosenworcel said the wireless emergency alert/emergency alert system order and Further NPRM, approved 4-0 as expected (see 2106090047), has suggestions for preventing false alerts that she made after the 2018 Hawaii false emergency alert and goes further. “This is progress, but there is still more work to do,” she said.
The order creates a new national alerts class of warnings, combining WEA presidential alerts with Federal Emergency Management Agency administrator alerts. The commission said the order also sets out a way for state or tribal government administrators to report false emergency alerts to the FCC operations center. The FNPRM starts a proceeding seeking comment on additional EAS improvements.
Public Safety Bureau Chief Lisa Fowlkes said the approved order is “substantially the same” as the draft. Asked about any possible future rulemaking based on other WEA and EAS suggested rules updates that it found to be outside the scope of the proceeding, she said the agency “is always interested in ways to improve the reliability and effectiveness” of EAS and WEAs. A nationwide EAS test is set for Aug. 11 (see 2105040068).
Robocalls
Mandated by Section 10(a) of the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, the robocalls order streamlines the process for private entities to alert the Enforcement Bureau about suspected unlawful robocalls or spoofing attempts. The online portal goes live after OMB review, said a commission release. It’s not clear exactly when that will happen, but “we’re working on it,” Enforcement Bureau Chief Rosemary Harold told reporters.
Companies can share details about potential violations and the portal will be separate from the existing informal complaint process run by the Consumer and Governmental Affairs Bureau for consumers. The portal will seek information including the calling party’s phone number, the caller ID information displayed, the date and time of the call or text, the name of the reporting entity’s service provider, and a description of the call or text.
An order providing requirements for Connected Care Pilot program participants, approved 4-0 as expected (see 2106080053), gives guidance on eligible services, competitive bidding, invoicing and data reporting. This “brings us one step closer to getting funding into the hands of the first batch of awardees,” said Carr.
Commissioners also approved 36 such projects this week in addition to the initial 14 applicants selected with 23 projects, as expected (see 2106020073). More than $57 million of the $100 million available has been allocated so far, said a news release. Participants will be able to start the process immediately, Wireline Bureau Chief Kris Monteith told reporters. Applications are continuing to be reviewed, Monteith said.
FCC Meeting Notebook
Rosenworcel wants to increase FCC broadband speed thresholds, she told reporters Thursday. “I hope in time that I can convince my colleagues that that is where we need to head.” She believes “it's absolutely time” to raise the current threshold of 25 Mbps downstream and 3 Mbps up, she said a few minutes later. She didn't say if she believes speeds should be symmetrical or detail what higher speeds she would like to have define broadband. Spokespeople didn't answer our questions.
Carr told reporters he has seen no progress on the 4.9 GHz band since the FCC stayed an order approved 3-2 last year. Carr was the lone dissenter on the stay last month (see 2105270071). “I’m open-minded that my colleagues will come to me with an idea that says, ‘Hey, we’ve got a better way to do this than even what you thought you liked when you voted for this in the past,’” he said. “Taking points off the board and standing pat isn’t a good step.” Carr said the FCC should be able to start a 2.5 GHz auction this year, but he’s “not seeing any indication that the gears are turning” in a way that that will happen. With the 3.45 GHz auction starting in October, experts see a 2022 start as more likely (see 2106070054).
Commissioners upheld 4-0 a $2.86 million fine against HobbyKing for marketing drone transmitters not approved under FCC equipment authorization rules (see 2007240044). HobbyKing allegedly sold devices that use a video link between transmitters on unmanned aircraft systems and users flying drones. “These devices must have obtained certification through the FCC’s equipment authorization process based on their operating parameters,” the agency said Thursday. FCC investigators found HobbyKing sold 65 models that required but didn’t get agency approval. The company didn’t comment. “The marketing of this equipment was especially egregious because the devices threatened to interfere with critical FAA systems and other federal operations and were never capable of being certified,” said Josh Zeldis, Enforcement Bureau attorney-adviser. Rosenworcel said it's “a notice to all others that we take our policies protecting our airwaves seriously.”