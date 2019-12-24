We’ve noted for decades that U.S. telecom security and privacy standards aren’t great. T-Mobile has been hacked so many times in the last five years it’s easy to lose count. AT&T not long ago had a breach impacting the data of 73 million users it initially tried to pretend hadn’t happened.

Telecoms have lobbied relentlessly to dismantle much in the way of corporate oversight, so when hacks or breaches or bad choices manifest, executives and companies alike routinely see little in the way of real, meaningful accountability. Which, of course, ensures nothing much changes.

This all came to a head recently with the Salt Typhoon hack, which involved 8 major U.S. telecom operators suffering a major intrusion by Chinese hackers. The hack, oddly getting far less attention than the TikTok moral panic did, was leveraged to help spy on U.S. political officials. It was so severe and extensive that the involved, unnamed telecoms have yet to fully remove the intruders from their networks:

This is par for the course for a country that’s literally too corrupt to pass even a baseline privacy law for the internet era, or hold telecom giants meaningfully accountable for much of anything. At best, telecoms have grown fat and comfortable with a paradigm that involves a tiny fine and wrist slap for their incompetence, assuming they get challenged over it at all.

Enter Senator Ron Wyden, who is proposing a new law that would require the FCC to take broader ownership of telecom cybersecurity.

His Secure American Communications Act would more clearly establish FCC authority to monitor telecoms for privacy and cybersecurity violations, require they conduct routine testing of their networks and systems, and contract outside independent auditors to make sure they’re doing a competent job. They’d also have to submit formal annual reviews to the FCC.

“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”

Of course the last thing AT&T, Verizon, Comcast, T-Mobile and Charter want is additional (or any) government oversight, so even if perfectly designed to minimize headaches and problems, the bill likely has zero real chance of passing a corrupt Congress.