FCC To Rescind Ruling That Said ISPs Are Required To Secure Their Networks

The FCC plans to repeal a Biden-era ruling that required ISPs to secure their networks under the Communications Assistance for Law Enforcement Act, instead relying on voluntary cybersecurity commitments from telecom providers. FCC Chairman Brendan Carr said the ruling "exceeded the agency's authority and did not present an effective or agile response to the relevant cybersecurity threats." Carr said the vote scheduled for November 20 comes after "extensive FCC engagement with carriers" who have taken "substantial steps... to strengthen their cybersecurity defenses." Ars Technica reports: The FCC's January 2025 declaratory ruling came in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The Biden-era FCC found that the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law, "affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications."

"The Commission has previously found that section 105 of CALEA creates an affirmative obligation for a telecommunications carrier to avoid the risk that suppliers of untrusted equipment will "illegally activate interceptions or other forms of surveillance within the carrier's switching premises without its knowledge,'" the January order said. "With this Declaratory Ruling, we clarify that telecommunications carriers' duties under section 105 of CALEA extend not only to the equipment they choose to use in their networks, but also to how they manage their networks." A draft of the order that will be voted on in November can be found here (PDF).

"extensive FCC engagement with carriers"

[backslashdot]

"After extensive discussions with the wolves, they were allowed to eat the sheep."

Re:

[ndsurvivor]

Unfettered Capitalism at its worst.

One more rule

[dskoll]

Another rule: ISPs are required to send internal network diagrams, passwords, keys and certificates to Vladimir Putin.

Re:

[rsilvergun]

You know I wonder if we get the Epstein files if Trump will finally stop fucking Putin's dick.

It's pretty obvious Putin has the Epstein files and the implicate trump. If it's all out in the open then the compromat is no longer valuable.

I mean it's not as if the public is going to turn on Trump completely. They grumble a little when the economy goes to shit because Trump can't run a country or anything else for that matter. But they love him so much on a deep personal level, the same level a woman wi

Re:

[easyTree]

Makes you wonder what other kompromat there is on all the world's "leaders" given that the paedo-aspect is already out. I guess it's way worse than genocide.

Re:

[rsilvergun]

People can cheerfully look the other way at genocide as long as it's not being done on people that look like them.

Even then they can look the other way if they're not doing so hot economically.

I just came across the old Eddie izzard joke about how Hitler got in trouble because he killed other country's people but Pol pot got to die peacefully because he killed his own people. That's not far off.

But a good old-fashioned sex scandal yeah that'll be a problem for world leaders.

This is insane!

[Gravis Zero]

Quite plainly, this is a national security issue. It's not a far-fetched hypothetical to see networks infiltrated to compromise security in order to steal sensitive information about people, businesses, etc. Yes, "national security" is the common claim of the oppressor but that doesn't mean it's always illegitimate.

WHO THE FUCK WOULD BE AGAINST ACTUAL NATIONAL SECURITY?!

Re:

[rta]

Quite plainly, this is a national security issue. It's not a far-fetched hypothetical to see networks infiltrated to compromise security in order to steal sensitive information about people, businesses, etc. Yes, "national security" is the common claim of the oppressor but that doesn't mean it's always illegitimate.

WHO THE FUCK WOULD BE AGAINST ACTUAL NATIONAL SECURITY?!

Our government is generally rules based. That is a specific system of laws vs of people or of "reasonable behavior".

The specific question is whether the regulation was allowed under the specific law that they used.

As TFA points out the argument is that the rule the FCC made was beyond what the law they quoted allowed. I'm so so on whether it is or not, but that's the point in question, NOT whether someone hates national security.

Re:This is insane!

[abulafia]

That's the argument, yes. But it isn't all [cybersecuritydive.com] that [eff.org] crazy [washingtonpost.com] to notice [observer.com] a pattern [reuters.com].

Re:This is insane!

[Cyberpunk Reality]

This. There is zero reason to give the Trump Administration - which constantly violates the law and ignores the courts - the benefit of the doubt on anything. "It's about a rule overstepping the authority of the agency making it" is an excuse. Increasing the threat surface for the United States of America, its infrastructure, and its citizens is the result. What the actual motivation of said administration is I cannot know, but based on observed behaviors it is likely to be something along the lines of "who gives a damn about long-term trade-offs or security, lets give our corporate buddies the break they've asked for, so we can personally Make Moar Moneyyy".

Re:

[Ostracus]

When every cybercriminal on the planet takes all those corporations to the cleaners they just may rethink their penny pinching ways.

Re:

[sabbede]

The ends don't matter if the means violate the Constitution. Even if you could demonstrate that implementing these new rules as the prior administration was leaving office provided a real security benefit, it wouldn't matter one bit if the agency wasn't allowed to implement them.

And when did appealing a lower court's decision become "ignoring the courts"?

Re:

[sabbede]

Well, you've noticed something about media framing and bias. Which lesson did you learn from it?

Re:This is insane!

[Waffle Iron]

Our government is generally rules based.

In 2025, that statement is 100% false.

Re:

[Tschaine]

+1, Insightful

Re:

[HiThere]

Not 100%. Much of our government is still rules based. (Also, it's never been 100/% rules based...it's just that that used to be the generally accepted goal.)

Re:

[WaffleMonster]

Quite plainly, this is a national security issue.

I don't think this is an anything issue. Biden's last minute creative reinterpretation of CALEA and the general recommendations that sprung from them were so basic as to be effectively worthless against state (or otherwise) actors. Also worth noting the infamous Salt Typhoon compromise was ENABLED by CALEA backdoors installed for government mandated LEA access.

It's not a far-fetched hypothetical to see networks infiltrated to compromise security in order to steal sensitive information about people, businesses, etc.

This is what zero trust and E2EE is for. You ALWAYS assume the network is compromised and act accordingly.

Yes, "national security" is the common claim of the oppressor but that doesn't mean it's always illegitimate.

When it comes to governance process is e

Re:

[NotEmmanuelGoldstein]

WHO THE FUCK ...

The people who have to pay for it. In addition to 100s of billions of dollars in tax cuts, the Trump government is also removing a billionaire's responsibility to protect data, the people, or even the government.

Everything the Trump government does, is about denying rich people have a duty of care to the rest of the country. If Trump had his way, every transaction would be a civil contract with disputes settled by arbitration: Your legal rights will be whatever you can afford to buy or steal.

Re:

[FudRucker]

If they actually secured the network the government and big tech could not spy on everybody, it is up to the individual to secure their own systems and thats why the internet looks like swiss cheese

Re:

[ndsurvivor]

The symbolism that MAGAs have is that Trump is tearing down the White House East Wing, the House of the People, and building a Ball Room. All while 40 million Americans are denied food.

Re:

[ndsurvivor]

I want the MAGAs to come back into the fold of decent people. They went astray awhile. Worshiping Oligarchs in middle class America does not seem like a "winning" idea.

Re:

[sabbede]

No, it wouldn't make sense, which might be why it isn't actually happening. Please stop inventing beliefs to build straw men out of. I realize that's easier, but it isn't healthy for you or public discourse.

Re:

[ArchieBunker]

If Obama bulldozed a wing of the whitehouse the republicans would still be recovering from the massive collective stroke they suffered.

Re:Terrible

[ndsurvivor]

I am old enough to equate Republicans with George Will, MAGAs are not republicans. MAGAs do not have any principles. MAGAs are not conservatives. MAGAs are Oligarch Worshipers.

Re:

[fahrbot-bot]

If Obama bulldozed a wing of the White House the republicans would still be recovering from the massive collective stroke they suffered.

Or bombed Venezuelan boats w/o Congressional approval and oversight.
Or imposed these tariffs (taxes) instead of through Congress -- paid by U.S. consumers, btw.
Or did anything ICE, the National Guard and military is currently doing in U.S. cities.
Or strong-armed universities, law firms, into paying $$$.
Or had, much less televised, brown-nosing, dictator-styled Cabinet meetings.
Or profited and self-dealed like Trump is doing.
Or ...

Re:

[ndsurvivor]

I think that Trump is a fucked up, mixed up Oligarch, but I think that America should bomb Venezuela for other reasons. This seems to be a case where a clock is right twice a day.

Re:

[sabbede]

Wishing for someone's family to be killed is not something normally associated with being a decent human being. I think you owe someone an apology. And you owe it to yourself to get a grip on your emotions.

Re:

[Dragonslicer]

Dude, Fox News freaked out when Obama wore a tan suit

Re:

[sabbede]

Maybe, but he did build a basketball court with taxpayer money, and I don't recall much of an uproar.

He also had to put up tents and port-a-pottys in the yard in order to host events at the White House. It turns out that there isn't a lot of floor space inside, so holding the sort of large events that tend to be so important for international diplomacy is a bit difficult. Should King Charles visit, I'd like for him to be able to sh-t inside.

Could the process have been handled better? Sure. Was he

Re:

[sabbede]

Well, tell Democrats in the Senate to do what they have always demanded of the GOP when the roles were reversed, and pass the CR. The ballroom is paid for.

Oh, and drop the hyperbole. Nobody is being "denied food". There's no money in the SNAP account to give them. Could not be more different. Show me the person who has been told they are not allowed to buy food.

Re:

[chas.williams]

I have to agree. Regulation without any enforcement or penalties is pointless. It does make someone somewhere feel good, and politicians get to say "I did something!" It's roughly the equivalent of the government requiring you to tie your shoes. ISPs already secure their networks to reduce their liability footprint. If you don't want to tie your shoes or secure your network, you can't blame the government for not "requiring" you to do it when you fall on your face.

Re:

[gurps_npc]

Ha Ha Ha.

You think ISPs care about liability? There is no liability. Clearly if they do not have a legal requirement to secure their technology then they do not have a legal responsibility. That is what their lawyers are going to say.

They do the minimum to convince a judge they tried and it was just those nasty criminals that outsmarted them by trying the password "123456"

Re:

[sabbede]

Well, we could try getting Congress to pass a law that says they have to secure their infrastructure. Would that work for you? It would work for me, it sounds like a good idea. At least in principle.

Because pretending those words exist in this paragraph isn't right: “telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful au

Re:

[chas.williams]

In general, there are industry best practices. Failing to adhere to those will result in liability because you know precisely why those industry best practices exist.

Re:

[chas.williams]

ISPs will incur financial liability for any losses resulting from poorly secured networks. You can't just claim that there isn't a law about slippery sidewalks, so I don't need to shovel them. Failure to adhere to basic industry standard practices results in financial liability should something go wrong.

Story checks out.

[fuzzyfuzzyfungus]

It may be pathetic; but the 'make america great again unless it sounds like actual work might be involved' attitude is, at least, consistent.

Re:

[ndsurvivor]

Dig deep into it, and translation of "Make America Great Again" equates into young white men raping women with no repercussions. Secondary to White Men's animal beliefs is to just to have all the Wealth in the World.

Re:

[sabbede]

How?

Translation

[jenningsthecat]

"exceeded the agency's authority and did not present an effective or agile response to the relevant cybersecurity threats."

"there's a new sheriff in town, namely me, and I'm in the pay of the oligarchs so they get the legislation they ask for."

This is what Ars says the relevant law is

[sabbede]

“telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission.”

That's for making sure only legal wiretaps are put in place. The prior administration decided that could be stretched and twisted around to mean something very different about supply chains and network management. They could have asked Congress to pass a law requiring this but instead took a hammer to existing law until they made it say what they wanted.

That's not how it's supposed to be done. What's the point of Congress if an administration can just decide the laws mean whatever they want them to?