For many, many years security experts have warned that the “internet of things” (IOT) (or the myriad “smart home” devices we have scattered around our homes) was a security and privacy dumpster fire. A lot of these devices are made in China (often poorly) introducing new network attack vectors and widespread national security concerns.
So in 2023, the Biden FCC proposed a new voluntary program that would rank and label smart home devices if they adhered to some basic privacy and security standards. Under the program, the FCC would work with a private Illinois-based company named UL Solutions to study and test devices, then apply a “U.S. Cyber Trust Mark” on devices deemed relatively secure.
Enter Trumpism. The program’s creation has stalled out because of some baseless claims by Trump FCC boss Brendan Carr that UL Solutions, a company that has done this kind of testing for one-hundred-and-thirty years and which is well-known and well-respected in the field, also happens to do business in China and runs 18 China-based testing locations (which makes sense given the massive volume of such devices built in, you know, China).
So in June, Carr made a post to Elon Musk’s right wing propaganda website vaguely stating the program would be paused while his FCC “investigated” UL Solutions:
To be clear, this is about U.S. companies not wanting to have to adhere to any sort of oversight or privacy and security standards whatsoever (and this voluntary program probably would have not included serious penalties). Carr has just selected weird Chinese xenophobia as cover for regulatory capture.
Carr’s “investigation” is much like his other pseudo-investigations, which have included “investigating” Verizon for not being racist enough, “investigating” CBS for doing journalism critical of King Dingus, or “investigating” Dish Network for not giving its expensive spectrum to Elon Musk.
There is absolutely zero evidence of any kind that UL Solutions has done anything wrong, and the longer the program is delayed, the greater risk to the public:
“David Simon, a partner at Skadden, Arps, Slate, Meagher & Flom, said he was “not aware of any” other instance where the FCC investigated a company it had just approved to run one of its projects.
The uncertainty is already putting pressure on the program. “The longer one proceeds without trying to implement something like this, the more the risk is to the consumers,” said Paul Besozzi, a senior partner at Squire Patton Boggs. That includes both individual buyers and companies outfitting offices with smart devices.”
It’s now September and there’s zero update or transparency into the “investigation.” The whole thing is fairly representative of MAGA’s self-serving exploitation of “national security” and Chinese xenophobia when convenient.
Like the TikTok ban, which was floated for years (often by Carr) and even written into law, only to be scuttled because it upset the financial plans of a billionaire Trump ally. Or the “race to 5G,” which involved giving giant U.S. telecoms bottomless subsidies and tax cuts to “defeat the Chinese,” only for lawmakers to disappear when the efforts resulted in slow, expensive, and patchy U.S. 5G coverage.
Or all the GOP’s fear mongering about China’s Huawei, which involved a decade of hyperventilation over Chinese spying on U.S. telecom networks, and a bunch of programs the Trump administration is now dismantling so that rich people can get tax cuts. And most recently the AI wars, where we’re told we must give giant tech companies zero oversight and bottomless subsidies, again to best thwart the Chinese.
There are genuine security concerns related to China, and then there are greasy opportunists who leverage those fears for their own financial gain. And the U.S. press sucks at illustrating the difference, which is why it’s so easy for Carr to get away with this sort of vague bullshit.
While Carr professes to be super worried about Chinese threats to national security, with its other hand the Trump administration has gutted government cybersecurity programs (including a board investigating the biggest Chinese hack of U.S. telecom networks in history), dismantled the Cyber Safety Review Board (CSRB) (responsible for investigating significant cybersecurity incidents), and fired oodles of folks doing essential work at the Cybersecurity and Infrastructure Security Agency (CISA).
Brendan Carr is also engaged in a massive effort to destroy whatever’s left of the FCC’s consumer protection and corporate oversight authority, despite the fact that the recent historic Chinese Salt Typhoon hack (caused in large part because major telecoms were too incompetent to change default administrative passwords) was a direct byproduct of this exact type of mindless deregulation.
The Trump administration’s stacked courts are also making it impossible to hold telecoms accountable for literally anything (see the Fifth Circuit’s recent reversal of a fine against AT&T for spying on customer movement), which also undermines consumer privacy and national security, and ensures zero real repercussions for companies that fail to secure their networks and sensitive data.
So even if the FCC did implement this labeling program, any penalties for non-compliance (which there aren’t because it’s voluntary) would never survive the MAGA zealot-stocked court system. Carr of course is well aware of this. I suspect this program never sees the light of day and remains permanently bogged down in bogus, utterly nontransparent inquiry.
China’s super useful as a distraction from corruption or regulatory capture, but with MAGA it’s always performative. In Carr’s case, his primary interest is in pleasing the giant U.S. companies (his inevitable future employers) who don’t want any privacy and security oversight (however modest). And his efforts are always aided by a lazy U.S. corporate press too feckless to illustrate the distinction.
From Techdirt via this RSS feed