The Federal Communications Commission is looking at new rules for cable box providers that could allow foreign governments to spy on consumers in their homes, according to two lawmakers on the House Intelligence Committee.
The comments were made by committee chairman Rep. Devin Nunes, R-Calif., and Rep. Mike Pompeo, R-Kansas, in a letter questioning the agency’s proposal to allow third-party device manufacturers, like Google or Amazon, to access the market for the “set-top boxes” traditionally provided by cable companies.
“Not only are network owners limited in their ability to establish direct security controls, the proposed rule further undermines security by limiting … access to information that might be necessary to detect bad actors,” the two wrote in a Wednesday letter obtained by the Washington Examiner. “Since the FCC has no authority to monitor or compel compliance with the self-certifications, this truly allows the fox to guard the hen house.”
The duo stressed the fact that while FCC regulatory authority applies to cable companies, which are known as multichannel video programming distributors, it does not apply to the tech giants that could enter the market if the FCC lifts the restriction on who can run the boxes. The end result, they argued, could be that consumer information is siphoned away by a range of entities, including some in foreign countries.
“While we certainly hope that reputable manufacturers from the United States would protect consumer information, copyrights, and our networks from harm, there is no guarantee manufacturers from other nations would have the same incentive to do so,” the lawmakers wrote. “We are concemed that the FCC’s set-top box proceeding potentially provides cyber criminals access into homes or property without adequate protections, oversight, or enforcement.”
Related Story: http://www.washingtonexaminer.com/article/2592079
The two asked the agency to respond to a number of questions, including what would happen if a manufacturer was found to be violating consumer privacy or pirating content. They closed with a threat to invoke a national security provision to stop the proceeding.
“Based upon these open security questions, we remind you of the statutory prohibition in section 629 of the Communications Act that prohibits the FCC from jeopardizing the security of MVPD services and your mandate to protect the public interest,” they wrote.