The chief lawmakers on the Senate and House Homeland Security Committees asked the Federal Communications Commission Monday if the agency is taking cybersecurity into account with its proposal compelling cable providers to open up their content to third-party set-top boxes.
Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson, House Homeland Security Committee Chairman Mike McCaul and the committee’s ranking Democrats sent a letter to FCC Chairman Tom Wheeler Monday asking what cybersecurity measures, if any, the agency is considering in its draft proposal.
“The FCC’s rules and regulations for the communications sector can have a significant effect on the security of individual Americans, our critical infrastructure, and our national and economic security,” the lawmakers wrote Monday of Wheeler’s “unlock the box” proposal. “In particular, we are interested in learning more about the cybersecurity proposals within the rulemaking and urge further attention in this area. It is important that cybersecurity is fully addressed in any final rule.”
The agency voted in February to advance the proposal compelling cable providers like Comcast and DirecTV to make their video content accessible to third-party devices, giving consumers the opportunity to purchase a set-top box from a company like Google instead of renting one from the provider.
Lawmakers pointed to the National Institute of Statistics and Technology (NIST)’s voluntary cybersecurity framework as a guide for what the agency, in tandem with the communications industry, should consider with new regulations to combat “malicious actors” and “cybercriminals.”
“It is unclear how some of the FCC’s proposed rulemaking aligns with the framework’s recommended practices or how existing cable and satellite providers can adequately inventory devices attached to their network, including devices owned by a third party,” the letter reads. “For example, a core function of the framework is to identify a firm’s information technology assets and connections with other organizations and devices in order to ensure that it fully understands its risk posture and develops an associated cybersecurity risk management program.”
Representatives said that burden to ensure devices are secure would grow if third parties are allowed to enter the market, presently limited to devices from providers themselves.
Legislators asked Wheeler to answer a series of questions about the proposal’s cybersecurity considerations, including if and how device makers will self-certify they’re complying with cybersecurity standards, how the FCC will ensure third parties in hardware and software are meeting standards, including through their supply chains, if NIST was considered or how it will be in a future draft and whether the rulemaking addresses potential economic harm to content creators, businesses or infrastructure from cyberattacks.
Monday’s letter was the most recent inquiry among a growing number of concerns about the proposal from Congress, including in the Senate Judiciary Committee where Chairman Chuck Grassley wrote to Wheeler Monday with concerns about the proposal’s potential to make cable providers’ content more susceptible to copyright infringement, put new restrictions on the way providers can use consumer data and harm small rural cable operators.
Grassley said it was “unclear” how the new rules would extend consumer protections that already mandate providers keep user viewing habits private, limit advertising when appropriate, and provide emergency alerts and subtitles. He added the market is growing in competitiveness already via video streaming services and apps free of hardware, which some worry could let third parties manipulate cable providers’ content or make it more susceptible to pirating.
“I am concerned that this proposed rule making would replace marketplace solutions with greater government regulation,” Grassley wrote. “There are concerns that the proposed regulations will harm creators and impede innovation thereby ultimately hurting viewers.”
Members of the Congressional Black Caucus expressed their own concerns about the proposal’s potential impact on minority programmers, who they fear will be marginalized by third parties in the on-demand video market.
As justification for the rulemaking, Wheeler cited a congressional survey out of the offices of Sens. Ed Markey of Massachusetts and Richard Blumenthal of Connecticut, which found the country’s biggest cable companies charge the average U.S. household $231 annually in set-top box rental fees, pulling in almost $20 billion every year for providers.
Monday was the deadline to file comments on the proposal.