InsideSources

The chief lawmakers on the Senate and House Homeland Security Committees asked the Federal Communications Commission Monday if the agency is taking cybersecurity into account with its proposal compelling cable providers to open up their content to third-party set-top boxes.

Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson, House Homeland Security Committee Chairman Mike McCaul and the committee’s ranking Democrats sent a letter to FCC Chairman Tom Wheeler Monday asking what cybersecurity measures, if any, the agency is considering in its draft proposal.

“The FCC’s rules and regulations for the communications sector can have a significant effect on the security of individual Americans, our critical infrastructure, and our national and economic security,” the lawmakers wrote Monday of Wheeler’s “unlock the box” proposal. “In particular, we are interested in learning more about the cybersecurity proposals within the rulemaking and urge further attention in this area. It is important that cybersecurity is fully addressed in any final rule.”

The agency voted in February to advance the proposal compelling cable providers like Comcast and DirecTV to make their video content accessible to third-party devices, giving consumers the opportunity to purchase a set-top box from a company like Google instead of renting one from the provider.

Lawmakers pointed to the National Institute of Statistics and Technology (NIST)’s voluntary cybersecurity framework as a guide for what the agency, in tandem with the communications industry, should consider with new regulations to combat “malicious actors” and “cybercriminals.”

“It is unclear how some of the FCC’s proposed rulemaking aligns with the framework’s recommended practices or how existing cable and satellite providers can adequately inventory devices attached to their network, including devices owned by a third party,” the letter reads. “For example, a core function of the framework is to identify a firm’s information technology assets and connections with other organizations and devices in order to ensure that it fully understands its risk posture and develops an associated cybersecurity risk management program.”

Representatives said that burden to ensure devices are secure would grow if third parties are allowed to enter the market, presently limited to devices from providers themselves.

Legislators asked Wheeler to answer a series of questions about the proposal’s cybersecurity considerations, including if and how device makers will self-certify they’re complying with cybersecurity standards, how the FCC will ensure third parties in hardware and software are meeting standards, including through their supply chains, if NIST was considered or how it will be in a future draft and whether the rulemaking addresses potential economic harm to content creators, businesses or infrastructure from cyberattacks.

Monday’s letter was the most recent inquiry among a growing number of concerns about the proposal from Congress, including in the Senate Judiciary Committee where Chairman Chuck Grassley wrote to Wheeler Monday with concerns about the proposal’s potential to make cable providers’ content more susceptible to copyright infringement, put new restrictions on the way providers can use consumer data and harm small rural cable operators.

Grassley said it was “unclear” how the new rules would extend consumer protections that already mandate providers keep user viewing habits private, limit advertising when appropriate, and provide emergency alerts and subtitles. He added the market is growing in competitiveness already via video streaming services and apps free of hardware, which some worry could let third parties manipulate cable providers’ content or make it more susceptible to pirating.

“I am concerned that this proposed rule making would replace marketplace solutions with greater government regulation,” Grassley wrote. “There are concerns that the proposed regulations will harm creators and impede innovation thereby ultimately hurting viewers.”

Members of the Congressional Black Caucus expressed their own concerns about the proposal’s potential impact on minority programmers, who they fear will be marginalized by third parties in the on-demand video market.

As justification for the rulemaking, Wheeler cited a congressional survey out of the offices of Sens. Ed Markey of Massachusetts and Richard Blumenthal of Connecticut, which found the country’s biggest cable companies charge the average U.S. household $231 annually in set-top box rental fees, pulling in almost $20 billion every year for providers.

Monday was the deadline to file comments on the proposal.

Follow Giuseppe on Twitter

The CEO of a popular classified ads website that lawmakers say is a hub for underage sex traffickers refused to appear before a Senate subcommittee Thursday, the first time a witness has refused a Senate subpoena in at least 20 years.

Backpage.com CEO Carl Ferrer declined to appear before the Senate Homeland Security and Governmental Affairs Subcommittee on Permanent Investigations Thursday to testify on sex traffickers’ use of his website to sell underage children for sex acts in the U.S.

“We had hoped Mr. Ferrer would be here, but he has refused to come,” subcommittee chair and Ohio Republican Rep. Rob Portman said at the conclusion of Thursday’s hearing. “This is truly extraordinary.”

Ferrer has been under subpoena by the subcommittee since Oct. 1, and since then, requested through his attorneys multiple times that he be excused for business traveling plans, since he indicated he would only plead his right not to self-incriminate under the Fifth Amendment.

“This subcommittee would respect any valid assertion of Fifth Amendment privilege, but there’s no privilege not to show up,” Portman said, describing Ferrer’s refusal to appear as “a clear act of contempt.”

“If Backpage fails to change course and comply with the subcommittee’s subpoena, the appropriate next step is to pursue contempt proceedings. This is a step the Senate has not taken in 20 years,” Portman continued, adding the committee itself hasn’t taken such action in 30 years, and that it will weigh in the next few days whether to refer Backpage to the Justice Department for criminal contempt.

In his opening statement Portman said Backpage lawyers recently told the committee the site hadn’t even bothered to search for and produce documents the committee requested as part of its investigation.

“This isn’t an exercise in having a hearing, this is an exercise in making sure that we have done everything in the law to protect children,” ranking Democrat and Missouri Rep. Claire McCaskill said. “So we will be careful and cautious about using the procedures available to us, but we will use them.”

According to Yiota Souras, senior vice president and general counsel for the National Center for Missing and Exploited Children (NCMEC), 71 percent “of all the child sex trafficking reports submitted by members of the public” to the center’s CyberTipline “relate to Backpage ads.”

Backpage has until now defended itself under the Communications Decency Act (CDA), stating it is only a publisher of content on its website, and as such, is not liable for any illegal activities that take place as a result of ads for prostitution.

Prosecutors, lawmakers and NCMEC cited questionable activity by Backpage moderators, including evidence of editing ads to keep them from running afoul of the law, refusing to implement photo DNA software to automatically flag and pull down ads and scrubbing metadata from ads it turns over to NCMEC, which would help authorities track down sex traffickers.

Souras pointed out Backpage requires certain identifying information, such as a telephone number or email address, for other private ads for the sale of items. It requires no such criteria for sex ads. While NCMEC’s general counsel conceded Backpage came to the organization early on regarding the issue, Souras said it appeared Backpage was more interested in soliciting a good public image from NCMEC rather than taking tangible action on sex ads featuring children.

“Even when an escort ad is reported by families as containing images of their child, Backpage often does not remove the ad from public view,” Souras said. “Instead, the reported ad remains live on Backpage.com where potential customers can continue to purchase the child for rape or other sexual abuse, even though Backpage is now on notice that the ad potentially involves a child.”

Washington Deputy Attorney General Darwin Roberts said the state tried to pass a law in 2012 to criminally punish anyone facilitating the publishing of sex ads featuring minors — a law Backpage led opposition to early on, and was enjoined by the U.S. District Court in Seattle for preempting the CDA and over-broad language on First Amendment grounds.

Roberts added Backpage is likely exceeding the grounds of exemption from prosecution under CDA “by actually participating in drafting the ads, by making themselves a go-to location for ads advertising prostitution among such sites, and by crafting the message thats being sent to try to keep it so that it doesn’t appear to involve child trafficking.”

“Earlier you said that a mother finally sent them an email saying, ‘For God’s sake, she’s only 16’,” Portman told Souras. “So for all of us who are parents, who are grandparents, think about that — ‘For God’s sake, she’s only 16.’ And yet they refused to pull the ad.”

“Not being able to provide that information to law enforcement means you can’t find many children who otherwise could be able to be found,” Portman continued. “And the heartbreak of knowing that information is out there somewhere, and yet a supposedly legitimate commercial concern won’t provide you the information, or provide it to law enforcement to be able to find your child — to me this is what this hearing’s really all about.”

Follow Giuseppe on Twitter