The U.S. Federal Communications Commission is prepared to impose new regulations on network providers if they don’t take steps to improve cyber security, according to PCWorld. Speaking at the American Enterprise Institute for Public Policy Research, FCC Chair Tom Wheeler said that the agency will work to promote, rather than regulate, initiatives meant to improve security. But if those efforts on the part of companies like AT&T (NYSE:T), Verizon (NYSE:VZ), Sprint (NYSE:S), and Comcast (NASDAQ:CMCSA) don’t succeed, then Wheeler says that the FCC will step in.
We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.
That “new regulatory paradigm” sees the FCC asking network providers to voluntarily adopt cyber security practices aimed to protect against malicious attacks by hackers. According to The Washington Post, the FCC also wants to bring companies together to work on technologies to prevent cyber attacks and protect users’ privacy. Wheeler said that the FCC hopes to develop “market accountability that doesn’t currently exist,” holding communications responsible for protecting infrastructure and customer data system. The goal is to prevent, or at least identify and respond to, breaches like the massive ones that exposed customer information at Target (NYSE:TGT) and Neiman Marcus.
The new initiative follows the March introduction of cyber security recommendations by the National Institute of Standards and Technology. The FCC will also evaluate whether network providers have implemented the 2011 recommendations made by the Communications, Security, Reliability, and Interoperability Council, an advisory committee to the FCC. The FCC refers to cyber security as a matter of public safety, and wants companies to report threats not only to the FCC, but to each other.
The FCC’s new effort to get network providers to improve cyber security comes in the midst of a debate over net neutrality and how the internet will operate in the future. Without protection for net neutrality, service providers can charge content companies higher fees for faster service. Forbes reports that privacy advocates have suggested a solution to the net neutrality debate: the FCC could reclassify Internet service as telecommunications. If service providers were classified from information services to “common providers,” like utilities such as landline phones, the FCC could gain more oversight over both the neutrality and security of lightly-regulated Internet networks. The FCC would gain a lot of leverage to regulate service providers practices if it made that change – which it seems unwilling so far to do.
In May, service providers including AT&T, Comcast, and Verizon wrote a letter to the FCC, warning it against changing their designation to regulate them as common providers under Title II of the 1934 Telecommunications Act. According to Mashable, if the FCC were to change service providers’ designation, the companies could come under a significant number of new regulations. “The FCC might have a say in who can and cannot provide a service. It could influence the price of the service. The FCC could define how ISPs provide broadband services. Consumers would get a more formal complaint system. ISPs revenues could come under scrutiny.”
The FCC’s new initiative to get network providers to improve cyber security practices, and its threat to intervene if they don’t, isn’t a direct threat to reclassify. But that’s certainly one of the potential consequences that providers don’t want hanging over its heads. The most interesting implication of the FCC’s “new paradigm” isn’t so much what the FCC is doing or threatening to do — but how the U.S. will operate as a society where cybersecurity is a public safety concern and the internet could be considered a utility (at least in the unofficial sense.)