Normal view

Received before yesterday

After NPR and PBS defunding, FCC receives call to take away station licenses

✇Ars Technica
By:Jon Brodkin
10 December 2025 at 16:05

A conservative group yesterday urged the Federal Communications Commission to take licenses away from NPR and PBS stations and let other entities use the spectrum. The request came from the Center for American Rights (CAR), a nonprofit law firm that has played a prominent role in the news-distortion investigations spearheaded by FCC Chairman Brendan Carr.

“In the wake of the wind-down of the Corporation for Public Broadcasting and the end of federal funding for NPR and PBS, the Center respectfully suggests that the Commission open an inquiry that looks at the future of ‘public’ broadcasting in that new environment,” a Center for American Rights filing said.

The CPB is set to shut down after Congress approved President Trump’s request to rescind its funding. The Center for American Rights said the CPB shutdown should be used as an opportunity to reassign spectrum used by NPR and PBS stations to other entities.

Read full article

Comments

© Getty Images | tarabird

OnePlus 15 finally gets FCC clearance after government shutdown delay—preorders live

✇Ars Technica
By:Ryan Whitwam
4 December 2025 at 13:11

OnePlus is ready to sell its new flagship smartphone in the US weeks after it made the device official. Having now finally gotten Federal Communications Commission clearance, the OnePlus 15 is available for preorder. It’s currently only live on the OnePlus storefront, but the device will eventually come to Amazon and Best Buy as well.

The OnePlus 15 launched in China earlier this year, and it was supposed to go on sale in the US a month ago. However, the longest US government shutdown on record got in the way. Most of the FCC’s functions were suspended during the weekslong funding lapse, which prevented the agency from certifying new wireless products. Without that approval, OnePlus could not begin selling the phone. Thus, it had no firm release date when the phone was officially unveiled for the US in early November.

Interested parties can head to the OnePlus website to place an order. The base model starts at $900 with 12GB of RAM and 256GB of storage. This version is only available in black. If you want the Ultraviolet or Sand Storm (with the distinctive micro-arc oxidation finish), you’ll have to upgrade to the $1,000 version, which has 16GB of RAM and 512GB of storage.

Read full article

Comments

© Ryan Whitwam

FCC boss Brendan Carr claims another victory over DEI as AT&T drops programs

✇Ars Technica
By:Jon Brodkin
3 December 2025 at 12:48

AT&T told the Federal Communications Commission that it has eliminated DEI (diversity, equity, and inclusion) policies and programs, complying with demands from Chairman Brendan Carr.

The FCC boss has refused to approve mergers and other large transactions involving companies that don’t agree to drop support for DEI. On Monday, AT&T filed a letter disowning its former DEI initiatives in the FCC docket for its $1 billion purchase of US Cellular spectrum licenses.

“We have closely followed the recent Executive Orders, Supreme Court rulings, and guidance issued by the US Equal Employment Opportunity Commission and have adjusted our employment and business practices to ensure that they comply with all applicable laws and related requirements, including ending DEI-related policies as described below, not just in name but in substance,” AT&T’s letter to Carr said.

Read full article

Comments

© Getty Images | Lluis Gene

FCC Set to Reverse Course on Telecom Cybersecurity Mandate

✇Cybersecurity News and Magazine
By:Mihir Bagwe
31 October 2025 at 07:36

FCC, Federal Communications Commission, Cybersecurity Mandate

The Federal Communications Commission will vote next month to rescind a controversial January 2025 Declaratory Ruling that attempted to impose sweeping cybersecurity requirements on telecommunications carriers by reinterpreting a 1994 wiretapping law.

In an Order on Reconsideration circulated Thursday, the FCC concluded that the previous interpretation was both legally erroneous and ineffective at promoting cybersecurity.

The reversal marks a dramatic shift in the FCC's approach to telecommunications security, moving away from mandated requirements toward voluntary industry collaboration—particularly in response to the massive Salt Typhoon espionage campaign sponsored by China that compromised at least eight U.S. communications companies in 2024.

CALEA Reinterpretation

On January 16, 2025—just five days before a change in administration—the FCC adopted a Declaratory Ruling claiming that section 105 of the Communications Assistance for Law Enforcement Act (CALEA) "affirmatively requires telecommunications carriers to secure their networks from unlawful access to or interception of communications."

CALEA, enacted in 1994, was designed to preserve law enforcement's ability to conduct authorized electronic surveillance as telecommunications technology evolved. Section 105 specifically requires that interception of communications within a carrier's "switching premises" can only be activated with a court order and with intervention by a carrier employee.

The January ruling took this narrow provision focused on lawful wiretapping and expanded it dramatically, interpreting it as requiring carriers to prevent all unauthorized interceptions across their entire networks. The Commission stated that carriers would be "unlikely" to satisfy these obligations without adopting basic cybersecurity practices including role-based access controls, changing default passwords, requiring minimum password strength, and adopting multifactor authentication.

The ruling emphasized that "enterprise-level implementation of these basic cybersecurity hygiene practices is necessary" because vulnerabilities in any part of a network could provide attackers unauthorized access to surveillance systems. It concluded that carriers could be in breach of statutory obligations if they failed to adopt certain cybersecurity practices—even without formal rules adopted by the Commission.

Industry Pushback and Legal Questions

CTIA – The Wireless Association, NCTA – The Internet & Television Association, and USTelecom – The Broadband Association filed a petition for reconsideration on February 18, arguing that the ruling exceeded the FCC's statutory authority and misinterpreted CALEA.

The new FCC agreed with these concerns, finding three fundamental legal flaws in the January ruling:

Enforcement Authority: The Commission concluded it lacks authority to enforce its interpretation of CALEA without first adopting implementing rules through notice-and-comment rulemaking. CALEA section 108 commits enforcement authority to the courts, not the FCC. The Commission noted that when it previously wanted to enforce CALEA requirements, it codified them as rules in 2006 specifically to gain enforcement authority.

"Switching Premises" Limitation: Section 105 explicitly refers to interceptions "effected within its switching premises," but the ruling appeared to impose obligations across carriers' entire networks. The Commission found this expansion ignored clear statutory limits.

"Interception" Definition: CALEA incorporates the Wiretap Act's definition of "intercept," which courts have consistently interpreted as limited to communications intercepted contemporaneously with transmission—not stored data. The ruling's required practices target both data in transit and at rest, exceeding section 105's scope.

"It was unlawful because the FCC purported to read a statute that required telecommunications carriers to allow lawful wiretaps within a certain portion of their network as a provision that required carriers to adopt specific network management practices in every portion of their network," the new order states.

The Voluntary Approach of Provider Commitments

Rather than mandated requirements, the FCC pointed to voluntary commitments from communications providers following collaborative engagement throughout 2025. In an October 16 ex parte filing, industry associations detailed "extensive, urgent, and coordinated efforts to mitigate operational risks, protect consumers, and preserve national security interests.

These voluntary measures include:

  • Accelerated patching cycles for outdated or vulnerable equipment
  • Updated and reviewed access controls
  • Disabled unnecessary outbound connections to limit lateral network movement
  • Improved threat-hunting efforts
  • Increased cybersecurity information sharing with federal government and within the communications sector
  • Establishment of the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC) for real-time threat intelligence sharing
  • New collaboration forum for Chief Information Security Officers from U.S. and Canadian providers

The government-industry partnership model of collaboration has enabled communications providers to respond swiftly and agilely to Salt Typhoon, reduce vulnerabilities exposed by the attack, and bolster network cyber defenses," the industry associations stated.

Salt Typhoon Context

The Salt Typhoon attacks, disclosed in September 2024, involved a PRC-sponsored advanced persistent threat group infiltrating U.S. communications companies as part of a massive espionage campaign affecting dozens of countries. Critically, the attacks exploited publicly known common vulnerabilities and exposures (CVEs) rather than zero-day vulnerabilities—meaning they targeted avoidable weaknesses rather than previously unknown flaws.

The FCC noted that following its engagement with carriers after Salt Typhoon, providers agreed to implement additional cybersecurity controls representing "a significant change in cybersecurity practices compared to the measures in place in January."

Also read: Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms

Targeted Regulatory Actions Continue

While rescinding the broad CALEA interpretation, the FCC emphasized it continues pursuing targeted cybersecurity regulations in specific areas where it has clear legal authority:

  • Rules requiring submarine cable licensees to create and implement cybersecurity risk management plans
  • Rules ensuring test labs and certification bodies in the equipment authorization program aren't controlled by foreign adversaries
  • Investigations of Chinese Communist Party-aligned businesses whose equipment appears on the FCC's Covered List
  • Proceedings to revoke authorizations for entities like HKT (International) Limited over national security concerns

"The Commission is leveraging the full range of the Commission's regulatory, investigatory, and enforcement authorities to protect Americans and American companies from foreign adversaries," the order states, while maintaining that collaboration with carriers coupled with targeted, legally robust regulatory and enforcement measures, has proven successful.

The FCC also set to withdraw the Notice of Proposed Rulemaking that accompanied the January Declaratory Ruling, which would have proposed specific cybersecurity requirements for a broad array of service providers. The NPRM was never published in the Federal Register, so the public comment period never commenced.

The Commission's new approach reflects a bet that voluntary industry cooperation, supported by targeted regulations in specific high-risk areas, will likely prove more effective than sweeping mandates of questionable legal foundation.

“No place in our networks”: FCC hangs up on thousands of voice operators in robocall war

✇Malwarebytes Labs
28 August 2025 at 07:40

Everyone hates robocalls. However, it’s difficult to track down all the scammers and spammers that make them, so the Federal Communications Commission (FCC) has taken another approach: it just disconnected over a thousand voice operators from the public telephone network for not doing their part to stop the scourge.

This week, the Commission’s Enforcement Bureau removed over 1,200 voice service providers from its Robocall Mitigation Database (RMD). Created in 2020, this database is a ledger with records proving that telephony operators are taking measures to stop robocalls routing their calls through their networks. Removal from the database prevents other operators from taking a service provider’s traffic, effectively cutting it off from the US phone network.

Shaken and stirred

There’s a long road leading to this point, starting with the development of the STIR/SHAKEN protocol. Secure Telephone Identity Revisited (STIR) is a standard for ensuring that the caller ID showing up on your phone is legit. Signature-based Handling of Asserted information using toKENs (SHAKEN) is the technical tooling that lets telephony providers use the standard on their network.

Large voice telephony providers had to implement STIR/SHAKEN by June 30 2021 under the TRACED Act of 2019. Smaller providers got an extension. The RMD tracks which providers are using this system.

The Commission has been tightening the screws on companies that didn’t comply with the Act. In December, it announced that it might remove up to 2,411 companies if they couldn’t give a good reason for why they didn’t have up-to-date filings in the database.

On August 6, it began delivering on its promise, removing 185 voice providers from the database after they were found to be an originator or gateway provider for robocalls, or after they didn’t co-operate with the traceback procedures used to trace those calls.

The FCC also has support at a state level. In early August, 51 attorneys general launched Operation Robocall Roundup, which sent letters to 37 voice operators putting them on notice about illegal robocalls using their networks.

According to Commission Chair Brendan Carr:

“Robocalls are an all-too-common frustration — and threat — to Americans [sic] households. The FCC is doing everything in its power to fight back against these malicious and illegal calls. Providers that fail to do their duty when it comes to stopping these calls have no place in our networks. We’re taking action and we will continue to do so.”

Protection isn’t guaranteed

This is great, as far as it goes, but STIR/SHAKEN only works on IP-based phone networks (those that use the same protocol that the internet uses to move their digitized voice data around). Legacy phone networks that don’t use IP, such as in some rural areas, can’t use the technology. Those will fade over time, though.

Perhaps more importantly, the STIR/SHAKEN rules apply to US providers only, and it’s cheap for overseas providers to reach you. So overseas robocallers can still get to you easily via non-US operators while spoofing caller IDs.

Finally, STIR/SHAKEN only proves that the number showing up on your phone is the number that’s actually calling. The person using that number could still be a scammer.

So, you still need to do a little legwork of your own to minimize robocalls. Network providers (typically the larger ones) often run their own network analytics to root out robocallers. They frequently bundle such services. You can also set your phone to send all calls from numbers not in your contact list straight to voicemail.

If you use a landline, you can connect call blocking devices to your phone. Those use a variety of tricks, including messages that require a caller to press a specific number before the call goes through. The more action you take at your end, the more likely you are to block out automated nuisances.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

❌