EPIC Raises Phone Network Cybersecurity Concerns in FCC Comment

On May 28, EPIC submitted reply comments to the Federal Communications Commission in response to the FCC’s request for information about the exploitation of security vulnerabilities within the Signaling System 7 (SS7) and Diameter protocols, a technological infrastructure that facilitates voice calls and text messaging. Significant weaknesses in SS7 have been known for more than a decade, including the ability to determine the physical location of a device, to disrupt phone service, to intercept or block text messages, and to redirect or eavesdrop on voice conversations. Senator Ron Wyden sent a letter to President Biden in February of this year urging action, including publishing an unclassified report commissioned in 2022 by the Cybersecurity and Infrastructure Security Agency (CISA). EPIC submitted a FOIA request for this report in March of this year.

In its comments, EPIC highlighted a comment attributed to a CISA whistleblower stressing that these vulnerabilities still persist and are still being exploited by bad actors. EPIC urged the FCC to publish the unclassified CISA report, to articulate its authorities to address these vulnerabilities (as some regulated entities claim the FCC does not have the authority to shore up the security of our nation’s communications networks), to commence audits and investigations of carriers’ practices to mitigate these vulnerabilities, and to request Congressional action if the FCC believes it needs additional authority.

EPIC has consistently advocated for stronger safeguards in America’s communications networks to ensure the data privacy and data security of those who rely on it, and is among the top FOIA litigators in the country, working to ensure transparency and accountability in the government.