Updates
FCC Initiates Rulemaking to Secure Government Wiretap System in Response to Salt Typhoon Breach
January 17, 2025

On January 16, 2025, FCC Chairwoman Rosenworcel released a Declaratory Ruling and Notice of Proposed Rulemaking (NPRM) “Protecting the Nation’s Communications Systems from Cybersecurity Threats”, explicitly in response to the Salt Typhoon attacks granting China-supported hackers access to lawful federal wiretap and data collection requests authorized by the Communications Assistance for Law Enforcement Act (CALEA).
In its Declaratory Ruling, the FCC concludes that CALEA requires telecom carriers to secure their networks from unlawful access to or interception of communications, extending not only to the equipment carriers use but also to how they manage their networks.
In its NPRM, the FCC proposes extending these cybersecurity and supply chain risk management requirements to a broader universe of covered providers (not just telecom carriers), including commercial radio operators, television broadcast stations, and satellite operations. The agency proposes requiring not merely that these covered providers have a plan in place to mitigate risk but that that plan reflects “reasonable measures.” The agency also inquires about requiring specific security controls, such as requiring default passwords to be changed or addressing the replacement of end-of-life equipment (i.e. equipment no longer receiving patches and security support).
EPIC has consistently advocated for stronger safeguards in America’s communications networks to ensure the data privacy and data security of those who rely on it.

Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate