Sen. Ron Wyden (D-Ore.) has sent a letter to the Biden administration calling for more stringent measures to address the evolving cybersecurity threat to U.S. citizens caused by foreign governments.
In the letter, dated Feb. 29, Mr. Wyden specifically outlined the threat posed by the lax cybersecurity implemented by wireless carriers, which leave U.S. citizens vulnerable to surveillance by potentially hostile foreign governments.
“Surveillance companies and their authoritarian foreign government customers have exploited lax security in U.S. and foreign phone networks for at least a decade to track phones anywhere in the world. Authoritarian governments have abused these tools to track Americans in the United States and journalists and dissidents abroad, threatening U.S. national security, freedom of the press, and international human rights,” the letter states.
Mr. Wyden further elaborated on the issue by urging the administration to apply minimum cybersecurity standards for carriers, while directing government agencies to be more proactive in protecting U.S. citizens, foreign journalists, dissidents, and human rights activists from surveillance by authoritarian foreign governments.
These include regimes such as the Chinese Communist Party and Saudi Arabia, as well as foreign adversaries like Russia.
“Surveillance technology companies sell access to phone company hacking services, through which their foreign government customers can enter any phone number and track the device associated with it, wherever it is in the world,” the letter continued.
It went on to describe how wireless phone carriers are vulnerable to foreign attacks.
“These phone company hacking services exploit flaws in two obscure technologies, known as Diameter and Signaling System 7 (SS7). These two technologies are used by wireless carriers around the world to deliver text messages between phone companies, and for roaming by their customers traveling abroad,” the letter stated.
Mr. Wyden pointed out that cybersecurity researchers and investigative journalists have raised the issue for over a decade, but that the U.S. government has failed to adequately tackle the problem.
According to Mr. Wyden, addressing the situation on a deeper level will require a coordinated effort between government agencies and strategic cooperation with foreign allies.
“I urge you to direct the National Cyber Director to coordinate action among agencies and provide Congress with updates at least twice a year until this threat is meaningfully addressed,” Mr. Wyden wrote.
Furthermore, as stated in the letter, a gap in U.S. export control rules allows Chinese AI companies to exploit these loopholes by renting AI chips by the hour from U.S. intermediaries.
According to a report by the Financial Times last year, the Chinese companies—which are subject to sanctions by the United States—easily bypass regulations, allowing them access to restricted technology by using cloud-based providers.
Senator Wyden asked the government to expand U.S. export rules to cover phone company hacking services. This would force American companies selling such surveillance services to foreign governments to first seek U.S. governmental approval.
Mr. Wyden, who has been an active proponent in the Senate for enhanced security and policy in the technology sector, also addressed the existence of an unclassified report by the Cybersecurity and Infrastructure Security Agency.
The 2022 report has so far not been subject to further public disclosure, and attempts by Mr. Wyden to obtain details on it have reportedly been rejected by the agency.
Mr. Wyden further asked the government to provide information on a recent proposal submitted to the Wassenaar Arrangement by the Swiss government. The forum serves as a collaborative regulatory body to facilitate enhanced control of surveillance services.
Additionally, Mr. Wyden suggested that U.S. government agencies should refrain from funding mercenary surveillance companies, specifically those that have enabled human rights abuse. Mr. Wyden argued that those restrictions that apply to spyware companies should also apply to phone-hacking service providers.
Mr. Wyden further called for additional sanctions on foreign surveillance companies, to effectively deny these companies access to the U.S. financial system, as well as stricter regulations in allied nations on the sale of phone company hacking services.
