The Internet Law Resource Center™ is the complete information solution for practitioners in cyberlaw. Follow the latest developments on ICANN’s gTLD program, keyword advertising, online privacy,...
May 9 — The Federal Communications Commission and Federal Trade Commission have launched coordinated inquiries into how Google Inc., Apple Inc., and other mobile device manufacturers and wireless carriers deal with security updates intended to address known device vulnerabilities.
The FTC is requiring eight mobile device makers — Google, Apple, Samsung Electronics America Inc., Microsoft Corp., Blackberry Corp., Motorola Mobility LLC, HTC America Inc. and LG Electronics USA Inc. — to supply information on their security updates. The agency wants companies to report, among other information, which factors lead them to decide whether to patch a vulnerability; what vulnerabilities have been found on all devices sold since August 2013; and whether those vulnerabilities were patched.
The FCC is asking wireless carriers about their role in the deployment of security updates. FCC spokesman Neil Grace told Bloomberg BNA that the agency sent inquiry letters, which included a questionnaire on company knowledge and practices involving security updates, to AT&T Inc., Verizon Communications Inc., T-Mobile US Inc., Sprint Corp., U.S. Cellular Corp. and TracFone Wireless Inc.
Officials from both agencies told Bloomberg BNA that the inquiries are information-gathering exercises; there are no immediate plans to use company responses to drive further actions, such as enforcement or drafting new rules. The two agencies will be cooperating and collaborating throughout their inquiries and will share information, officials said.
A sample FCC questionnaire included 20 questions on issues such as whether carriers face hurdles in releasing security updates; if they know whether a subscriber has installed an update; whether unpatched devices can harm a network; and how long it takes to release security updates after learning of a vulnerability.
Four of the sample FCC questions deal specifically with Stagefright, the collective term for a set of bugs discovered last year in Google's Android operating system. Stagefright allows hackers to remotely execute code on a targeted Android phone, potentially taking control of device elements such as the camera, microphone and display. The FCC wants to know when and how carriers became aware of Stagefright; how many device models on each carrier's network were affected; and how many models are still vulnerable.
Companies will have 45 days from the date of an inquiry to respond to both agencies.
John Marinho, vice president of technology and cybersecurity at CTIA — The Wireless Association, a wireless industry trade group, said in a statement there is a “very strong partnership” already in place among carriers, device makers and operating system providers regarding security. CTIA spokeswoman Amy Storey told Bloomberg BNA the organization is concerned the inquiries may be overbroad and could lead to a “one size fits all” regime with adverse consequences for the mobile sector.
To contact the reporter on this story: Kyle Daly in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Keith Perine at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)