Brendan Carr Tries To ‘Ban’ All Foreign Routers In Lazy, Legally Dubious Shakedown
from the nice-router-there.-shame-if-something-were-to-happen-to-it. dept
Taking a break from attacking the First Amendment, FCC boss Brendan Carr this week engaged in a strange bit of performance art: his FCC announced that they’d be effectively adding all foreign-made routers to the agency’s “covered list,” in a bid to ban their sale in the United States.
That is unless manufacturers obtain “conditional approval” (including all appropriate application fees and favors, of course) from the Trump administration via the Department of Defense or Department of Homeland Security. In other words, the Trump administration is attempting to shake down manufacturers of all routers manufactured outside the United States (which again, is nearly all of them) under the pretense of cybersecurity.
You can probably see how this might result in some looming legal action. And who knows what other “favors” to the Trump administration might be required to get conditional approval, like the inclusion of backdoors accessible by our current authoritarian government.
A fact sheet insists this was all necessary because many foreign routers have been exploited by foreign actors:
“Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes.”
But the biggest recent cybersecurity incident in recent U.S. memory, the Chinese Salt Typhoon hack (which involved Chinese state-sanctioned hackers massively compromising U.S. telecom networks to spy on important people for years) largely involved the broadly deregulated U.S. telecom sector failing to do basic things like change default admin passwords. And then trying to hide additional evidence of intrusion for liability reasons. A very domestic failure.
We’ve discussed at length that while Brendan Carr loves to pretend he’s doing important things on cybersecurity, most of his policies have made the U.S. less secure. Like his mindless deregulation of the privacy and security standards of domestic telecoms and hardware makers. Or his destruction of smart home testing programs just because they had some operations in China.
Most of the Trump administration “cybersecurity” solutions have been indistinguishable from a foreign attack. They’ve gutted numerous government cybersecurity programs (including a board investigating Salt Typhoon), and dismantled the Cyber Safety Review Board (CSRB) (responsible for investigating significant cybersecurity incidents). The administration claims to be worried about cybersecurity, but then goes out of its way to ensure domestic telecoms see no meaningful oversight whatsoever.
I’d argue Trump administration destruction of corporate oversight of domestic telecom privacy/security standards is a much bigger threat to national security and consumer safety than 90% of foreign routers, but good luck finding any news outlet that brings that up in their coverage of the FCC’s latest move.
In reality, the biggest current threat to U.S. national security is the Trump administration’s rampant, historic corruption. Absolutely any time you see the Trump administration taking steps to “improve national security,” or “address cybersecurity” you can just easily assume there’s some ulterior motive of personal benefit to the president, as we saw when the great hyperventilation over TikTok was “fixed” by offloading the app to Trump’s dodgy billionaire friends.
Filed Under: brendan carr, cybersecurity, fcc, hardware, national security, privacy, security, shakedown, telecom
Comments on “Brendan Carr Tries To ‘Ban’ All Foreign Routers In Lazy, Legally Dubious Shakedown”
cronyism at it's finest
this is nothing more then feed the rich! fuck the poor! and to no ones surprise. the elon musk crony cartel has had his shitty satellite program and HIS routers approved!
I wish these companies would call his bluff. The only way idiots like Trump and Carr learn a goddamn thing is by touching the stove long enough to realize how much getting burned by your own stupidity hurts.
Re: There is no bluff involved here.
Trump’s administration perfectly well can make life painful for everyone unwilling to be shaken down by them.
They may not be able to do it legally, but the inflicted damage while the process is crawling through the legal system is real, and the total cost accrued for the Trumpian empire is entirely borne by the taxpayer.
It doesn’t matter that the courts will react after a few years in favor of the victim: the empire can deal out strikes a lot faster than recovery through legal means takes.
Re:
I don’t know about Carr, but I have no doubt Trump would manage to blame the burned hand on some “enemy” other than the stove.
Re: Re:
“Thanks Obama”
Re: It is not their hand on the stove
Except that’s not the way they do things. They’ll put your hand on the stove and when you tell them it hurts and they just say they didn’t feel a thing and continue on as if nothing happened.
"conditional approval"...
will no doubt be contigent on the level of baksheesh provided by the router manufacturer to the Trump Library fund…
There are no American made routers.
Re:
Very close to true, but not true. StarLink is an “American made” router, apparently.
Re:
Starlink?
I just assumed when I heard about this foreign router ban that the unspoken part was “unless you donate to Trump”
What happened to all those frothing second amendment types? Were they only yapping when it seemed to them like the government weren’t massive racists?
Here's what happens if this really goes through
Everyone in the US will be faced with higher prices and short supply, so they’ll keep running older/cheaper gear for as long as possible. Much of that older/cheaper gear is running abandonware, i.e., there will be no fixes for any bugs found in it, security or otherwise, because the vendor has declared it to be at EOL. And thus this move will, and I know this will come as a gigantic shock to everyone reading this, make the US less secure.
Are there any routers made in the U.S.A.?
Re:
Starlink is one.
Adtran & Calix are ones, since they moved manufacturing overseas to the us.
Re:
No. Because the base components, the circuit board and chips, cannot be made in the US at scale.
Re: Re:
That leads us to a more specific question: is it sufficient to be assembled in the U.S. from foreign-made components?
Although there are some domestically-made chips, and I doubt boards would pose any difficulty.
Even Netgear, Cisco and TP-Link manufacture their consumer routers in Asia. (Even the Trump Phone could have never been manufactured outside Asia, even to build an handful of them.)
And it would take decades to replace them, enough for the rest of the world to no longer want to be connected to the US.
Brendan, your days are counted because you’ll be fired even before RFK.
Extreme xenophobia with a dose of American exceptionalism
The idea that US-made equipment can’t have vulnerabilities is ridiculous. (This also flies in the face of numerous court rulings weakening the power of federal bureaucrats. Chevron is done and Auer is on life support.)
Re: The idea that US-made equipment can’t have vulnerabilities is ridiculous.
Especially in the post-Snowden era. The days in which “gentlemen do not open each others mail” in the US died decades ago. The vulnerability might not be a bug but a feature.
NATIONAL SECURITY and routers not made by Trump's billionaire buddies.
If you want a router, eBay is full of them, starting at around $5+s/h. Sure, Wi-Fi 8 isn’t quite there, but 802.11 is just fine with abgn.
Want to build your own? It takes longer to order MikroTik hardware (mainboard, radios) than to put them together to make a custom router. The hardest part is finding (or 3D-printing) a case. An RB9111 or the like is just bare bones and doesn’t need a license from Carr.
SDR Wi-Fi: https://github.com/open-sdr/openwifi
“The Net interprets censorship as damage and routes around it.” — John Gilmore
Ban MS Windows instead?
If the objective is to increase Internet security with no regard to secondary/downstream ramifications, then wouldn’t it make more sense to ban Microsoft Windows?
MS Windows has been responsible for more security issues than any other single factor pretty much since from the first day showed up on the Internet.
Re:
This. This. This is why I’ve banned all Microsoft products and services since Microsoft existed. I don’t care who wants them, I don’t care why, I don’t care what I’m told to do, I don’t care: the answer is “no” and it will never change.
Re:
The EU appears to be on track to doing so.
The latest move — just in the last week — is Germany mandating the use of only open source document formats for all government/public administration.
Re: Re:
Microsoft choose to be absent from that market, but they could certainly implement ODF if they wanted to. For that matter, they could probably open-source enough of Office and Windows to be accepted by Europe. (As people have been suggesting, for decades now, that Europe require. “Pay us money to have no rights whatsoever” is not something a sovereign nation should agree to.)
My thought is that with a captive US market, once Carr bans foreign competition, the few US based manufacturers will probably take a cavalier attitude to any kind of security because we’ll, where else can customers go? They’ll enshitify things and we’ll be just as if not more vulnerable, and that’s before they dema demand backdoors to boot
Re:
Could that get reversed?
Pennsylvania Street… aka Shakedown Street
How many routers does a data center need?
Reflashing the router firmware?
The radio drivers in all FCC/ETSI approved routers are already opaque BLOB machine code that have passed FCC/ETSI testing. The router’s operating system firmware doesn’t have such requirements. Many routers can be reflashed with an open source firmware, OpenWRT being the most common of those. A feature of Carr’s brain damaged policy may be a ban on replacing the vendor’s slopware with a tried, true, well-maintained and venerable alternative. That won’t make us safer or make routers better.
'We stopped testing for covid and the numbers went down, we cured covid!'
The administration claims to be worried about cybersecurity, but then goes out of its way to ensure domestic telecoms see no meaningful oversight whatsoever.
Ah but don’t you see, if a problem or exploited vulnerability is never reported because the company buries it to protect their profits then did it ever really happen or exist?
This is a bit misleading. There’ve been many many incidents (with actual CVEs etc) with routers, to the point that the Biden admin was considering banning TPLink. It’s a real issue.
Obviously, Trump doesn’t care about that at all. But it is worth mentioning that they’re profiting off corruption and self-dealing of a real problem, not one made up out of whole cloth. It’s still just as pretextual, and honestly, if anything it kind of makes it worse.
Re:
You mean the same incident in which the vast majority of effected devices were from American companies Cisco and Netgear? Fascinating how the Biden administration wasn’t “considering” banning them. Almost like the “consideration” was an entirely pretextual excuse to engage in legally dubious shakedowns.