Chairman Response Regarding Unlawful Use of Cell Phones
FEDERA L COMMUNICATIONS C O MMI S SI O N
August 1, 2014
The Honorable Alan M. Grayson
U.S. House of Representatives
430 Cannon House Office Building
Washington, D.C. 20515
Dear Congressman Grayson:
Thank you for your letter regarding the vulnerability of telephone calls to unlawful
intercepts conducted by criminals and foreign governments. In your letter, you posed several
questions about the vulnerabilities the illicit and unauthorized use of"IMSI catchers" and other
surveillance technologies pose to the security of our cellular communications networks, as well
as consumers' expectation of privacy. I appreciate your inquiry and welcome this opportunity to
address your specific questions.
1. Does the FCC have any evidence that IMSI catchers and similar cellular interception
technology have been used by private entities or foreign governments to spy on the public,
companies, policy makers or Members of Congress?
Media reports of private, non-U.S. law enforcement entities or foreign governments using
devices such as IMSI catchers to spy on law-abiding American citizens are of grave concern to
me. Such uses are clearly illegal. We are not aware of any specific instances of private entities
or foreign governments using these devices to intercept telephone calls. Because the Department
of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the Department of Homeland
Security (DHS) serve as the expert agencies regarding federal criminal investigations and
counterintelligence and possess the necessary enforcement authority and experience with IMSI
catchers, I defer to their expertise on the extent to which private entities and foreign governments
may be using IMSI catchers for espionage purposes.
2. Do the FCC's existing legal authority permit it to force the wireless carriers to upgrade
the security of their networks in order to secure their subscribers' conversations from
criminals, private parties or foreign governments using commercially available
The FCC's responsibility to protect national security and to promote public safety and
network security is fundamental, and our mandate is codified in the Communications Act. In
particular, Title 111 of the Act charges the Commission with the responsibility to "maintain the
control for the United States over all the channels of radio transmission" and to regulate the use
and operation of any device that transmits signals by radio. In short, the FCC has the statutory
authority to address the threat posed by illicit IMSI catchers and to work closely with industry on
Page 2-The Honorable Alan Grayson
mechanisms to secure our nation's wireless networks and to ensure the privacy of consumers'
conversations. So long as I am Chairman, we will work diligently and strategically with all
stakeholders to leverage the agency's expertise and fulfill these responsibilities.
Along these lines, I have recently established a task force to initiate immediate steps to
combat the illicit and unauthorized use ofiMSI catchers. The mission of this task force is to
develop concrete solutions to protect the cellular network systemically from similar unlawful
intrusions and interceptions. The task force can also leverage the agency's risk responsibility
with our federal partners at DOJ, FBI, and DHS in order to clamp down on the unauthorized use
of these devices and promote consumer privacy.
3. What steps, if any, has the FCC taken to require that wireless carriers upgrade their
networks and the phones they sell to the American public to use up-to-date, secure
The Commission has worked closely with the National Institute of Standards and
Technology (NIST) and industry bodies to develop cryptographic standards. We have further
charged the Communications Security, Reliability, and lnteroperability Council (CSRIC), an
FCC federal advisory committee, with developing measurable, accountable, marketplace-driven
cybersecurity risk management processes based on the NIST Cybersecurity Framework. This
will include, as one of its elements, ensuring the security of data in transit. We also have been
working to mitigate cyber threats through the industry's Cyber Security Working Group
(CSWG). Through this collaborative partnership, consumers have been advised to keep their
mobile devices' operating system (OS) and applications updated to the latest version. These
updates often fix problems and possible cyber vulnerabilities associated with outdated
technologies and security software.
4. What steps, if any, has the FCC taken to inform the American public that its cellular
communications can be intercepted by criminals, private parties, and foreign
governments? If the FCC has not attempted to inform the public about these risks, why has
it not done so?
Through its ongoing mission to educate and inform consumers, the FCC has released
several consumer publications aimed at increasing consumer awareness of the risks that may
arise in using those goods and services, including a collection of consumer guides and
publications addressing the issue of privacy and online security. For example, our guide on
Mobile Wallet Services Protection provides helpful tips on how to safeguard smartphones,
mobile wallet applications, associated data, and mobile wallet services. In addition, we have a
guide on Interception and Divulgence of Radio Communications, which discusses provisions of
the Communications Act that affect the manufacture of equipment used for listening to or
receiving radio transmissions. The guide further notes that persons with concerns regarding the
interception and divulgence of radio communications can file a complaint with the FCC. Lastly,
The Honorable Alan Grayson
FCC staff frequently addresses privacy and cybersecurity issues regarding communications
goods and services in its outreach and consumer education events.
5. What steps can Members of Congress and the American public take today to protect
their cellular telephone calls and text messages from interception by criminals, private
parties and foreign governments?
I would encourage you and your colleagues in Congress to utilize resources the
Commission has made available to educate and inform regarding communications goods and
services, as outlined above. Because the integrity of our nation's infrastructure and the privacy
of consumers are under constant threat, the Commission remains vigilant in its efforts to update
our consumer publications and take the necessary steps to safeguard our nation's
communications in coordination with other federal agencies and the industry at large.
I appreciate your bringing these important public safety matters to my attention. Please
let me know if I can be of any further assistance.
Note: We are currently transitioning our documents into web compatible formats for easier reading. We have done our best to supply this content to you in a presentable form, but there may be some formatting issues while we improve the technology. The original version of the document is available as a PDF, Word Document, or as plain text.