Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies

The Federal Communications Commission voted 2-1 along party lines on Thursday to scrap rules that required U.S. phone and internet giants to meet certain minimum cybersecurity requirements. The FCC’s two Trump-appointed commissioners, chairman Brendan Carr and his Republican colleague Olivia Trusty, voted to withdraw the rules that require telecommunications carriers to “secure their networks from unlawful access or interception of communications.” The Biden administration had adopted these rules prior to leaving officeearlier this year. The FCC’s sole Democratic commissioner, Anna Gomez, dissented. In astatementfollowing the vote, Gomez called the now-overturned rules the “only meaningful effort this agency has advanced” since the discovery of a sweeping campaign by a China-backed hacking groupcalled Salt Typhoonthat involved hacking into a raft ofU.S. phone and internet companies. The hackers broke into more than 200 telcos, including AT&T, Verizon, and Lumen, during the years-long campaign to conduct broad-scale surveillance of American officials. In some cases, the hackerstargeted wiretap systemsthat the U.S. government previously required telcos to install for law enforcement access. The FCC’s move to change the rules sparked rebuke from senior lawmakers, including Sen. Gary Peters (D-MI), the ranking member of the Senate Homeland Security Committee. Peters said he was “disturbed” by the FCC’s effort to roll back “basic cybersecurity safeguards” and warned that doing so will “leave the American people exposed.” Sen. Mark Warner (D-VA), the ranking member of the Senate Intelligence Committee, saidin a statementthat the rule change “leaves us without a credible plan” to address the basic security gaps exploited by Salt Typhoon and others. For its part, the NCTA, which represents the telecommunications industry,praisedthe scrapping of the rules, calling them “prescriptive and counterproductive regulations.” But Gomez warned that while collaboration with the telecommunications industry is valuable for cybersecurity, it is insufficient without enforcement. “Handshake agreements without teeth will not stop state-sponsored hackers in their quest to infiltrate our networks,” said Gomez. “They won’t prevent the next breach. They do not ensure that the weakest link in the chain is strengthened. If voluntary cooperation were enough, we would not be sitting here today in the wake of Salt Typhoon.” Topics Security Editor Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter,this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, [email protected]. StrictlyVC concludes its 2025 series with an exclusive event featuring insights from leading VCs and builders such as Pat Gelsinger, Mina Fahmi, and more. Plus, opportunities to forge meaningful connections. Anduril’s autonomous weapons stumble in tests and combat, WSJ reports This Thanksgiving’s real drama may be Michael Burry versus Nvidia The future will be explained to you in Palo Alto Why ‘hold forever’ investors are snapping up venture capital ‘zombies’ Altman describes OpenAI’s forthcoming AI device as more peaceful and calm than the iPhone OpenAI learned the hard way that Cameo trademarked the word ‘cameo’ US banks scramble to assess data theft after hackers breach financial tech firm