May 2015

The Lifeline program was established in 1985 to help low-income Americans afford access to vital communications. But as communications technologies and markets evolve, the Lifeline program also has to evolve to remain relevant. Today, we take the first step in that process. I am circulating new proposals to “reboot” Lifeline for the Internet age.

First, we propose to make Lifeline more efficient and impactful by establishing minimum standards of service for voice and broadband, so both beneficiaries and those who pay into the fund can know that they are getting the best value. But establishing minimum service levels is not enough to ensure that this program is serving its core mission. We also propose an overhaul of the way we determine eligibility for Lifeline. Currently, Lifeline providers are responsible for ensuring eligibility, a situation that invites waste and fraud while burdening those providers who do want to comply. We also ask about ways to target the Lifeline subsidy to those low-income consumers most in need of the support, which is one of the reform principles advanced by my colleague Commissioner Michael O’Rielly. We also seek comment on how to encourage more providers to participate in the program, increasing competition and consumer choice on price and service offerings. Getting Lifeline reform right won’t be easy. Fortunately, Lifeline reforms adopted in 2012 put the program on stable footing and laid the foundation for a comprehensive overhaul. I look forward to working with my colleagues to resolve the difficult questions before us. In particular, I want to commend Commissioner Mignon Clyburn for driving the important effort to further eliminate waste in the program and re-focus the program to better serve those who need it most.

Another week, another dire warning about the technology used to secure online communications. Internet security researchers are warning about a previously undisclosed vulnerability that affected all modern Web browsers -- a weakness that could allow an attacker to snoop or even change communications thought to be secure. The origins of the problem can be traced to the 1990s, when the government waged a policy debate know as the "Crypto Wars" over the digital technologies now widely used to keep online communications safe. But the debate, once counted as a win by privacy advocates, is now raging again -- and technologists warn it could have similarly dire consequences.

The government classified encryption -- a process that scrambles up information so that only those authorized can decode it -- as a munition and tried to limit the spread of the most robust forms outside the United States through strict export rules on military technologies. But even though the United States reversed course by the end of the decade, the rules were so ingrained in technologies that make the Web run, they're still causing problems today. Long after the most restrictive export rules on encryption have been lifted, the legacy of that policy is still leaving Internet users around the world less secure, experts say.

The cable and broadband deals will soon be lining up at the Federal Communications Commission -- Charter/Time Warner Cable and now Avago/Broadcom -- with the shot clock yet to restart on the FCC’s vetting of the AT&T/DirecTV deal, though that does not mean the merger-review team is not vetting the deal. The clock has been stopped since March -- on day 170 of the informal 180 deadline -- at the time ostensibly to let a federal court decide the issue of access to third-party contracts. That was decided a month ago. Apparently, the clock is a guideline and can be stopped for other reasons outside the FCC's control, like still needing more documents.

The American Civil Liberties Union is calling on federal officials to make it easier for people to report security flaws in government computer systems, including by offering rewards. The group told the Department of Commerce Internet Policy Task Force in a letter on May 27 to provide financial incentives for security researchers who bring flaws to the government's attention. Such rewards are common practice at large tech firms. “For far too long, researchers who discovered a security vulnerability have had to make a difficult choice: do the right thing -- by telling the company responsible for the software or warning the general public -- or sell the vulnerability, often to a government, which would then quietly exploit that flaw for its own gain,” the group said in its letter. “In an effort to disrupt this shadowy grey market and to provide some financial reward to researchers who notify the responsible vendor or developers, some leading technology companies have created 'bug bounty' programs.” The civil liberties group noted that the US government often pays researchers for vulnerabilities so that federal law enforcement can exploit them -- but does not offer payment for simply notifying developers about flaws in their work.