FCC appears to assume new posture on security

*Updated at 6:41 with FCC comment.*

In rare commentary on a private sector security incident, the Federal Communications Commission (FCC) issued a concerned statement Thursday about an AT&T privacy error that reportedly allowed intruders to access the e-mail addresses of 114,000 iPad users, noting that such events "violate consumer privacy" and "undermine trust in America's communications infrastructure."

Jamie Barnett, the agency's public safety chief, said he is "concerned" about reports of a security breach to AT&T's network "that exposed the personal data of more than a hundred thousand iPad users."

The choice to issue a statement breaks with the FCC's usual posture toward security incidents. A major privacy breach by Google, in which the Internet company collected user data traveling over Wi-Fi networks, did not prompt an FCC statement despite raising alarm bells all over Capitol Hill. 

The different treatment of Google and AT&T is sure to raise eyebrows, as the search giant is often pegged as a darling of the administration. Google has supported many of the FCC's initiatives, including net neutrality, while AT&T has spent millions of lobbying dollars trying to run them into the ground. 

One possibility, however, is that the distinction lies in the difference between a cybersecurity breach effected by intruders and a privacy breach allegedly carried out by accident. The FCC has pushed to forge a role for itself in cybersecurity issues as various parts of the federal government--from the Justice Department to the Defense Department--scout out ground on the issue. 

The FCC devoted a chunk of the National Broadband Plan to cybersecurity and has proposed a cybersecurity certification program for access providers. 


An FCC spokesman weighed in that the AT&T incident appears to be an intentional cybersecurity breach and that it made the statement as part of its ongoing attention to security matters. He said the agency's cybersecurity efforts have also included a push for outage reporting and realtime monitoring for breaches. He declined to comment on Google.

"These are complex matters with a number of variables factored in and it clearly shows the need for increased cyber security measures in various sectors of America," he said. "It will take a national effort to make this work."