October 25, 2022

Wyden: FTC Privacy Regulators Need Top Security Clearances and Classified Briefings to Protect Americans from Foreign Hacking Threats

In Letter to Federal Trade Commission and the Office of the Director of National Intelligence, Wyden Calls for FTC Officials To Receive Access to Classified Threat Intelligence About Cybersecurity Threats; Regulators Need Best Information About Security Risks To Protect Americans

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., today called for more top-level security clearances for Federal Trade Commission officials, particularly those responsible for investigating corporate data breaches and crafting privacy rules, to better protect Americans against foreign hackers and other threats to security and privacy. 

As the primary federal regulator for data privacy and security, the FTC has responsibility and power to direct companies to strengthen their security practices to protect Americans’ personal information. However, the FTC has only four staff with the highest-level security clearance, known as Top Secret/Sensitive Compartmented Information (TS/SCI), the agency told Wyden’s office. The FTC’s Chair and Commissioners do not have TS/SCI-level clearances, and staff in the FTC’s Division of Privacy and Identity Protection, which conduct the agency’s investigations into data security cases do not even have a Secret-level clearance, the FTC said. As a result, FTC staff have not participated in classified interagency discussions on cybersecurity threats.

The U.S. government cannot protect Americans’ privacy and U.S. national security from the serious threat posed by sophisticated foreign hackers if the FTC does not have a seat at the table,” Wyden wrote, in a letter to FTC Chair Lina Khan and Director of National Intelligence Avril Haines.

The DNI should expand its cooperation with the FTC and invite FTC staff to classified briefings. The DNI should also identify for the FTC the kinds of datasets that are being or are likely to be targeted by foreign hackers. With this information, the FTC could then identify the companies that hold such data, scrutinize their security and, if it is found lacking, force the firms to shore up their security before they are hacked,” Wyden wrote.

The Chinese government in particular has been publicly identified by the Department of Justice as perpetrating hacks of major databases of Americans' private information, including Anthem, Equifax, Marriot, and the Office of Personnel Management. Together, this data provides a wealth of intelligence for foreign spies looking to undermine U.S. national security or target individual Americans. Providing the FTC with visibility into these threats could enable it to take action against companies with lax cybersecurity and prevent the next mega-hack from taking place, Wyden noted.

Read the full letter to the FTC and ODNI here.

###

Press Contact

Keith Chu