HR 1709 Introduced - Mobile Cybersecurity Report
Last month, Rep Landsman (D,OH) introduced HR 1709, the Understanding Cybersecurity of Mobile Networks Act. The bill would require the Department of Commerce to prepare a report to Congress on that examines “the cybersecurity of mobile service networks and the vulnerability of such networks and mobile devices to cyberattacks and surveillance conducted by adversaries.” No new money is authorized by this bill.
This bill is essentially identical to the version of HR 1123 that was passed in the 118th Congress. That bill was introduced by Rep Eshoo (D,CA) in February of 2023. The bill was considered in the House without being acted upon by the House Energy and Commerce Committee. The bill was considered under the suspension of the rules and passed on March 7th, 2023 and passed by a bipartisan vote of 393 to 22.
Definitions
Section 2(f) of the bill defines eight key terms used in the legislation, two of which are defined by reference to existing statute. The key technical term used in this bill is ‘mobile service’, the two components of which are defined in 47 USC.
The Report
Section 2(b) outlines the matters that DOC is expected to address in the report. These include:
An assessment of the degree to which providers of mobile service have addressed, are addressing, or have not addressed cybersecurity vulnerabilities identified by academic and independent researchers, multistakeholder standards and technical organizations, industry experts, and Federal agencies,
A discussion of the degree to which customers (including consumers, companies, and government agencies) consider cybersecurity as a factor when considering the purchase of mobile service and mobile devices,
A discussion of the commercial availability of tools, frameworks, best practices, and other resources for enabling such customers to evaluate cybersecurity risk and price tradeoffs,
A discussion of the degree to which providers of mobile service have implemented cybersecurity best practices and risk assessment frameworks,
A discussion of the barriers for providers of mobile service to adopt more efficacious encryption and authentication algorithms and techniques and to prohibit the use of older encryption and authentication algorithms and techniques with established vulnerabilities in mobile service, mobile communications equipment or services, and mobile phones and other mobile devices,
An estimate and discussion of the prevalence, usage, and availability of technologies that authenticate legitimate mobile service and mobile communications equipment or services to which mobile phones and other mobile devices are connected,
An estimate and discussion of the prevalence, costs, commercial availability, and usage by adversaries in the United States of cell site simulators (often known as international mobile subscriber identity catchers) and other mobile service surveillance and interception technologies.
The report is also specifically required to include an estimate and discussion of the prevalence and efficacy of encryption and authentication algorithms and techniques used in each of the following:
Mobile service,
Mobile communications equipment or services
Commonly used mobile phones and other mobile devices, and
Commonly used mobile operating systems and communications software and applications.
The bill would specifically preclude DOC from the consideration of 5G protocols and networks in the report. The report would be produced in unclassified form with a classified annex. The legislation would also require DOC to “redact potentially exploitable unclassified information from the report required by subsection (a) but shall provide an unredacted form of the report to the committees described in such subsection”.
Moving Forward
The House Energy and Commerce Committee held a business meeting on March 4th, 2025, to consider eleven bills, including HR 1709. This bill was ordered reported favorably (without amendment) by a voice vote. Once the report is published, the bill would be cleared for consideration by the whole House. The bill would almost certainly be considered under the suspension of the rules process (limited debate, no floor amendments, and a supermajority would be required for passage).