Sponsors (5)
The bill improves federal understanding and oversight of mobile-network cybersecurity and could prompt stronger protections, but does so with limited public technical transparency, a narrowed scope that excludes 5G and some emerging vulnerabilities, and modest administrative costs.
Federal lawmakers and oversight committees (Congress and committee staff) will receive a comprehensive, unclassified assessment (with classified annex and unredacted committee access) about mobile-network cybersecurity within one year, improving oversight and policy-making.
Mobile users and the tech sector will benefit because the report's identification of gaps and barriers to stronger encryption and authentication could spur policy and industry actions that improve data security for mobile users.
Consumers and small businesses will get clearer information about encryption, authentication, and surveillance technologies that can help them make better purchasing and risk-management decisions.
Small businesses, tech workers, and other users relying on current networks may be left exposed because the report explicitly excludes 5G protocols and networks, narrowing scope and leaving many current-generation vulnerabilities unassessed.
Security researchers and the public will face reduced transparency because the public report will redact exploitable technical details, limiting external analysis and accountability.
Consumers could remain at risk because the report limits assessed vulnerabilities to those already exploited outside labs, potentially omitting emerging but plausible risks and delaying mitigations.
Based on analysis of 2 sections of legislative text.
Requires the Assistant Secretary of Commerce for Communications and Information, in consultation with the Department of Homeland Security, to produce a public report within one year assessing the cybersecurity of mobile service networks and mobile devices, including vulnerabilities, mitigations, and the prevalence and use of interception/surveillance tools. The report must be unclassified (with an optional classified annex), redact potentially exploitable unclassified details from the public version while providing an unredacted copy to specified congressional committees, and must consult federal agencies, standards bodies, industry, researchers, and other experts. The assessment must cover how providers addressed known vulnerabilities, use of encryption and authentication, barriers to stronger protections, availability and use of technologies that authenticate legitimate mobile equipment, and the prevalence and cost of cell-site simulators and similar interception technologies; it explicitly excludes 5G protocols/networks and limits findings to vulnerabilities observed or feasible in real-world (non-lab) conditions.
Introduced February 27, 2025 by Greg Landsman · Last progress July 15, 2025