Sen. Wyden urges FTC to access classified info to combat foreign hacks

Sen. Ron Wyden (D-Ore.) is urging the Federal Trade Commission (FTC) to request top security clearance and collaborate closely with the intelligence community so it can effectively protect Americans’ data from foreign hacks.

In a letter addressed to the FTC and the Office of the Director of National Intelligence (DNI), Wyden called on the intelligence community to share classified information with the agency so it could better detect and secure data that is likely to be targeted by foreign hackers. 

Wyden, who chairs the Senate Finance Committee, said he was concerned that the FTC was not “meaningfully participating” with the intelligence community on efforts to prevent U.S. data from being stolen by foreign governments such as China. 

“The U.S. government cannot protect Americans’ privacy and U.S. national security from the serious threat posed by sophisticated foreign hackers if the FTC does not have a seat at the table,” Wyden said. 

Wyden added that data breaches, which contain sensitive information about Americans and their personal lives, could also be used for espionage and disinformation campaigns.

Wyden said he was made aware of the issue after the FTC informed him that only four staffers currently have top-secret clearances, which are necessary for the agency to do its job more effectively. 

“Most troubling, the FTC confirmed to my office that no staff in the agency’s Division of Privacy and Identity Protection, who conduct investigations into data security and privacy cases, have even a Secret clearance, which is effectively the lowest level of federal clearance,” Wyden added. 

The FTC also told his office that while it has participated in discussions with the DNI, the FBI and other intelligence agencies, the conversation stayed at the “general level” and did not include sharing classified information. 

The letter comes a day after the FTC said it planned to take action against Drizly, an alcohol delivery app, and its CEO, James Cory Rellas, for failure to secure the company’s data security.

The FTC alleged that the company and Rellas were notified of the security issues two years prior to a 2020 breach but failed to take action. The agency said the company’s security failures exposed the personal data of about 2.5 million customers.

“Our proposed order against Drizly not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement. “CEOs who take shortcuts on security should take note.”

This also follows the Department of Justice announcement on Monday that it was charging Chinese nationals with espionage, obstruction of justice, harassment and stealing sensitive U.S. technology.