A client forwarded me a message from her internet provider a few weeks back. It warned that certain router brands might have security issues and suggested she consider upgrading to a managed service. She wanted to know if she should be worried.
I looked at the message and told her two things. First, the warning is real and the underlying concern is legitimate. Second, the way this particular company wrote it was deliberately vague, designed to create just enough unease to push her toward paying for something she may or may not need. The two facts are not mutually exclusive, and that combination is worth unpacking.
What Started the Questions
On March 23, 2026, the FCC added all foreign-manufactured consumer-grade routers to its Covered List, which effectively bans new models from being imported or sold in the United States. The ruling cited documented cyberattack campaigns, most notably the Salt, Flax, and Volt Typhoon operations, where foreign-produced routers in homes and small offices were used as entry points to attack critical US infrastructure.
The brands affected read like a shopping list at Best Buy: TP-Link, Netgear, Asus, Linksys, Eero, Google Nest WiFi. All of them. Because virtually every consumer router on the market is manufactured outside the United States, the ban essentially covers the entire category of new product introductions until manufacturers either establish US-based production or receive individual conditional approval from the Department of Homeland Security.
Netgear has already received an exemption. Eero received conditional approval through October 2027. TP-Link, which holds roughly 65 percent of the US home router market, is still working through the process.
What This Does Not Mean
Before anyone calls me to ask if they need to throw their router in the trash, let me be direct: if you already own one of these devices and it is running fine, you are not required to do anything immediately. The FCC ruling grandfathers existing equipment. You can keep using your current router legally and indefinitely.
The ban prevents new foreign-made models from receiving FCC authorization going forward. What it does not do is criminalize the router sitting on your credenza right now.
There is, however, one real deadline buried in this that most of the coverage has glossed over. Manufacturers on the covered list have until March 1, 2027 to issue firmware updates to existing devices. After that date, unless they have secured a conditional approval, they cannot push software patches to devices already in the field. Which means a router that is fine today may gradually become a security liability as vulnerabilities emerge and fixes are no longer permitted.
Why This Matters for Your Business
What most business owners are not thinking about is the part I find most relevant for the professional services firms I work with.
The router sitting in your office is probably not the one that concerns me most right now. Business-grade networking equipment used in professional environments is generally managed differently and held to a higher standard than what you find in a consumer retail package.
What I am thinking about is the router in your employee’s home office.
You have probably had people working remotely for years now. They are accessing your systems, your client files, and your email through whatever networking equipment they set up in their living room. A lot of it is exactly the kind of foreign-manufactured consumer hardware that is now at the center of this national security discussion. Much of it has not been updated, assessed, or evaluated by anyone with any technical accountability for your business’s security.
I tell clients all the time: your security perimeter is not the four walls of your office anymore. It extends into every home where someone logs into your network. If that connection is running through a device with documented vulnerabilities and no path to a security patch after March 2027, that is a gap worth addressing.
My Honest Take
I have been watching the concerns around foreign-manufactured networking equipment for a long time. The documented attacks and vulnerabilities are real. Whether the current political moment is driving the timing of this particular ruling is a separate conversation I will spare you.
What I will say is that this is a good time to have someone take an honest look at your network, including your remote workers’ home setups, and give you a realistic assessment of where you actually stand. Not a sales pitch dressed up as a security warning. Just a straight answer about what you have, what the risks are, and what, if anything, you should actually do about it.
That is the conversation I am always happy to have.
Quick and Easy
The FCC banned new foreign-manufactured consumer routers in March 2026, citing documented national security threats. Existing devices are legally protected for now, but a March 2027 deadline for firmware updates means routers from affected manufacturers could become security liabilities. For professional services firms, the immediate priority is evaluating remote employee home networks, not just office infrastructure.
Lately it seems like good news is far and few between, so I’m pleased to be able to share this small glimmer of hope with you. The FCC has finally sworn in a fifth commissioner to break the deadlocked committee split 2-2 along party lines that has prevented the FCC from doing practically anything since Biden took office in 2021. Shortly after the fifth commissioner was confirmed, the FCC chair announced their plans to reinstate Net Neutrality, something we have written about here numerous times before.
What this means for you
The previously Republican-tilted FCC under the previous president’s leadership was perhaps best known for repealing the Net Neutrality rules adopted in 2015 which were established to frame internet and mobile bandwidth as a utility, giving the FCC regulatory oversight to ensure fairness and availability of what is inarguably an essential service for everyone. This decision was widely viewed as favoring corporations over people, resulting in numerous and sometimes grotesque exercises in being “off the leash” including an incident where Verizon throttled the Santa Clara Fire Department’s bandwidth during the worst fire emergency in California’s history, and then proceeded to upsell them on a better data plan instead of behaving like normal human beings. Normally disputes like this would have been settled quickly by the FCC, but without a fifth commissioner to break what was likely to be a partisan tie, the industry was left to self-regulate, which led to a lot of, “We investigated ourselves and found ourselves not guilty.” Before you get out the champagne, these plans are a long way from being implemented, but now with a Democrat as the tiebreaker, there may be opportunities for consumer interests to be valued ahead of corporations in a critical regulatory agency, if only for a little while.
Image courtesy of dream designs at FreeDigitalPhotos.net
Despite the recent setbacks the Republican-controlled congress suffered in the healthcare reform arena, they managed to pick themselves up off the mat and delivered a solid drubbing in another area of consumer interest: internet privacy. Following a 50-48 Senate vote, the House passed 215-205 a “joint resolution of congressional disapproval” of the rules put in place by the FCC in October of last year to govern how internet service providers would be required to handle the piles of data they collect on your internet usage. Implementation of these rules, set to take effect in December of this year, were intended to make sure ISP’s handled your data with full transparency and clearly visible warnings (no fine text agreements) as well as protecting it via industry standard security. Proponents of the bill contend that the FCC overstepped its authority with rules that would be confusing and costly to enforce, arguing successfully that the FTC would be better suited to protect consumer and business interests in this area.
Why should this be important to me?
It’s important to understand a few things:
- Search engines like Google, Bing and Yahoo have been making money off your search history for years.
- ISP’s have probably been doing the same, but have likely been less forthcoming about it than the above companies.
- Your data, however mundane or irrelevant you believe it to be, is extremely valuable to every industry.
- In most cases, you can opt out of a vendor’s usage of your data, but you have to request it. You are opted in by default with most ISP’s and cellular carriers.
- Very few people in the US have more than two choices in internet service. It is essentially impossible to “switch” to a provider that operates with your best interests in mind.
- There are ways to secure your privacy despite your ISP’s practices, but they are fairly technical, not consumer friendly, and definitely not foolproof.
Have a look at how your senators and representatives voted on this measure. For the record, both California Senators and my House Representative voted “Nay” on this measure, but if your congress-critter’s view on this matter did not match yours, you should probably do something about that. Regardless of where you stand on the privacy issue, you should know that despite the FCC ruling last year, the rules they intended to enact never went into effect, and pending the President’s signature, likely never will, at least via the FCC’s hand as this joint measure also specifically forbids the FCC from attempting something like this again – also unlikely in the near future given the new Chair’s deregulation leanings.
For the moment, nothing has changed. If you are interested in how your ISP treat’s your privacy, you should read their posted privacy policy. You might want to have a big cup of coffee and a lawyer handy though, as the reading is definitely on the heavy side.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Several large and very popular websites, including Netflix and WordPress will be participating in an event known as “Internet Slowdown Day” on September 10th. The event, organized by several consumer advocacy groups, is being held to raise public awareness in the ongoing Net Neutrality debate and the imminent deadline (Sept 15) for public comments on the FCC’s proposed guidelines that govern how internet service providers operate. Chief among the concerns many have with the FCC’s proposal are the plans to allow ISP’s to establish premium fastlanes for content providers who can afford to pay extra. The easiest way to imagine how this might work is picturing someone paying to jump to the front of the line at a crowded amusement park.
What this mean for you:
In terms of September 10th, the various participants (this website included) aren’t actually slowing down delivery of content. Instead, they will be showing their support for Net Neutrality by prominently displaying various text and images that “simulate” what the internet would be like without Net Neutrality. Though it takes various forms depending on the platform and device on which it appears, everyone is intimately familiar with the “Loading, please wait…” animation. Regardless of how colorful, fancy or soothing it may try to appear, waiting for something to load is always aggravating and inconvenient. If you are still unsure what the fuss is about have a look at this video. It’s not the most objective of presentations, but it does a good job of explaining why Net Neutrality is worth preserving.
A secret war is being fought in the internet industry right now, but unless you are a die-hard student of all things tech, you might not even know it’s taking place. The more conspiratorial-inclined among us accuse the mainstream media of avoiding coverage of this debate because of their close ties to the opponents of net neutrality, but it’s also a very complex, “unsexy” topic that is hard to explain in easily digestible soundbites.
The principles of “network neutrality” have been the subject of hot debate for over a decade now, but as of yet, there has only been one highly publicized incident of a company actively “violating” the basic tenet of net neutrality, which is that all data on the internet should be treated equally, both in terms of accessibility (can I see it?) and how quickly it loads. For Americans, censorship is a hot-button topic, so the accessibility issue isn’t normally included in the ongoing debate. What’s at stake is whether internet service providers like Time Warner, Comcast and AT&T can charge content providers (NetFlix, Google, Spotify) more because they use so much data, and if those companies refuse to pay the premium, would their bandwidth be throttled, lowering the quality and/or value of the service itself.
Another aspect of this debate is whether the US Government (or any government, for that matter) should regulate the internet like a utility. Both sides of the net neutrality fight are of mixed opinion on this. Some argue this would encourage (enforce) competition in the ISP market, and would allow oversight into ensuring net neutrality was observed, but as many others have pointed out, this didn’t work so well for the telecomm industry the first time we tried this. The other thorny facet of this issue is the plain fact that the internet is not owned nor controlled by any one country, though it could be argued that the US holds a “majority stake” in its creation and continued wellbeing.
What this means for you:
Today, the FCC has presented a plan that many feel completely undermines network neutrality by providing a “regulated” means for ISPs to create “fast lanes” of service into which content providers may opt, and if they do not, presumably their content would be delivered via the “normal lanes”. If no one opted into the fast lanes, this would be a moot point, but as you all know, in business, those who get to the finish line first win, and everyone else, regardless of whether they finish at all, lose. Even the most altruistic of companies (Google maybe?) are willing to get their claws out when it comes to competing, and being slow on the internet is the difference between being Facebook or being MySpace.
In my opinion, network neutrality is a concept worth understanding at minimum, and if you take the long view on improving our civilization, an important principle that should be upheld. Competition is what made America great once, and it is what created the amazing technology we have now, including the internet. Creating tiers of accessibility and quality within a service that most would view as a fundamental need (if not right) might end up creating a version of the internet (at least in America – imagine the irony) that is the antithesis of internet that is spreading information, freedom and equality around the world.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
You might not have realized this, but in 2012, US Copyright Office let an exception to the Digital Millenium Copyright Act (DMCA) expire that suddenly made it illegal to unlock a cellphone you owned, for the purposes of using it with a different carrier. Passed in 1998, the DMCA covers many areas of modern technology, but the exception essentially allowed consumers to unlock phones like the Apple iPhone themselves, as opposed to purchasing a (much more expensive) unlocked phone or asking/paying the carrier to unlock the phone for you after you’ve paid for the phone through a subsidized contract. Though the exception lapsed late last year, the Whitehouse and the FCC have both issued statements urging Congress to legalize unlocking.
What this means for you:
In the US, unlocking your smartphone doesn’t have quite the same value as it does in other parts of the world, primarily because the two largest carriers operate networks that use two different technologies that are not found in any one phone. For example, if you had an AT&T iPhone, you can’t unlock it and move to Verizon, because the actual hardware will only work on GSM networks (Verizon is a CDMA-based network) but you could use it on T-Mobile’s network. The carriers aren’t really interested in seeing the exception renewed, primarily because it narrow’s consumer choice and “locks” unknowning customer with technology that, while simple to crack, is technically illegal to actually do without the carrier’s permission.
The issue rarely surfaces for most consumers anyways, as the carriers offer “free” or heavily discounted phones (with a multi-year contract, of course!) to “new” customers, so most opt to get something shiny and new, versus unlocking their 2-year old phone. The issue here is really more centered around protection of consumer rights and the fact that if you own something, you should be able to do whatever you want with it as long as it isn’t impacting the well-being of others. Unfortunately, the Whitehouse and the FCC can’t do anything about the DMCA or renewing the exception because the Copyright Office is governed by Congress. And we all know how productive they’ve been lately.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net