C (3:35)

I think you've done your time on that, as they would say.

B (3:38)

It's much easier, you know, on a cybersecurity thing or it's rare that anybody's going to die based on my advice, which is kind of where I want to be.

C (3:49)

Yes, yes, no, no life or death situations here. What was your experience with the First Net program while you were at dhs?

B (3:57)

Well, we were there before Its, its initial instantiation on my first, you know, experience with it was really the, the post Katrina review. Our communications responses, you know, failed miserably. And a large fraction of that was that we simply didn't anticipate either the scope and scale of the destruction to the communications networks or the diversity of communications platforms that were used by first responders, emergency responders across the nation. And so when I left in 2009, we were just at the beginning of trying to put together a FirstNet response capability. Since that time I've followed it as an interested person. I've consulted relating to FirstNet and other telecoms issues with the whole, with a host of, of interested parties, if you will. And so I guess you would say that at this point I am a, an experienced consumer of FirstNet information and an interested observer. But you know, the most recent, you know, iterations of it all began after my, my time in with the U.S. government.

C (5:22)

Mm. Well, it's about to go another iteration actually because Congress literally yesterday the House of Representatives voted to unanimously reauthorize it through 2037 with some caveats and changes to, to the program. But I mean, how does that longer Runway strategically kind of change for nationwide planning for public safety officials and communications? Does it kind of reduce uncertainty for state and local adopters?

B (5:51)

You know, long runways have a positive and a negative impact? The positive impact is like a better planning certitude, better ability to make a long term strategic set of choices. The downside of it, which is always the trade off that you have to worry about is long term reauthorization is long term lock in. It means less nimbleness, less ability to take advantage of new technologies, whatever they might be. I mean irrespective of current technologies you and I can't see around the future corner. And so we don't know what's next. We don't have a real sense, for example, of how deployed artificial intelligence might impact communications technologies. You know, I mean, I have some guesses, but I honestly don't know because that's not a domain where we've really moved very far. And, and so a long term lock in can have both benefits and, and costs.

C (6:55)

I think in addition to reauthorizing it through 2037, Congress has also expanded like allowable reinvestments so to, to keep pace with kind of like the wireless innovation that we're, we're talking about. And it seems like the, those changes need to be critical and built into this. It seems like this long term reauthorization contract in that this telecommunications, especially because it is relied upon so heavily by public safety officials all across the country, it does kind of need to be keeping pace with technological advancements, whether it's adopting artificial intelligence tools, whether it's upgrading its cybersecurity software to keep pace with any type of innovation or threats that are happening in that space. What do you see as some of the technology that this type of system needs to be abreast of?

B (7:46)

Well, I mean, you've already mentioned the two that are top of mind for any reasonable observer, which is, you know, impacts of cybersecurity changes since the inherent security of the network is critical, and then impacts that might arise from the deployment of artificial intelligence systems. You know, I guess I would add to that, you know, we keep going through 3G, 4G, 5G, 6G, 7G, 8G, 9G, you know, however many GS we

C (8:17)

want to get to triple GS, triple

B (8:19)

GS, those are, those are always, you know, impactful changes that, that relate to reliability and coverage in ways that, you know, again are kind of hard to foresee and they require obviously investment. I guess one of the things that I think about the reauthorization is that reinvestment by a sole source provider is one thing. I think competition is another way of spurring reinvestment. And as we go forward, I'm kind of monoculture risk is real. If we rely exclusively on a single FirstNet system, a single FirstNet provider, we run grave risks. We saw that, what was it, 2024 in February, a nationwide outage. Right. Happily, you know, nobody died or nobody I think died. I don't think we can say anybody died because of, but you know, there but for the grace of God go we. And it is one of the things that I would kind of want to see more of in the pending legislation is a broadening of the lens of service providers and a broadening of the lens of, of allowable reinvestment to include reinvestment in competitor technologies or parallel capabilities. I don't think that parallel capabilities are often a formula for redundancy and cost, but in mission critical pieces of the pie they're also a formula for continuity of operations, continuity of government, continuity of services. So yeah, that balance, I think we should spend a little more time, I think rethinking that.

C (10:05)

You are certainly not alone in trying to advocate for more competition and not relying on a sole service provider. Throughout the discussions and debates and subcommittees, AT and T fought hard to really argue that it should be the sole provider. But in the end, I think Congress figured that rather than renegotiate and take on a lot more bids, it was going to continue with AT&T. However, with some caveats, the, you know, National Telecommunications and Information Administration is now going to operate as an oversight committee for, for FirstNet and for this authority and to kind of ensure that there are guardrails. The new provisions require detailed performance reporting, you know, cybersecurity disclosures, outage notifications within 30 minutes and NTIA appro approval of AT&T's disaster recovery plans should something like Hurricane Katrina or any of the numerous disasters take place and impact any of the hardware or software that AT and T is operating with FirstNet. Do you think that kind of highlights the concern that Congress has about what we were just talking about, having a single service provider, the new changes and the new requirements that are mandated with this new legislation?

B (11:22)

Well, you know, I mean, it's a great question because obviously all of what you said is better than what was before, right? Which is, which is a sole source provider who was operating with relatively little oversight and control. And you know, any degree of, of oversight and control that is, is supplemented is a good thing. That having been said, you know, it's a, it's kind of an almost iron rule of regulatory oversight that there's a whole regulatory capture, a whole literature about regulatory capture and how sole source providers capture their overseers. In a way, there's revolving door concerns. And all of that is not to say that there's anything evil or bad happening, anything malicious, which is another layer of risk that oversight can mitigate, but doesn't completely mitigate, but simply to say that if you trust the capacity of government to manage an industrial system, then oversight's great. The kind of fundamental tenet of capitalism is that the government doesn't fully have that capacity. I don't want to overstate it, but government oversight is actually a good thing in many instances. But we also believe that competition is a valuable instantiation and the best approved oversight and cybersecurity plans still have flaws in them. And so long as we have a single source, we're at a single point of failure. I was thinking about this the other day when Claude announced the project glasswings and the Mythos AI program and its ability to find flaws. So what is our response to that? You know, one response is a regulatory one that says the NTIA should look at FirstNet and mandate that FirstNet deploy Project Glasswing and Mythos to find and fix all the flaws it can identify and hope that that happens faster than the bad guys can exploit them. The other way to look at it is to say, you know, Mythos identifies one class of flaws in the existing FirstNet infrastructure, and then there's a whole nother infrastructure that has a different set of flaws. And so we, we don't want to duplicate flaws. We want to, we want to have a multiplicity of service options. You, you pays your money, you takes your choices. I totally understand why Congress feels that it's sort of locked in to, to FirstNet as it's currently deployed. And I understand that transition costs are huge. That's why. That's why. Dare I ask, what email provider do you use?

C (14:10)

I use Gmail.

B (14:12)

You couldn't change from that for all the tea in China, even if you found a better, a better email provider, one that gave you better user interface, better security?

C (14:23)

Oh, absolutely not. I'm locked in.

B (14:25)

Absolutely. We are. A friend of mine, Bruce Schneer, once said we are like serfs, right? Locked into the technology of the lord manor house that we first signed up for. Yeah, I too am an Android Google user. And you know, the cost of me even thinking about changing to Apple are extreme. Even if I decided that Apple were better, which, yeah, I mean, I haven't said, and the same is 100% true of FirstNet and First Responder Telecommunications. We are locked in and the cost of transition are large. That doesn't mean that we shouldn't pay them. And the more mission critical it is, I think the more likely it is that we should pay them. If your Gmail goes down, you're just personally messed. I had a different word in mind and as it is the only one I can say on a public podcast. Likewise for me, if FirstNet goes down. Lord help us.

C (15:30)

I think it's interesting what you're saying in terms of, yes, there is a financial inconvenience that would come with transitioning or expanding the competition of service providers available for FirstNet. I also wonder how much external factors also had to do with keeping with at&t. For instance, you know, North America and America is set to host the 2026 FIFA World happening in, I mean, less than two months now in, in June. I wonder if that competition, if that international event wasn't happening on American soil, if they would have a little bit more Runway, a little bit more lead time, a little bit more buffer to kind of expand their options. But because there is an international event happening, you know, there's a lot of unrest in the world and there's going to be a lot of international tourists that are coming for this event. I wonder if that was a factor in their decision to just stick with what is tried and true rather than try and try something new and risk any type of emergencies that could happen. And during this event, what do you think?

B (16:37)

Well, you know, I mean, first off, I mean, the obvious A answer is I'm not a congressional mind reader, so I can't really speak to that. Well, the B answer is if they thought that, I'm not really impressed because of course any transition would have happened. You know, the Runway to the transition is a two year Runway. Nobody's saying that tomorrow we would have to switch on a second system. There would be a transition. You could time it out such that it didn't impact it to the extent that it might have transition impacts to happen after the World Cup. My third response is to think even less of it because of course America is always hosting something. 28 Olympics 2031. There's a rugby World cup coming. You probably don't know that, but I like rugby, so I do. So there's always. And then there's the 2028 elections and the 20. And then the. And then every year there's a wildfire season, tornado and a hurricane. Yeah, we get those every year. So if the persistence of the possibility of necessity, of use of this system is the reason for never changing, then we can never change. We're always going to be on the cusp of something happening and yeah, we're always going to be at risk of failure. Right? I mean, yeah, the flip of it is, God help us if this system goes down during the World cup next month or two months from now, like the outage in 24 or the Maui or the Maui Wildfire problem. This has been a system that is an extremely valuable one. I really don't want to be heard to say that FirstNet is a bad thing. It's a really good thing and it's a great thing that we've developed and it's the right thing to have, but it has not fulfilled the performance metrics that we conceptually have of it, of being available in the worst possible times. And so also, by the way, my sort of understanding is, and this I may be wrong, but I thought Verizon, who's one of AT&T's competitors, was the actual telecommunications provider for the World cup. So, so I don't even know how that interaction works, how your official telecommunications guy talks to your talk, talks to its competitors in a disaster.

C (18:54)

I mean, hopefully first night, it's the thing that, that bridges that, that gap. And I mean, obviously state and local governments have been preparing for well over a year for, for this event and have been, you know, communicating with their partners at, that all lines of communication are open, that they have been running tabletop exercises. I've been speaking to officials in Rhode island and in Kansas City, just officials, public safety officials across the country that are, you know, implementing new technology like, like drones or mobile command centers to be able to better integrate with, with other, with all of the people that are connected with this event. But I appreciate what you're saying because you're right. The US Is an international hub, whether it's for events, sporting events, whether it's political elections, whether it's natural disasters, which there's been an increased frequency of, there will always be a reason not to do something. And I think. Yeah, you highlighted it really, really beautifully. I like the way you said that. My other question for you is going back to oversight. Do you think the increased oversight by the NTIA is going to be a source of tension, especially for AT&T, who has operated, as you said, with very little oversight for the past few years? What do you think this, this new oversight will do to mission, performance or capability or even the relationship between the service provider and the federal government?

B (20:19)

Well, I mean, I guess I hope it is a source of tension, an appropriate level of tension. You know, oversight without tension is box checking. I mean, it needs independence. It needs to verify performance claims. It needs to examine waste and whether the money is being spent well. It needs enhanced financial transparency and allow greater investment in diversification of providers. Only the last is my monoculture point. The first three are if they don't create tension, if they don't look over their shoulders a little bit strongly, then they're not doing their job right. You know, nobody likes an inspector general, but we love having them because they're essential to creating whatever it is, you know, the fidelity of whatever it is we're doing, whether it's an agricultural program or a Medicare fraud program or this one, oversight is, is always a cost. You think it's a good cost.

A (21:23)

Thank you to Paul Rosenzweig for participating in that conversation. You can subscribe to the priorities podcast@priorities podcast.com and wherever you get your podcast. While you're there, be sure to leave a review or a rating on the podcast page. That small extra step helps more people like you find the show. This podcast is a production of Scoop News Group in Washington, D.C. adam Butler and Carlin Fisher put it together. Until next week, I'm Sophia Foxowell. Thanks for listening.