An FBI spokesperson told me this month’s tweet was “a standard PSA-type post—nothing new” and that it stemmed from the FCC warning. “This was a general reminder for the American public to stay safe and diligent, especially while traveling.” They added: “I am sorry I can’t give you an answer that is more newsy.” When I asked an FCC spokesperson what the basis was for the agency to update its warning five days later, they said it was prompted by the Denver FBI tweet.

What this means is that state and federal authorities and hundreds of news outlets—none of them with any expertise in cybersecurity—have generated a continuous feedback loop. This vicious cycle has done little more than scare the public into eschewing charging stations when there’s wide consensus among security professionals that there’s no reason for anyone other than high-asset targets of nation-states to do so. //

Finally, besides there being no universal script that will work on hundreds or even dozens of different devices, the customized scripts are non-trivial to write. They require a high skill level and a huge amount of trial-and-error troubleshooting.

None of this is to say that people shouldn’t bring their own charging cord and wall plug when they’re out of the home or office. That is a best practice, but it's wrong to characterize it as a required practice. //

The problem with the warnings coming out of the FCC and FBI is that they divert attention away from bigger security threats, such as weak passwords and the failure to install security updates. They create unneeded anxiety and inconvenience that run the risk of people simply giving up trying to be secure.

As security researcher Kenn White recently wrote of the warnings on Mastodon: “What's the end goal here? Convince people who are down to 2 percent battery while traveling to never use modern public infrastructure? Come on. There are 20 things that threaten muggle endpoint security, and this isn't among them.”