Winning World War 5G
Last week, U.S forces fired another salvo in the global conflict that may one day be known as World War 5G. What looked like a simple trade war at first is now a full-blown cold war of sorts between two superpowers — the United States and China — vying for majority control of the worldwide mobile 5G technology market. If you didn’t know any better, you’d think they were fighting for economic might, with the promise of windfall profits going to the winner’s telecom sector. What’s really at stake, at least in the eyes of the combatants, however, is geo-political and national intelligence superiority.
World War 5G: What’s at Stake
It is widely believed that whoever wins WW5G will also have access to the data that traverses the infrastructure, wherever it is deployed. This concern has mostly been raised by the United States, who points to Chinese law that forces companies like Huawei and ZTE to cooperate with the Chinese government’s national surveillance and intelligence efforts. If valid, this provides the setting for a Trojan horse story of the grandest scale: billions of dollars of Chinese-built technology powering 5G networks throughout the free world, secretly siphoning data to Chinese intelligence agencies.
The implications of that kind of clandestine data access are staggering from a national security perspective. “Owning” the mobile network would leave one awash in device, user, and location data. It would provide the ability to eavesdrop on personal calls, business calls, calls between police and other emergency service personnel, and calls amongst government officials and military service personnel. It would also provide access to the Zettabytes of electronic communications data that is sure to flow once the big pipes of 5G are deployed.
5G Responses Across the Globe
The U.S. Department of Defense articulates these concerns well in a recently published 5G strategy document, which recognizes the challenge before them to “accelerate the development and deployment of 5G-enabled capabilities, while ensuring those systems — as well as those of our allies and partners — are robust, protected, resilient, and reliable.”
Security professionals see it as a supply chain issue. Or, more aptly in the case of 5G, a giant hairy mess of a supply chain issue. Most corporate security programs monitor for supply chain risk. Asking where you get x and if you can trust it is a smart question — whether x is a product or a service. What’s interesting to me is how this one snuck up on us.
Proliferation of Chinese tech is hardly a new phenomenon. Concerns over its trustworthiness is not new either. Just the other day, India banned 59 Chinese apps including TikTok, Help, and WeChat to, as stated by the Indian government in a press release on June 29, counter the threat posed by these applications to the country’s “sovereignty and security.” The ban cites a long history of privacy abuses in these apps and overarching concerns over state-sponsored surveillance activity.
Suddenly, a year or so ago, it occurred to everyone that China was about to corner the 5G market — which was not something we could just “turn off.” Why it was such a surprise I don’t know, but it wasn’t until 5G-capable phones were being released and countries were beginning to auction 5G spectrum and make long-term investments in 5G infrastructure that we seemed to recognize the risk. But here we are.
Mobile Network Security
The funny thing is, to a security guy like me, 5G or not — I assume that our mobile infrastructure is compromised. Not by China with a Trojan horse, but by the very design of the system. Our mobile networks are not end-to-end secure, which means our conversations, device, and user data are accessible to our respective service providers. Which means that data is accessible to anyone who can obtain it from the service provider, lawfully or unlawfully. So, it’s probably a smart bet that foreign intelligence agencies already have access to a good bit of our mobile data. Yes, I’m saying I believe they would do that. You can think I’m smart or think I’m paranoid.
That’s not to say we shouldn’t care who wins the war for 5G. It is simply to say that the wise global citizen shouldn’t care about the outcome much more than they care about who builds public WiFi or wired networking components. It’s all untrusted, when you get down to it. It’s up to us to recognize this and compensate by using the kinds of tools and strategies we at Wickr have been building and evangelizing for years, like zero trust, overlapping security controls, and end-to-end encryption, which can eliminate much of the risk posed by untrusted 5G networks and network components.
Where World War 5G Will Take Us
When the last shot is fired, I think it’s unlikely that any one country will control the world’s 5G infrastructure. I also think that could be a good thing, regardless of where you’re from or who you trust. At least that way there’s no false sense of security.
For now, the war continues, and the U.S. government continues to argue against Chinese 5G from the moral high ground. However, the U.S. government itself seems to be at a pivot point on the issue of domestic government surveillance, and there are several U.S. legislative efforts underway that threaten to force U.S. companies to defeat product security measures in order to facilitate government access to customer data.
Warning the world to reject Chinese 5G because it can’t be trusted while at the same time proposing surveillance measures of our own puts U.S. global standing at risk. Asking people to choose between the pot and the kettle is hardly an effective strategy for winning this war.
Originally published at https://wickr.com on July 7, 2020.