While the geopolitical contestation in emerging technologies will continue, the importance of strengthening policies towards network security cannot be ignored.
This article is part of the series — Tech in the New Decade.
The rollout of 5G networks and the question of choosing a reliable vendor has become one of the most contested debates in recent history. A range of economic, geopolitical, technological and security related factors are shaping global and domestic decisions on this question. The significance of this decision lies in the fact that 5G is crucial to developing fourth industrial revolution technologies and will be the backbone of critical information infrastructure across countries. As such, the network will process swathes of sensitive data for individuals, governments, and businesses alike. However, unlike previous generations, the technical features of 5G increase risk of vulnerabilities and cyber threats, which could prove damaging unless they are managed properly through complete supply chain security.
At the centre of the debate lies tech giant Huawei — a company well positioned to supply advanced and cost-effective 5G equipment but is regarded with suspicion because of its close ties with the Chinese government. Countries like the US, Australia and the UK have either banned or limited Huawei’s presence in their networks, citing risks of espionage and surveillance. While this may be the reason on paper, Washington’s stratagem is motivated by a growing distrust of Beijing and seeks to prevent China from gaining geopolitical heft by being the first mover of the technology.
While geopolitical factors cannot be ignored, these conversations have placed renewed emphasis on the importance of network and supply chain security. Since 5G will revolutionise digital applications, data will soon form the bedrock of the economy, which — in turn — will incentivise the collection of more data by public and private actors.
Data is recognised as a key resource for the twenty-first century, and safeguarding information and privacy has become intertwined with the national security strategies of countries. The landmark 2018 EU General Data Protection Regulation (GDPR) was a culmination of this sentiment, and this regulation is now encouraging entities to internalise privacy, security, and data protection norms.
As such, the risk that 5G infrastructure could be equipped with backdoors that could relay data to jurisdictions with weak privacy and data protection laws, is a troublesome one. To be sure, there has been no concrete evidence of backdoors in Huawei’s kit. However, the risk remains real given Washington’s own conduct in the recent past. The 2013 Edward Snowden leaks revealed how the National Security Agency (NSA) conducted surveillance activities by intercepting and hacking routers made by Cisco and other US manufacturers and loading them with backdoors.
However, a key distinction between the US and China would be the capacity of their respective judiciaries to address violations of privacy and data security. In the US, there are numerous laws to protect information and data — going as far back as the 1982 Electronic and Communications Privacy Act. In China, the right to privacy was not recognised until recently, via the 2009 Tort Liability Law. China is, however, making more efforts to strengthen data protection and recently published a draft Personal Data Protection Law for consultations in October 2020. However, these frameworks are new, and it remains to be seen how they would be implemented in practice. Will data protection be prioritised over and above China’s intelligence and espionage laws, which obligate Chinese enterprises to assist national authorities? This could be difficult, since China’s judiciary acts as an arm of the ruling government, unlike the US where the judiciary is an independent entity. Moreover, past practice also presents a bleak answer to this question. Much has been said about ‘the great firewall of China,’ which integrates government censorship and surveillance networks, while examples of surveillance operations in Xinjiang also reduce trust in China’s data protection regime.
Consequently, countries are introducing new laws and regulations that define network security and resilience requirements to protect the integrity, confidentiality, and network availability of 5G. Policy guidelines and recommendations propose diversifying supply chains to reduce dependence on one supplier and prescribe risk mitigation efforts to strengthen networks. There have also been efforts to coordinate such policies between countries, such as through the EU Cybersecurity toolbox, which prescribes a common set of risk mitigation efforts for EU member states.
5G is a revolutionary technology which will change how we work, communicate, and participate in society. While the geopolitical contestation in emerging technologies will continue, the importance of strengthening policies towards network security cannot be ignored. Since 5G is likely to spur the increasing ‘datafication’ of society, countries must recognise their responsibility to prioritise data and privacy protection and take measures to secure supply chains and strengthen telecom security standards.