Why 5G is a huge future threat to privacy

Posted on May 18, 2019 by Glyn Moody

The next-generation of mobile communications, 5G, is currently a hot topic in two very different domains: technology – and politics. The latter is because of President Trump’s attempts to shut the Chinese telecoms giant Huawei out of Western procurement projects. That might work in the US, but the move is meeting a lot of resistance in Europe.

There seem to be two primary concerns about allowing Chinese companies to build the new 5G infrastructure. One is a fear that it will help China consolidate its position as the leading nation in 5G technologies, and that it could come to be the dominant supplier of 5G hardware and software around the world. The other is more directly relevant to this blog: a worry that if Chinese companies install key elements of 5G systems, they will be able to spy on all the traffic passing through them. As the South China Morning Post reports, in an attempt to soothe those fears, Huawei has even promised to sign “no-spy agreements with governments“. That’s a rather ridiculous suggestion – as if signing an agreement would prevent Chinese intelligence agencies from using Huawei equipment for surveillance if they could. The same news item includes details about the concerns of Christopher Krebs, director of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency:

First, Krebs said, “the quality of the engineering is not great, and so there are a number of vulnerabilities that are left open on the box, so China and other capable actors – Russia, Iran, North Korea – could exploit the vulnerabilities”.

The second threat, he said, was the lack of oversight concerning Huawei’s roll-out of updates.

“The third is, the way they manage this equipment tends to be by shipping out Chinese nationals to the host country for hands-on [maintenance], so you have a physical, insider threat as well,” he added.

Those are all valid points, but they apply equally to many products from Western companies. One approach is to ensure that traffic is properly encrypted before it even gets to touch the 5G infrastructure, which should always be assumed to be insecure. Concerns about hardware vulnerabilities are yet another argument for implementing end-to-end encryption everywhere. That’s by no means a panacea – even encrypted streams can leak information – but it’s a necessary first step.

The political discussions may be loud, but the technical ones are richer. They are concerned with how to make 5G happen, and what exactly it will be used for. The roll out of the technology often seems driven by telecoms companies that need to convince people to buy new smartphones and subscribe to new services. One of the top standards bodies, ETSI, has a useful summary of the problems 5G seeks to address:

Mobile data traffic is rising rapidly, mostly due to video streaming.

With multiple devices, each user has a growing number of connections.

Internet of Things will require networks that must handle billions more devices.

With a growing number of mobiles and increased data traffic both mobiles and networks need to increase energy efficiency.

Network operators are under pressure to reduce operational expenditure, as users get used to flat rate tariffs and don’t wish to pay more.

The mobile communication technology can enable new uses cases (e.g. for ultra-low latency or high reliability cases) and new applications for the industry, opening up new revenue streams also for operators.

What’s fascinating about that breakdown is the potentially massive impact all of those elements will have on privacy.

5G is designed to cope with the increase in data traffic that video streaming is causing. That’s mainly about end users downloading and watching video streams on their handheld devices. But once 5G is in place, it will also be perfect for live-streaming uploads – using smartphones to show what is happening around you in real time. Although there are lots of valid reasons why users may want to do that, there are clearly privacy implications for the people that appear – perhaps unknowingly – in those live streams. As more people engage in this kind of continuous life-streaming activity, so privacy will become harder to preserve.

5G is also specifically engineered to be able to cope with more connections, not least from “billions of Internet of Things devices”. Indeed, the availability of fast, wireless connections everywhere is likely to see even more IoT devices – often with microphones and videocameras – dotted around our homes, offices, public buildings, streets, cars, public transport etc. But as this blog has pointed out several times, while IoT may be convenient and clever, it too often turns into surveillance. The increased energy efficiency that 5G will bring means that devices can be left on all the time, with few worries about wasting electricity or being penalized because of high data usage. Similarly, low-energy requirements mean that devices can run off long-lasting batteries, allowing IoT/surveillance devices to be installed in many new locations, possibly quite remote, with no need for wired connections.

5G has the potential to enrich the experience of using mobile devices. But equally, the “new applications for the industry, opening up new revenue streams” could easily turn into new ways of undermining our privacy. In this sense, the concerns about Chinese companies dominating the world of 5G are justified. Surveillance in China is ubiquitous, and companies operating there will have no qualms about exploiting the potential for 5G to make it even more unavoidable and intrusive, just as they have with CCTV cameras. The danger comes not just from Chinese companies. The risk is that Western companies will argue that they must follow suit in developing ever-more intrusive products and services with surveillance at their heart, or be left behind in the great 5G race that is underway.

Featured image by Kārlis Dambrāns.