Thoughts on encryption legislation – and the real ‘link’ between 5G and coronavirus

Thoughts on encryption legislation – and the real ‘link’ between 5G and coronavirus
Bill Mew is CEO of cyber crisis management firm CrisisTeam.co.uk. He is a former member of the global leadership team for IBM Financial Services Sector and former Cloud Strategist for top UK cloud player and government sector market leader UKCloud. Bill is also a leading global advocate for digital ethics and striking the right balance between meaningful protection (privacy, security) and maximising economic and social value (digital transformation, cloud, smart cities). Not only is he the top global social influencer for high profile topics such as privacy, but he also appears regularly on international broadcast TV and radio as an expert on digital ethics, data privacy, social media regulation and digital transformation – having more broadcast airtime than any other UK technologist.

Opinion Conspiracy theories are nothing new, but the recent one that blamed the rollout of 5G networks for the spread of Covid-19 is one of the more bizarre examples in recent memory. Not only is it very obviously untrue to anyone that understands either the technology or virology, but there is also little real correlation. New Zealand which was one of the first countries to declare itself virus-free is accelerating its current 5G rollout while Brazil and the USA which have seen the highest death rates are not among the leaders in 5G adoption.

However, there are other parallels and lessons that could be learned here. Firstly, around following the science rather than political agendas and secondly around protection – not only from radiation, but also from malware and snooping.

Follow the science

Many political leaders across the globe have claimed that their response to the pandemic has been led by the science. Unfortunately, there are many different ways of interpreting the science and also still many unknowns. Consequently, politicians have used the science to back their own agendas, at times arguing either in favour or against the use of face masks, lockdowns and testing depending on how well prepared they were or how much they were willing to admit to earlier mistakes. Populist leaders in particular have not fared well during the pandemic, being more prone to grandstanding than accepting the best scientific advice.

Similarly, with 5G, there are undeniable technological and economic advantages from having collaboration in the market to drive innovation and interoperability, as well as from having a level competitive playing field to ensure choice and value for money. Unfortunately, a populist agenda in the US to scapegoat certain Chinese players as part of a trade war has had a massively negative impact on the entire 5G rollout. The irony is that while nobody has yet found any backdoors in the Chinese equipment, the US Congress is currently seeking to pass a bill that would force companies to include backdoors in all encryption, showing that the US is actually doing what it want us to believe that the Chinese might be doing. The US arsonist is too busy shouting at the Chinese to stop playing with matches to spot the irony here.

Protection

The issue of PPE (masks, gowns, gloves) during the pandemic has shown us how important protection is. Firstly, it can be shown beyond doubt that in radiation terms 5G is far safer than previous generations of mobile communications, just as 4G was safer than 3G. Our ability to communicate more efficiently, increasing performance as we reducing power consumption, has been as effective for mobile communications as it has been for microprocessors (see Moore’s Law) and many other areas of technology.

Secondly, if encryption can be maintained then 5G is also more secure than previous generations of mobile technology. 5G uses encryption to provide anti-tracking and spoofing features that make it harder to track and manipulate individual device connections. 5G is also a much more software and cloud-based than previous wireless network technologies, which will allow for better monitoring to spot potential threats. It also allows operators to use “network slicing” to segment the system in numerous virtual networks, each of which can be managed and customized separately. This means that different “slices” can have different protections set up for specific types of devices.

At a time when the variety and sophistication of cyber threats is not only at an all-time high, but is also on the increase, we cannot afford either to drop our level of vigilance or to create any unnecessary vulnerabilities.

Patching vulnerabilities is a fulltime job for all technology vendors, the race to find and patch flaws is one that we need to win every time, while the cybercriminals only need to win occasionally. Independent scrutiny can be of benefit here. Many vendors offer bug bounties and Huawei has put its equipment forward for additional testing by labs based in the UK and elsewhere.

Almost all the 5G security is built on encryption. The problem about creating backdoors in this encryption is that you create additional associated vulnerabilities as well as governance issues. It is a bit like having a particularly virulent strain of smallpox held in a secure lab that if it escaped would instantly infect everyone. You would want to be sure that the lab was really secure and that those that held it were trustworthy.

Unfortunately, the proposed congressional bill would put the keys to the encryption backdoors in the hands of an administration that is unashamedly ‘America First’ and does not feel obliged either to abide by international treaties or to cooperate with global institutions (such as the WHO) and an intelligence community that has already allowed its own hacking tools to be stolen and that has also already shown that it is neither open or honest about its use of encryption backdoors. Not only would governance issues be of concern to almost all other nations, but it would also be probably only a matter of time before criminals obtained access to the backdoors, thereby undermining everyone’s security.

My point of view

The congressional encryption bill, while a well-intentioned initiative by politicians who do not understand the technological consequences, is a far greater threat to our collective security (over 5G and all other technologies) than the vendor that the US administration is currently seeking to scapegoat.

We need to be focusing on bug bounties and enhanced testing of equipment from all vendors, as well as global collaboration to patch vulnerabilities and counter the real threats, rather than creating back doors that would open up what could be calamitous new vulnerabilities.

After all, if you are not confident in the security of Huawei equipment then in a competitive market you have alternative vendors to choose from. However, if the back doors mandated by congress are universal then you may not have another choice and you certainly don’t have any choice in terms governance – keys to the backdoors are controlled by the US government and its intelligence services alone (not the UN or your own government), until that is they fall into the hands of cybercriminals.

Given the mess that the current US administration has made over coronavirus, are we confident that they can be trusted with the keys to encryption backdoors for all our data – either to use them responsibly or to keep them safe?

I am not in favour of backdoors at all, as they create new vulnerabilities. If, however, they are a political necessity, then maybe every member of the UN should nominate a country CTO and this group should be collectively responsible not only for holding the encryption keys, but also for collaborating on an international basis to address the growing cyber threat (especially from rogue nations).

Editor’s note: Bill works with a number of global vendors and accepts paid commissions from them, including Huawei; however, he has requested for us to point out that he is paid for his time and not his opinions – therefore the opinions expressed in this and other articles are entirely his own.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *