Would you rather a have crane collapse on you while strolling through a city or have your every move tracked by Big Brother?
That’s the type of painful data-privacy tradeoff individuals and companies could be making once more 5G networks are up and running — and connecting millions of connected devices with blazing speed and minimal latency. It’s also an exaggeration that the former head of the FCC’s public safety and homeland security bureau uses to drive home the significant data privacy risks posed by 5G technology. His point is that 5G offers numerous valuable benefits, including reductions in construction accidents thanks to real-time data about structural integrity, while giving rise to significant risks. Fifth generation (5G) software, for example, can map phones and other devices down to the centimeter and that precise location data could be ripe for abuse.
That former FCC official, David Simpson, is cited in a Wall Street Journal article whose headline warns that the “5G Race Could Leave Personal Privacy in the Dust.”
The key word in that warning is “could.” Whether or not those data privacy vulnerabilities come to fruition depends on how regulators, business leaders and trading partners address a number of tradeoffs and crucial questions, including:
- A federal law or (numerous) state-level data privacy regulations? As large telecommunications companies advance their 5G capabilities, some of them have promoted the need for the U.S. to adopt unified privacy standards as well as a federal data policy law. That approach would potentially mitigate privacy risks without imposing too great of a compliance burden on companies. Yet, political polarization and the COVID-19 pandemic have all but eliminated any chance of federal data privacy legislation becoming law in 2020. If that remains the case in 2021 and beyond, it’s a safe bet that more states will join California in enacting their own data privacy regulations. This splintered, unilateral approach would force many companies to comply with a tangle of different data privacy rules and requirements.
- Too much or too little oversight? If 5G data privacy standards and rules are too restrictive, those compliance burdens could hinder competition with 5G companies based in other countries, like China. Yet, if oversight is too lenient, it could open the door to cyberattacks that steal intellectual property, expose sensitive internal and external networking connections, segments and components, and of course – sensitive customer and employee data. Such exposures will certainly damage any organization’s reputation and could lead to financial peril.
- Now or later? Simpson who also co-wrote a report on 5G cybersecurity that Charlie Miller discusses here argues that it is more effective, cost-efficient and risk-intelligent to proactively address cybersecurity during the rollout and expansion of 5G networks than it will be to play catch-up after those networks are fully operational.
That type of forethought will resonate with data privacy experts and vendor risk management professionals who understand the value of assessing the risks attached to a new tool or relationship before engaging. Whether 5G privacy risks are addressed soon enough will depend on a number of factors, including how well those experts advocate for a proactive approach.