Like the Coronavirus, 5G Dementia seems to be spreading around Washington. The latest manifestation has appeared at the FCC — which is trying its best to make U.S. 5G infrastructure as insecure and primitive as possible. But first, an explanation of how 5G Dementia begins at the top and spreads in the U.S. capitol.
5G Dementia begins with “The Genius” who lounges around White House quarters and emits spontaneous tweets on whatever motivates him at the moment. Somehow, 5G came onto the radar — likely through a favorite television news show. Soon afterwards, someone at the same location dutifully turns the tweet into a Fact Sheet, and then an Executive Order. Then, everyone around town tries to figure how to best advantage themselves in a game of Pile-On. Inevitably, the low hanging fruit by the clueless minions turns to blaming the foreigners for perceived inadequacies or a faux race to win. That then leads to lobbyists trolling for 5G dollars.
The malady quickly spreads to the FCC — a mere 1.8 kilometers away — where they rummage around the regulatory closet for some cards to play in the game. The Commission has a big one — they control the use of radio spectrum, and that has created a multi mega-million dollar jackpot lobbying industry in Washington. It is great, however, for feeding the lobbying narrative of more spectrum brings some perceived 5G supremacy. The FCC also has two smaller cards — it allocates several billion dollars a year out of the Universal Service Fund (USF), and has authority under CALEA (Communications Assistance for Law Enforcement Act) to impose requirements on communication providers and vendors. CALEA is the 1994 law in the U.S. that requires communication providers and equipment suppliers to have the technical capacity to provide lawful interception (LI) of communications, and the handover of designated customer retained data (RD) to law enforcement pursuant to proper authorization — generally an authoritative warrant. It is a uniform requirement in basically every country in the world.
The “blame the foreigners” and “play-to-win faux races” gambits in Washington traditionally focus on whoever is perceived as ahead of the U.S. It has variously shifted from Europe to Asia over the decades. However, The Genius on high has ramped up jingoism and xenophobia to stratospheric levels and been taking aim at China to bully them into bilateral trade concessions. So, the FCC is now dutifully complying by playing two of its cards together — USF monies and CALEA.
In late November, the FCC on its own accord morphed an existing two-year-old rulemaking proceeding attempting to ban “designated” telecommunication equipment vendors from the U.S. market and compensating carriers with Universal Service Funds, into a CALEA proceeding, and proposed a new CALEA technical standard. As the Commission noted, it was “looking for a source of its [banning] authority,” and appeared to believe that CALEA for 5G was such a source.
The FCC proposed a very simplistic new “CALEA 5G standard.” It states that a U.S. provider of communication services “must certify…that it does not…use…equipment or services [including software] produced or provided by any company designated by the Commission.” The rule is found in Appendix B on page 67 of the FCC document. The rest of the information about CALEA is found in paragraphs 35-37 and 132.
The FCC rule covering the “designated company” part is found In Appendix A on page 66. It says that the Commission can “either sua sponte or in response to a petition from an outside party when a company poses a national security threat to the integrity of communications networks or the communications supply chain” deem any company as a national security threat within 31 days. It applies “to any and all equipment or services, including software, produced or provided by a covered company.” Once designated, the company is not only out of business in the U.S., but no communication provider within the FCC’s jurisdiction can use the company’s equipment, services, or software anywhere, domestically or overseas. Thus far, the only companies targeted for designation are “Huawei and ZTE, along with their subsidiaries, parents, and/or affiliates.” However, the new fast-track rule remains for others who get out of favour. There is legitimate concern about what the FCC is mindlessly doing here. The entire scheme is rather profound and draconian as well as patently unacceptable under longstanding public international law.
The FCC seriously perverts CALEA
Beginning with the least significant concern — the Commission is unlawfully weaponizing CALEA in a manner never intended. The FCC attempts to assert its authority based on Sec. 105 of the Act, which deals with the administrative process of implementing Lawful Interception (LI) and Retained Data (RD) production orders, combined with Sec. 107 authority dealing with technical requirements and standards when industry standards are deficient.
However, apparently unbeknownst to the FCC, rather significant work over the past six years amongst communication providers, vendors, and law enforcement agencies largely from Western nations were undertaken to develop an array of 5G CALEA technical standards to address the very concerns the FCC raises. The FCC has never participated in any known 5G CALEA industry technical work or forums, and its published documents in the proceeding display a rather astounding lack of understanding about 5G systems. Yet it not only ignores the existing industry standards, but it is also asserting its own CALEA standard that is essentially so vague and technically ludicrous as to be unimplementable.
Not only does the FCC fail to distinguish between the two fundamentally different and compartmentalized 5G provider categories — network and services — it requires those providers to certify that they don’t use equipment, services, or software provided by any company the FCC “designates” after 31-day proceedings. In a vast, autonomous, 5G ecosystem of global, extraterritorial, virtualized network architectures and services on demand — using constantly moving and changing equipment, services, software, users, and objects — it is not fathomable how anyone could even begin to undertake such a certification assessment. How would a 5G provider instantiate customer services to other countries or implement 5G home-routed roaming without using designated vendor equipment, services or software? Adding to the complications are the constantly evolving specifications that constitute the basis for 5G. Those specifications advance significantly almost every year with new releases — currently Rel. 15 and progressing rapidly toward Rel. 16. Work on Releases 17 and 18 have begun. The industry and government experts who develop the 5G CALEA standards are constantly working, and evolve them with each new 5G release.
So, the Commission in its self-assumed wisdom and interest in pleasing the tweeter in the White House has substituted its profoundly ill-informed technical requirements for those developed by a diverse set of specialists producing workable solutions over the past six years.
The U.S. ends up with a costly, seriously deficient, insecure 5G infrastructure
To make matters worse, neither the FCC nor any other Federal agency, have promulgated any 5G technical performance or security standards whatsoever for the infrastructure and services provided to the public. Beginning in the 1990s, the FCC began deferring entirely to industry collaborative bodies to develop those standards without any oversight or requirements other than CALEA. Indeed, they went further by essentially eliminating participation in the bodies by staff or analyzing ongoing developments. The belief was that the marketplace would magically sort out these matters and that the “internet economy” would somehow compensate for the deficiencies.
However, over the past several years, as the tectonic shift to 5G began to take place, a considerable array of companies and security agencies in countries throughout the world began to devote significant resources to develop and adopt by consensus, necessary 5G performance and risk mitigation specifications. Chinese vendors have been significantly engaged in that activity — among other things — to meet the extensive security requirements in their own domestic market as well as foreign ones.
Although several years ago, the FCC contemplated adopting 5G infrastructure security requirements, it was stopped by The Genius as part of his deregulatory mania. It is also a matter of record that the FCC has failed to participate in any 5G industry security technical activities, much less established any requirements except for the rather preposterous new CALEA and USF requirements. (See for example, the lack of FCC participation even in the online SA3 (5G security) meeting this week.) As a result, billions of USF monies will be parceled out to buy whatever “non-designated” vendor equipment, services, and software is available.
The only way to legitimately meet the new FCC CALEA 5G requirements would be for U.S. providers and their vendors to develop their own non-standard 5G specifications, at significantly increased prices, and build local 5G enclaves that consumed enormous overhead to constantly verify they were FCC CALEA compliant and not “using” any designated vendor equipment, software, and services for domestic or international communication. This would necessarily include customers connected to their networks as well. Ironically, those U.S. 5G enclaves could otherwise possess all manner of vulnerabilities and be at risk, as there are no other FCC security requirements in its rules.
The U.S. gets left out of the 5G global market
Although The Genius may be pleased, it’s not clear what benefit the U.S. public or industry get out of the FCC actions here. The allowable equipment, services, and software will be some weird U.S. version of 5G that is highly specialized for the U.S. domestic market, and probably proprietary. U.S. vendors and providers are already being scared off of participating in global industry standards activities by the Export Administration Regulations (EAR). It is also unclear how extraterritorial home routing roaming could be done, so it would be difficult or impossible for mobile users to roam into or out of the U.S. lest a compliant U.S. provider might invoke equipment, services, or software provided by a designated company. In some ways, it mirrors the new U.S. immigration restrictions and The Wall.
The isolated U.S. version of 5G will be significantly more costly, underperforming, less safe, less innovative, and lack global interoperability. U.S. vendors and service providers pursuing markets in other countries will likely be frozen out of some of them on the basis of reciprocity, or have to operate entirely from abroad in the local domestic markets. In short, the U.S. gets its own stone-age 5G, and its transnational providers get disadvantaged. However, the FCC can have pride in meeting the White House 5G xenophobic mandates to eliminate all touchpoints to anything from Chinese sources.
Of course, this story doesn’t stop with China. If The Genius gets angered with Europe, Korea, Japan or any other country and starts tweeting, there might be one of those FCC 31-day proceedings to designate their companies as well. What is ensuing here is basically a purposeful attack on the world’s 170-year-old system of public international law of telecommunication and the thousands of people who collaborate globally on the implementing norms and standards. It is being replaced with unilaterally asserted chaos.
Other sovereign nations are unlikely to accept this kind of behavior, and the shunning and retaliatory scenarios are not good. As a former FCC senior staff member, this kind of egregious behavior is dismaying and embarrassing. However, that is the way 5G Dementia goes in Washington these days, and will probably one day be historically explained.By Anthony Rutkowski, Principal, Netmagic Associates LLC – The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years