A tweet can reveal your location, an Apple Watch monitors your health, a grocery chain loyalty card allows the supermarket to track your purchases. All of this constitutes what Michael Chertoff describes as “digital exhaust”—data that we constantly and unconsciously emit. The challenge this poses is how to protect that data in an increasingly interconnected world.
Even as governments grapple with this challenge, “we also should consider the next generation of technology that is going to support the Internet—and that is 5G,” said Chertoff, who served as secretary of the US Department of Homeland Security from 2005 to 2009.
Chertoff spoke at the 8th annual International Conference on Cyber Engagement, co-hosted by the Atlantic Council’s Scowcroft Center for Strategy and Security in partnership with Dentons, PKO Bank Polski, and Texas A&M University in Washington on April 23.
The United States and China are in a race to build 5G networks, the next generation of wireless network that will enable faster data speeds and be used by self-driving cars and smart cities that rely on the Internet of Things.
On April 12, US President Donald J. Trump and the Federal Communications Commission unveiled several initiatives to accelerate 5G network deployment in the United States. “Secure 5G networks will absolutely be a vital link to America’s prosperity and national security in the 21st century,” Trump said.
Trump maintained: “The race to 5G is a race America must win, and it’s a race, frankly, that our great companies are now involved in.”
However, Chinese telecommunications firms, like Huawei, are poised to dominate this field because they offer inexpensive equipment for the 5G networks. US officials have warned that Huawei’s equipment could create a backdoor for the Chinese government to spy on US networks. But Huawei has repeatedly denied this claim.
Chertoff said the ability to compete globally will depend on having free and fair access to 5G infrastructure.
“Imagine a world in which international trade could not take place without paying a particular toll because one country controlled all the sea lanes and you could not transport items from one part of the globe to the other without getting permission,” he said. “That is, potentially, an issue you need to consider with 5G. Will there be a dominance by one country… in terms of controlling 5G or will we have healthy competition and will we have an agreement among multiple countries on the standards that ought to be in place so there is nobody who actually sets the standard for everybody else?”
In March, the European Commission offered guidelines on managing the risks associated with Chinese vendors, but rebuffed US efforts to ban Huawei and ZTE, another Chinese firm.
“We are poised for the next big revolution in infrastructure—that has to do with moving from 4G to 5G,” said Chertoff. “But how the rules of controlling that infrastructure are defined and who actually winds up occupying the commanding position in that infrastructure is going to determine a great deal about who is going to control the commanding heights for the next twenty to thirty to forty years of our global economy.”
Chertoff devoted a large part of his remarks to the protection of data.
“This is going to be one of the big challenges we face with cyber engagements: how do we come up with a set of rules on notice and control of data that at least appeal to a significant part of the world even if there will be some parts that don’t sign on,” he said.
He added: “And that brings us to the second challenge: how do we deal with the law, the policy, and the rules in a world where law is still a matter of individual sovereign nations, but the data is global and moves all over the world?”
“We see this tension increasingly with the issue of sovereignty coming into conflict with the idea of a seamless, globally available Internet,” said Chertoff.
Chertoff said that while for Americans the protection of freedom of speech is paramount, “the issue of how we reconcile sovereignty and the fundamental values that underline our sovereignty with the global nature of data is going to be a critical issue for how the cyber economy works in the future.”
“If we don’t get it right we are going to wind up with multiple Internets that are national or local in configuration and much of the economic value will have been dissipated,” he added.
Little Brothers and Sisters
Chertoff made the point that in many ways “the surveillance that we are beginning to see growing and growing in our daily lives is not being run by the government, it is being run by each other.”
“It’s as if there is not really a Big Brother, but we are all a lot of Little Brothers and Sisters surveilling ourselves and surveilling each other,” he said.
“Much of our personal security and our freedom depends on how this data is used… What’s more important than keeping it secret—and that ship has sailed—is what happens to the data and how is it used,” he added.
Chertoff contended that just as there are laws of armed conflict, there ought to be similar rules for cyber conflict.
Cisco’s Talos security group revealed on April 17 that a new campaign—“Sea Turtle”—has used DNS hijacking to target “at least forty different organizations across thirteen different countries” in the Middle East and North Africa.
“This is exactly the kind of conduct that we all need to band together to suppress and defend against,” said Chertoff.
“The time has come for government and industry leaders… to form a common bond about how we are going to roll out the new technologies and deal with the new data challenges in the 21st century,” Chertoff said, adding: “If you don’t pay attention, problems tend to sneak up on you. And Exhibit A are the experiences a number of countries have had with respect to election meddling over the last several years.”
The US intelligence community believes Russia meddled in the 2016 US election and attempted to do so in the 2018 midterms.
Ashish Kumar Sen is deputy director of communications, editorial, at the Atlantic Council. Follow him on Twitter @AshishSen.