Understanding The Cybersecurity Implications Of 5G For The Legal Sector
The term ‘5G’ has been buzzing around now for the last couple of years, and it is still to be widely rolled out and adopted.
For some, it may be seen simply as an iterative upgrade of mobile speed and capacity, but it is also being heralded as a technological game-changer. But for the legal sector, the implications are still to be fully understood. We predict that 5G may have significant consequences for law enforcement, data privacy, security, and even legal practice. But before we explore those in more depth, it is necessary to understand what 5G is, and why it is not just another iterative mobile infrastructure upgrade.
What is 5G, and why is it different from previous mobile upgrades?
5G (fifth generation) technology is being rolled out steadily across the UK, though not many individual consumers have made the switch as yet. At a technological level, 5G is operating on an entirely new radio frequency and aims to be between 10 and 20 times faster than existing 4G internet connectivity (possibly over one gigabit per second). Speed is one aspect, but reliability is another driving factor. The communications firms know that we are on the cusp of another technological wave – including the ‘Internet of Things’ (IoT), and they need to be capable of reliably servicing that demand. More and more devices will be connected to the internet, including sensors (think smart sensors in roads, streetlamps, home-based medical devices, industrial machines, in-home appliances, etc.). In turn, this will lead to vastly more data being collected by organisations and technology firms than ever before. 5G will also service a booming demand for existing digital technology such as video (including ultra-high-definition) and music. As such, the mobile network will become more and more vital to every aspect of our everyday life and will need to be capable of supporting hundreds of billions of devices simultaneously. In short, it will be a game-changer offering tremendous opportunities, but also introducing new risks and a new level of technological dependence.
5G can be thought of as the enabling technology that will make autonomous vehicles, real-time virtual reality, augmented reality technology, and remote robotic surgery, a reality; in other words, a ‘hyper-connected reality’.
EU preparing for law enforcement and judicial impact of 5G
The Council of the European Union drafted a paper in May 2019 alerting member states to the potential law enforcement and legal implications of 5G.
Due to the highly fragmented and virtualised architecture of 5G services, it will likely be more difficult for law enforcement and judicial authorities to collate information and data essential to legal cases. Lawful interception may be made impossible if end-to-end encryption is used, including encryption of the International Mobile Subscriber Identity (IMSI) – the unique number for each mobile device.
Another aspect is that at present, evidence can be requested from mobile service providers which may be material to an investigation or case. 5G will make this much harder as in an effort to make the network fast, providers are switching to a multi-access edge computing (MEC) model, whereby data is processed in decentralised cloud services in the vicinity of network users. This means that network providers, even if legally required to provide information, may not have access to it.
Furthermore, even if evidence can be acquired for judicial purposes, there is a real risk that it may be impossible to prove the source and its authenticity, such is the complexity of the underlying infrastructure.
The message from the EU is that the needs of law enforcement and judicial authorities need to be conveyed and worked through by partnering with the mobile technology companies.
Privacy Implications of 5G
As we have already established, the technology underpinning 5G may make it more difficult to determine where data is stored and processed. This, in turn, may lead to breaches of the GDPR without realising they have occurred. Consumers trust that their data is being used in a manner which is controlled and responsible, but what happens when IoT devices broadcast data on our activity without our knowledge (i.e. connected by design and by default)? The lines may also be blurred between data ‘controller’ and ‘processor’ given the highly dynamic nature of how data flowing via 5G networks will be handled. Given the massive ramp-up in data capture as a result of IoT, the potential for unintended GDPR breaches will be increased. However, it may be that end to end data encryption brings benefits for organisations and companies by making breaches less likely, and if they do occur, less damaging.
This article only covers some of the many opportunities that 5G will provide for the legal profession. There are many more. Legal practitioners will need to grapple with such issues as potential health claims which arise from 5G technology, data privacy cross-border disputes relating to 5G, technology service delivery contracts, licensing, and acquisition of 5G infrastructure sites. And if that doesn’t whet your appetite, consider this, according to the Thomson Reuters Legal Executive Institute , “five years from now, issues involving 5G have the potential to touch virtually every major legal practice area, including banking and finance to mergers and acquisitions, intellectual property, government, labour relations, international trade, and everything in between….though the ultimate social impact of this new technology is unclear, one thing is certain: 5G will generate a great deal of work for lawyers”. We are on the cusp of another great technological wave, but the law profession must prepare now for the cybersecurity and other legal implications their clients will face with the widespread adoption of 5G.