5g – Consumer Choice Center

How Estonia’s cybersecurity strategy can help the EU cope with China

Fred Roeder, a German health economist and the managing director of the Consumer Choice Center, proposes Estonia to lead the European Union to a coherent cybersecurity strategy in order to protect consumers and businesses not only from cyberattacks from Russia but also from potentially much larger attacks and espionage from China.

Within the past twelve years, Estonia has emerged as a leading nation in the field of cyber defence and security. The cyberattacks of 2007 made Tallinn much earlier aware of the massive threat of online attacks compared with its larger NATO allies.

Especially under EU commissioner, Andrus Ansip (nominated by Estonia, Ansip was the European Commissioner for Digital Economy and Society from 2014 until July 2019 – editor), Estonia has been a driving force behind the European Commission’s new cybersecurity agenda. Estonia now needs to lead the European Union to a coherent cybersecurity strategy in order to protect consumers and businesses not only from cyberattacks from Russia but also from potentially much larger attacks and espionage from China.

China’s backdoors

The adoption of Internet of Things solutions and the highly anticipated rollout of very fast 5G networks will make consumers’ privacy even more vulnerable. The recent events in Hong Kong and the Chinese Communist Party’s reluctance to keep its commitments towards the rule of law are reasons why we must heed caution.

Some governments and manufacturers tend to be mostly concerned about competitiveness through low prices, which is important for consumers. However, we also care about privacy and data security. Therefore, a smart policy response is needed that would incentivise market players to give enough weight to consumer data security in Europe, all the while achieving that goal without undue market distortions and limiting of consumer choice.

n more than just one instance, the Chinese leadership has put legal or extra-legal pressure on private firms to include so-called backdoors in their software or devices, which may be exploited either by government agents alone or with a manufacturer’s help. As a response to threats like this, countries like Australia and the US went so far as to ban the Chinese network equipment manufacturer, Huawei, from its 5G networks.

Pressure on non-European suppliers to adopt the security-by-design approach

While some governments see bans as the best way to protect national security and consumer privacy, we know there is no single silver bullet solution for safeguarding privacy and data security. A mix of solutions is needed, and this mix will likely change over time.

Healthy competition between legal jurisdictions and between private enterprises is the best mechanism for the discovery of the right tools. But those working on cybersecurity solutions should also consider consumer interests. Keeping new regulation technology-neutral, and thus not deciding by law which technological solution is best, allows an agile framework for consumer privacy.

The EU’s current legal rules, like the General Data Protection Regulation, for example, do not provide sufficient clarity regarding liability of network operators for privacy violations made possible by hardware vulnerabilities. Thus, a clear standard of supply chain security must be defined.

Emphasising liability rules for using or reselling software or devices with vulnerabilities would give those rules more teeth and thus incentivise telecommunications operators and others to think about their customers’ privacy during their procurement decisions. This should, in turn, put pressure on non-European suppliers to adopt the security-by-design approach and to take pains to show that they have done so.

Smart regulation needed to prevent autocratic governments from spying on us

In solving the problem of unclear and ineffective legal rules on data security, we must take into account that technical standards should be as technology neutral as possible. Manufacturers from countries that are under scrutiny – such as China – might want to provide purely open-source technology in order to rebuild trust in their products.

Instead, the rules should be focused on outcomes and be as general as possible while still providing sufficient guidance. These standards should be possible to identify and adopt not just by the biggest market players who can easily devote significant resources to regulatory compliance. A certification scheme must be thorough in order to minimise the risk of any backdoors or other critical vulnerabilities.

The debate around 5G reminds us how vulnerable consumers are in a technologically and politically complex world and that cyber threats originate usually in autocratic countries.

Therefore, smart regulation is needed in order to protect consumers from data breaches and to prevent autocratic governments from spying on us. By continuing the legacy of commissioner Ansip’s leadership and strengthening the liability of network operators for technological vulnerabilities, both consumer choice and privacy can be ensured. Blunt instruments like total bans based on country of origin or regulators picking the technological champions should be seen as measures of the last resort.

Originally published here

The Consumer Choice Center is the consumer advocacy group supporting lifestyle freedom, innovation, privacy, science, and consumer choice. The main policy areas we focus on are digital, mobility, lifestyle & consumer goods, and health & science.

The CCC represents consumers in over 100 countries across the globe. We closely monitor regulatory trends in Ottawa, Washington, Brussels, Geneva and other hotspots of regulation and inform and activate consumers to fight for #ConsumerChoice. Learn more at consumerchoicecenter.org.

5G et santé : le lobbying à travers les fake news

Veiller à la sécurité de tous, c’est bien… mais empêcher le progrès en se basant sur de fausses informations, cela nuit à tout le monde.

Chaque technologie engendre un certain degré de scepticisme. Que ce soit la découverte de l’électricité, l’invention du train, ou l’arrivée du micro-ondes dans notre équipement de cuisine, des voix critiques posent des questions importantes sur la sécurité.

Le réseau 5G n’y fait pas exception. Cependant, à un certain moment, il faut accepter les résultats scientifiques.

En tapant « 5G » et « santé » sur les moteurs de recherches, vous trouverez plusieurs articles qui ne pourront pas vous donner des réponses exactes sur les implications de santé du réseau, mais qui vous suggèrent plusieurs scénarios fatalistes.

En voici quelques exemples :

Déploiement de la 5G : les risques pour la santé sous-estimés ?

5G, risques pour la santé… et la météo

L’arrivée du 5G comporte d’importants risques pour la santé

La menace que la 5G pose à la santé humaine

Et si la 5G était nocive pour la santé?

UE : La course vers la 5G risque de laisser de côté le principe de précaution au détriment de la santé

Réseau 5G : la course au haut débit au détriment de notre santé ?

Téléphonie mobile : les vrais dangers de la 5G

Que faut-il savoir sur le rayonnement de type 5G ?

Le type de rayonnement impliqué dans les communications sans fil se situe dans la gamme des ondes radio, et ces ondes transportent beaucoup moins d’énergie que les rayonnements ionisants, comme les rayons X et les rayons cosmiques, qui peuvent briser les liaisons chimiques dans l’ADN et mener au cancer.

Aux Etats-Unis, la Commission fédérale des communications (FCC) réglemente le nombre d’ondes qu’on peut émettre. Le seul effet biologique connu qui existe concernant les radiofréquences est l’échauffement : la température de votre corps peut augmenter dans ces conditions.

En revanche, les limites existantes sont de telle nature qu’elles permettent d’éviter ce risque d’échauffement. Si l’on respecte les limites fixées par les réglementations actuelles, il n’y a aucune conséquence biologique.

Il faut également ajouter que les fréquences 5G sont différentes de ce qui est supposé dans les médias.

Les opposants à la technologie 5G affirment que les hautes fréquences de la technologie rendront les nouveaux téléphones et les tours de téléphonie cellulaire extraordinairement dangereux.

La vérité est exactement le contraire, comme l’expliquent les scientifiques. Plus la fréquence radio est élevée, moins elle pénètre la peau humaine, ce qui réduit l’exposition des organes internes du corps, y compris le cerveau.

A quoi bon les mythes contre la 5G, alors ?

D’un côté, nous avons le scepticisme général et régulier des écologistes anti-progrès et des conspirationnistes anti-corporatistes. Une telle opposition ne pourra jamais être réfutée au moyen de preuves scientifiques.

D’un autre côté, nous assistons au scepticisme de la population générale, organisé par des médiums différents, dont le site Russia Today (RT). Aux Etats-Unis, le New York Times explique que RT America inonde les réseaux sociaux de messages anti-5G. L’idée serait d’arrêter les progrès des Etats-Unis, au profit de la Russie.

Bien plus simplement, les désinformations sont souvent au profit de certaines entreprises en concurrence.

Nous l’avons bien vu dans la discussion sur la connectivité des automobiles – 5G contre wi-fi : les constructeurs faisaient assaut de lobbying à Bruxelles pour convaincre l’Union européenne de soutenir l’une ou l’autre.

En juillet, le gouvernement allemand a ainsi publié sa position sur la question de ces technologies futures. Il se prépare à soutenir l’utilisation de la technologie wi-fi pour relier les voitures connectées, arguant que la technologie 5G n’est pas encore assez mature pour livrer des résultats.

Le document publié par le gouvernement allemand affirme que « l’industrie doit se concentrer sur la technologie qui utilise des signaux à courte portée, à base de wi-fi ».

En réponse, certains constructeurs automobiles se sont prononcés en faveur de la position prise par le gouvernement allemand tandis que d’autres ont estimé que Berlin devrait plutôt soutenir la technologie 5G.

La bataille du lobbying se livre à travers des organes de communication classiques. A ce niveau, il faut tout d’abord établir une base de faits vérifiables, afin de discuter sur une base de connaissances égales.

Dans le cas de la 5G, ce débat sera crucial pour le futur technologique de l’Europe.

Publié à l’origine ici.

Public security must be a priority in Europe’s 5G rollout

A national assessment of the risks associated with the next generation of communications infrastructure is the first step toward an EU-wide cyber-security strategy.

The European Commission’s incoming president, Ursula von Der Leyen, will have a series of politically delicate hurdles to contend with in the field of cyber security when she assumes office on 1 November 2019.

Not least is the domain of 5G communications, where the EU has come under increased pressure from its American counterparts to adopt a hostile position against next-generation technologies emanating from Asia-based companies.

Following a Commission recommendation for a common EU approach to the security of 5G networks, member states have recently submitted national risk assessments that provide an overview of their most pressing concerns in the future development of 5G infrastructure. These will feed into the next phase, an EU-wide risk assessment to be completed by 1 October 2019, which the Commission says will be the first step toward implementing a real cyber-security strategy across the EU.

Is this so important for ordinary users and consumers? It’s not so long ago that we heard the news about vendors from illiberal countries being involved in scandals such as the backdoors in Vodafone Italia’s fibre network provided by Huawei. As we move to a society where connected devices are part of daily life, from smart lights to smart home locks to connected cars, the privacy and security of the network will be central to everyday life.

According to research by analysts Berg Insight, there were a total of 22.5 million smart homes in Europe at the end of 2017. This number is predicted to grow to 84 million homes by the end of 2022, representing a market penetration of 35 per cent. Add to this an estimated 45 million smart homes in the United States at the end of 2017.

Consumers want to be able to rely on their network provider to keep what happens inside their smart buildings private and stored securely. For this reason, security must be a defining feature of the standards and norms that govern the global ICT supply chain, as well as the individual pieces of software and hardware that businesses and consumers depend on. Inaction risks undermining the ability of businesses and individuals to exercise meaningful choice in critical 5G and other ICT products and services.

Some of the EU’s largest member states, including Germany and Italy, have used the auctions of spectrum licenses as a cash cow for their national budgets instead of seeing newly utilised frequencies as a gamechanger for consumer connectivity. This has led to the undesired consequence that many operators are cash-strapped and tend to go for cheaper and less trustworthy infrastructure providers. The result is a toxic reliance on very few suppliers, some of whom are accused of operating with questionable motives.

If the next Commission wants to successfully secure the digital ecosystem, it has to coordinate technical standards for interoperability, such as the more trustworthy open-source solutions, and promote an environment based on transparency and trust to make sure national governments will implement liability rules for operators and resellers of software and devices that expose consumers to the risk of malicious and illegal interference. This is the only way to protect consumers, promote innovation and foster safe digital lives for consumers.

Luca Bertoletti is senior European affairs manager at consumer advocacy group the Consumer Choice Center.

Originally published here

Im Kreuzfeuer: 5G, China, Sicherheit und Datenschutz

Schneller und billiger Rollout von 5G vs. Verbraucherschutz?

Nie war Mobilfunk so politisch wie heute. Während die EU-Kommission Vorschläge für ein abgestimmtes Vorgehen der EU zur Sicherheit von 5G-Netzen vorlegt, kritisiert das amerikanische Consumer Choice Center – nicht ohne Ironie -, dass man in der Datenschutzhochburg Europa bei 5G ausgerechnet auf Technologie aus einem Land (= China) setze, in dem der Datenschutz mit Füßen getreten werde.

Nach allerlei Winken mit dem sprichwörtlichen Zaunpfahl seitens der US-Regierung oder regierungsnaher Stellen setzt sich nun auch die liberale Lobbyorganisation Consumer Choice Center kritisch mit dem wachsenden Einfluss chinesischer Anbieter von Mobilfunktechnologie auf dem europäischen Markt auseinander.

Fred Roeder, ein studierter Ökonom, ist Managing Director des Consumer Choice Center in Arlington (Virginia). (Bild: Consumer Choice Center)

Für Fred Roeder, Geschäftsführer des Consumer Choice Center, sollte die Privatsphäre der Verbraucher in dieser Debatte an erster Stelle stehen. “5G bietet eine völlig neue Art der Konnektivität und verspricht enorme Vorteile für das Internet der Dinge. Dies wird begrüßt, aber gleichzeitig sollten sich die europäischen Verbraucher des potenziellen Gepäcks bewusst sein, das einige Infrastrukturanbieter mitbringen”, so Roeder.

“Während die EU eine der strengsten Datenschutzbestimmungen der Welt hat die DSGVO die Geschäftstätigkeit vieler gesetzestreuer Unternehmen in der EU erheblich erschwert hat, sollten wir uns Sorgen machen, dass Technologieunternehmen mit Sitz in Ländern ohne Rechtsstaatlichkeit ein potenzielles Datenschutzrisiko für Verbraucherdaten darstellen. Während ein schneller und billiger Rollout von 5G für einige ein großer Sprung nach vorne sein könnte, müssen wir sicherstellen, dass wir nicht in dunklere Zeiten zurückkehren, wenn es um den Datenschutz der Verbraucher in Europa geht”, erklärt Roeder.

Read more here

How to Protect Consumer Privacy and Data Security in the Age of 5G?

The Huawei Case: Backdoors, Telnet und ein Rauswurf

May 2, 2019
By lbertoletti
In 5G, China, Cybersecurity, Deutsch, Digital, Huawei, Recent Media
0 comments

Anfang der Woche nährte eine Meldung der Nachrichtenagentur Bloomberg erneut Zweifel hinsichtlich der “Zuverlässigkeit” des chinesischen Netzwerkausrüsters Huawei. So hatte der Mobilfunkbetreiber Vodafone gegenüber der Nachrichtenagentur Bloomberg bestätigt, dass man in Italien bei Huawei-Technologie verdächtige Schwachstellen – sogenannte Backdoors – gefunden habe, die Unbefugten einen Zugang zum Festnetz des Carriers in Italien hätten ermöglichen können.

Diagnosefunktion nach der Entwicklung der Systeme nicht entfernt?

Diese “Schwachstellen” seien laut Vodafone bereits 2011 entdeckt worden. Nun rudert der Telekom-Konzern zurück und bemüht sich um eine technische Klarstellung. So handele es sich bei der Hintertür, auf die sich Bloomberg beziehe, um das Telnet-Protokoll, das von vielen Anbietern in der Industrie zur Durchführung von Diagnosefunktionen verwendet werde. Dieses wäre aber nicht über das Internet zugänglich gewesen, so Vodafone.

Einschätzungen der in USA beheimateten Lobbyorganisation Consumer Choice Center zufolge belegt der jüngste Vorfall Risiken für mögliche Verletzungen des Verbraucherschutzes und mache zugleich deutlich, dass die derzeitigen gesetzlichen Vorschriften zum Schutz der Privatsphäre der Verbraucher im Zeitalter der 5G-Technologien unzureichend sind.

Luca Bertoletti, European Affairs Manager des Consumer Choice Center, sagte dazu: “Wir glauben nicht, dass das Verbot von Huawei-Technologie und der Beginn eines Handelskrieges mit China der richtige Weg ist. Vielmehr fordern wir, dass alle Gesetzgeber und Strafverfolgungsbehörden Maßnahmen ergreifen und Normen schaffen, die sich an der Sicherheitszertifizierung von Software und Geräten orientieren sollten (wie im “Cybersecurity Act” der EU vorgeschlagen). Wir sind der Meinung, dass eine starke Verschlüsselung und sichere Authentifizierungsmethoden ein wesentlicher Bestandteil der Bemühungen zum Schutz der Privatsphäre der Verbraucher sein sollten.”

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	past	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
__sharethis_cookie_test__	session	This cookie is set by ShareThis, to test whether the browser accepts cookies.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
__gads	1 year 24 days	This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_111177680_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 4 months 8 days 16 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
_tt_enable_cookie	1 year 24 days	Tiktok set this cookie to collect data about behaviour and activities on the website and to measure the effectiveness of the advertising.
_ttp	1 year 24 days	TikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
__gpi	1 year 24 days	No description
_gtm_session_start	1 hour	Description is currently not available.
_mailmunch_visitor_id	never	This cookie is set by MailMunch which is email collection and email marketing platform. We do not know the exact purpose of the cookie.
AnalyticsSyncHistory	1 month	No description
asp_transient_id	7 days	No description available.
GoogleAdServingTest	session	No description
li_gc	2 years	No description
mailmunch_second_pageview	never	This cookie is set by MailMunch which is email collection and email marketing platform. We do not know the exact purpose of the cookie.
raygun4js-userid	never	Description unavailable.
st_samesite	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

5g

How Estonia’s cybersecurity strategy can help the EU cope with China

China’s backdoors

Pressure on non-European suppliers to adopt the security-by-design approach

Smart regulation needed to prevent autocratic governments from spying on us

5G et santé : le lobbying à travers les fake news

Public security must be a priority in Europe’s 5G rollout

Im Kreuzfeuer: 5G, China, Sicherheit und Datenschutz

Schneller und billiger Rollout von 5G vs. Verbraucherschutz?

The Huawei Case: Backdoors, Telnet und ein Rauswurf

Diagnosefunktion nach der Entwicklung der Systeme nicht entfernt?

Fun Police

ConsEUmer Podcast

Consumer Choice Center Cast

Recent Posts

Follow us

Contact Info